Date: Wed, 22 Mar 2006 10:14:32 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: Kenyon Ralph <kralph@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: encrypted drives Message-ID: <44211578.8050600@locolomo.org> In-Reply-To: <13d4d6bb0603220051x49fdb302v32bc501a81cb9a99@mail.gmail.com> References: <44210DFC.6000308@locolomo.org> <13d4d6bb0603220051x49fdb302v32bc501a81cb9a99@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kenyon Ralph wrote: > On 3/22/06, Erik Norgaard <norgaard@locolomo.org> wrote: >> 2) One thing is to create an entire encrypted device for /home. But that >> have the unfortunate consequence that other user's data is unencrypted >> once the system is up. >> >> What would be more appropriate is a solution where each home-dir is an >> encrypted mfs which is decrypted and mounted when the user log in, is >> this possible? > > I think this is exactly what Mac OS X does with its FileVault feature. I was just reading this column by Kelly Martin http://www.securityfocus.com/columnists/393 when I wrote this, but the FreeBSD solution may not be so simple as the OSX. Now, the FileVault according to the article encrypts the entire home partition which is fine for single user laptops, but on multiuser systems, each home directory should be distinct encrypted partitions in order not to disclose data to other users. In this case, you would also like the ability to dynamically grow the filesystem when more space is needed, unless ofcourse you simply say, that's the hard quota limit. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44211578.8050600>