On Monday 02 January 2012 11:49:11 Florian Philipp wrote: > Am 02.01.2012 09:07, schrieb Stéphane Guedon: > > Hi all > > > > I may ask something already discussed, but I can't find any good > > documentation. I am wondering of how to secure my home repository on my > > laptop. I am thinking of cryptography and other things (the password > > uncrypt the repository and allows to read files...). > > > > What tool to use for ? Anybody knows a good doc (in french would be > > really good) ? > > > > I am not really paranoïd, but I work now in a quite important > > environnement and want any data I get out to be secured... > > I recommend dm-crypt (a.k.a. cryptsetup-luks). It encrypts the block > device under the actual file system. Gentoo wiki has some tutorials on > it (although you don't need much of it): [1] [2] > > If you only want to encrypt your home partition, you only need to follow > these steps: > > 1. Create an encrypted partition (see `man cryptsetup`) > 2. Move /home/* over to it (don't forget backup) > 3. Configure /etc/conf.d/dmcrypt > 4. Add /etc/init.d/dmcrypt to boot runlevel > > Then the init script will ask you for the password at boot. dm-crypt > allows multiple passwords per partition so that different users can have > different passwords. > > The alternative to the dmcrypt init script is to use sys-auth/pam_mount. > It allows you to use the login password to automatically decrypt a > partition and mount it as /home/$user. [2] has a section about it. > However, this breaks easily and is pretty hard to administrate if you > have no experience with dm-crypt and pam. I recommend the first solution. > > [1] > http://en.gentoo-wiki.com/wiki/SECURITY_System_Encryption_DM-Crypt_with_LUK > S [2] http://en.gentoo-wiki.com/wiki/DM-Crypt > > Regards, > Florian Philipp
Is this solution (the first one) easily integrated into some environnement (kde) ? I don't want to have numerous password (one for decrypt, one other to open the desktop session as usual...), plus my wife would argue with some reason I am always hacking the computer whereas we are just using it to look movies... (she uses the computer also, but in a much more used way, so any solution has to be comfortable to her too !) -- Stéphane Guedon http://www.22decembre.eu/ http://lectures.22decembre.eu/ carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf
signature.asc
Description: This is a digitally signed message part.