Hello Peter, dmcrypt works perfectly without initrd as long as you do not encrypt the root filesystem.
So for encrypted home directories, you can just create and use a LUKS volume with dmcrypt (AFAIK the fastest and easy-to-use way). Regarding other techniques like gpg or truecrypt, you should keep in mind, that dmcrypt works directly in the kernelspace, so it may be a lot faster with the same encryption strength (but it don't know any benchmark about that). Regards, Felix Am 30.11.2011 16:40, schrieb czernitko: > Hello, thanks for your response, Neil! > As for dmcrypt usage, what do you think about truecrypt or pgp whole > disk encryption as alternatives to dmcrypt? > I would like to have only one partition with all home directories on > it, and I would like to avoid usage of initrd as I don't use it now > and I would like to keep it that way if possible. > > Peter > > > 2011/11/30 Neil Bothwick <n...@digimed.co.uk <mailto:n...@digimed.co.uk>> > > On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote: > > > I would like to set up an encrypted partition for my /home > directories > > on Gentoo Hardened. Which approach do you recommend? > > Do you want a single encrypted filesystem, or separately encrypted > home > directories for each user. for the former, emerge cryptsetup, use > it to > create the encrypted block device and set it up in > /etc/conf.d/dmcrypt. > > For individually encrypted home directories, using ecryptfs on top > of a > standard filesystem, as used by Ubuntu, is probably the best way. > > > -- > Neil Bothwick > > "You want us to do WHAT?" - Ancient Chinese wall engineer. > >
