[Novalug] Filesystem encryption thoughts

Mike H dawd13r@gmail.com
Thu Aug 2 17:18:07 EDT 2007


Thanks for the replies!

Like Kyle, I took the dm_crypt with LUKS route and haven't noticed any lag
in playing back movie files either.  However, I am also encrypting my swap
partition and have noticed a lot longer OS boot time.

I figured to encrypt my media files b/c if my laptop does get stolen, the
thief won't have the pleasure of enjoying my machine's contents.

I agree that /tmp and /var/log should be encrypted as well and will try to
do that next if I can.

I also wanted to mention that I decided not to include my virtual machines
in my encrypted filesystem concerned about a possible performance hit.

On 8/1/07, Mark Smith <mark@winksmith.com> wrote:
>
> you can, of course argue that position.  i might have done the same
> thing 10 years ago.  i'm more pragmatic now.
>
> in fact, /tmp and /var/log are better candidates than movies and
> pictures in my humble opinion.
>
> i'm actually a little surprised that MAC (multi-level) protections
> didn't take hold any better.  i did a lot of work on that a few
> years ago.  that kind of protection might have done a better job
> at protecting without the overhead of encryption.
>
> it all depends upon what the data is.
>
> On Wed, Aug 01, 2007 at 05:23:26AM +0000, Paul M. wrote:
> > I would argue that you should be encrypting everything. Some things,
> > like /tmp and /var/log, should be encrypted too.
> > -Paul
> >
> > On 8/1/07, Mark Smith <mark@winksmith.com> wrote:
> > > On Tue, Jul 31, 2007 at 11:22:34AM -0400, Mike H wrote:
> > > > I wanted to know ppl's experiences with filesystem encryption on
> linux: good
> > > > and bad.  I am looking into encrypting my swap partition and my home
> > > > partition, but not my root partition on my brand new
> laptop.  However, I am
> > > > concerned about increased data transfer latency.  Will my multimedia
> files
> > > > i.e. movies and music be laggy when played back from an encrypted
> partition?
> > >
> > > movies/music probably don't need to be encrypted.  have you considered
> > > partitioning your data into needing security v.s. not needing
> > > security?
>
> --
> Mark Smith
> mark@winksmith.com
> mark at tux dot org
> nova-instructor at tux dot org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20070802/90cf650b/attachment.htm>


More information about the Novalug mailing list