Announcement

Collapse
No announcement yet.

encrypted /home partition disaster

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    encrypted /home partition disaster

    In an effort to improve my security profile, I decided to encrypt the /home partition on a couple of my computers. Sadly, it's not been going well. First, the attempt to encrypt the existing /home partitions, using ecryptfs, failed to go to normal EOJ on both boxes, and attempts to recover from the automatic backup resulted in a failure to boot. So, in both cases I installed the OS anew, and created an encrypted /home using the ISO.

    But....I have several large directory which see intensive use. Attempts to copy them from one of my other computers - with an unencrypted /home - resulted in all sorts of copy errors - refusals to deal with file names that were "too long", and so forth. I tried two different USB hard drives to transport the copies, and the copy function in the Krusader filesystem viewer in comparision to rsync -r {source} {target}. I kept getting errors. I now have two unusable computers, since I can't get these directories copied.

    Is there a known problem with the encryption routine that comes with Ubuntu/Kubuntu? In all these failures that's the only constant.

    At this point I see no alternative to reloading the OS yet again, and creating standard, unencrypted /home partitions. This is very disappointing.

    Any suggestions?

    #2
    I think the mechansim of using LUKS and EcryptFS is overly complicated and has way too many moving parts. I'd encourage you to investigate EncFS instead. Rather than allocating a fixed number of encrypted blocks, EncFS creates a stacked file system, completely in user space, that grows as needed and can be used to contain only the stuff you need to keep private. It's simpler, easier to manage, and less brittle.

    Comment


      #3
      Interesting. Thanks for the information. I knew nothing of EncFS. I've been using Truecrypt quite successfully, and it appeared to offer more options and quite possibly better security than anything else I've yet seen, when I installed it.

      EncFS does indeed look superior in some important ways to the default KB encryption routines. I note this, however, in the Wikipedia article on EncFS (normally I avoid Wikipedia like the plague, but in this case it appears to be helpful - if the information is correct!):

      There are some drawbacks to using EncFS.
      • EncFS volumes cannot be formatted with an arbitrary filesystem. They share the same features and restrictions as the filesystem containing the source directory.
      • Anyone having access to the source directory is able to see how many files are in the encrypted filesystem, what permissions they have, their approximate size, and the last time they were accessed or modified.
      The second drawback is a deal breaker. Truecrypt has ways of avoiding both problems, but especially the second.

      If you have any more thoughts on all this I'd definitely be interested!

      Comment

      Working...
      X