LeRoy Cressy on 2 Oct 2008 08:43:49 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] eeePC partitioning suggestions

Hash: SHA256

Art Alexion wrote:

>> You are encrypting /home, I hope?
> I hadn't thought about it, but it's a good idea.  We've had people break LCDs 
> and lose chargers, but have been lucky so far about losing the laptop itself.  
> We don't have much in terms of trade secrets, but some people have a lot of 
> HIPPA protected stuff.
> These are not technical users.  Encryption suggestions that won't freak them 
> out?
I would encrypt both the swap and the home partition.  On system boot
the system will prompt for a password for each.  Since these are non
tech type people, I would make the passwords the same for both and also
something easy for your non tech people.

When I encrypted my laptop the /etc/fstab changed to:
#/dev/hda5       /home          ext3    defaults        0       2
/dev/mapper/home /home          ext3    defaults        0       3
#/dev/hda2       none            swap    sw              0       0
/dev/mapper/swap none           swap    sw              0       0

One of the tools that you might consider is cryptmount

Here is the Debian description:

Description: Management and user-mode mounting of encrypted file systems
 cryptmount is a utility for creating encrypted filesystems & swap
 and which allows an ordinary user to mount/unmount filing systems
 without requiring superuser privileges.
 It offers the following features (for 2.6-series Linux kernels):
    * easy and safe on-demand access to filesystems without su/sudo;
    * access passwords can be changed easily without involving the
    * filesystems can reside on raw disk partitions or ordinary files;
    * multiple filesystems can be stored in a single disk partition;
    * includes support for encrypted swap partitions;
    * temporary filesystems can be setup via command-line,
      for use in shell-scripts;
    * encrypted filesystems can be initialized at boot-up or on demand;
    * transparent configuration of dm-crypt & loopback devices during
    * encrypted access keys are compatible with OpenSSL and can be
      stored separately on removable media (e.g. USB flash disks).
Tag: admin::filesystem, role::program, scope::application,
security::cryptography, security::privacy, works-with::file

- --
 Rev. LeRoy D. Cressy  mailto:leroy@lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug