Encrypt partition or via loopback device?

batistuta · Veteran Joined: 29 Jul 2005 Posts: 1384 Location: Aachen

I want to encrypt my home partition and I'd like som opinions on whether I should encrypt the whole /home partition or do it via a loopback device. Is there any performance difference? Does any method allow an increase or decrease of the size of the partition after?

Any thoughts are welcome. Thanks

batistuta · Veteran Joined: 29 Jul 2005 Posts: 1384 Location: Aachen

Just came to my mind, that with an encrypted loopback device, it is quite easy to do a backup and that it remains encrypted. Is it possible to easily make a backup when an entire partition is encypted, but in such a way that the information remains encrypted? :roll:

batistuta · Veteran Joined: 29 Jul 2005 Posts: 1384 Location: Aachen

since no one has replied, I'd like to change rephrase the question: those who are encrypting their home partitions. How are you doing it: via a loopback device, or the whole partition?

snIP3r · l33t Joined: 21 May 2004 Posts: 853 Location: germany

hi!

i found a howto about your problem here:

http://gentoo-wiki.com/HOWTO_Encrypt_Your_Home_Directory_Using_CFS

but i also remember another one...

will search for the link and post it...

HTH

snIP3r
_________________
Intel i3-4130T on ASUS P9D-X
Kernel 5.15.88-gentoo SMP
-----------------------------------------------
if your problem is fixed please add something like [solved] to the topic!

snIP3r · l33t Joined: 21 May 2004 Posts: 853 Location: germany

... found it

its for debian but the same for gentoo...

http://deb.riseup.net/storage/encryption/dmcrypt/

here's a method described how to encrypt /home with dm crypt.

HTH

snIPer

p.s. i do not yet encrypt my home but other (whole) partitions with the method described on this page.
_________________
Intel i3-4130T on ASUS P9D-X
Kernel 5.15.88-gentoo SMP
-----------------------------------------------
if your problem is fixed please add something like [solved] to the topic!

adsmith · Veteran Joined: 26 Sep 2004 Posts: 1386 Location: NC, USA

encfs (goes with FUSE) is another neat option, but I'm not sure it's mature enough yet to trust it with your life's work.

batistuta · Veteran Joined: 29 Jul 2005 Posts: 1384 Location: Aachen

dmcrypt is what I've had in mind. But as the document suggests, it can be done for a whole partition or using a looback device. And I still haven't made up my mind on what is better :roll:

lizard3k · n00b Joined: 07 Jan 2005 Posts: 7

Do not, I repeat do NOT use encfs, at least not version less than or equal to 1.2.5.1

It caused instability with my system several times, although I didn't put two and two together to realize that encfs was causing it until today when it corrupted reiserfs and I had to manually search through 400 files in my l+f dir. It corrupted every file I had encrypted and removed a good portion of my root user's home directory as well.

Don't get me wrong, it is a clever program, but it has some problems. I should mention I am running amd64, so that may have had something to do with it.

dpetka2001 · l33t Joined: 04 Mar 2005 Posts: 804

please bare my ignorance but what do you mean by "via a loopback device" ?? thanks in advance...

DNAspark99 · Guru Joined: 03 Sep 2004 Posts: 321

on my old laptop, I used a loopback device (cryptoloop) and pam-mount, so the encrypted volume (~/) was user specific, with a seperate key kept on a USB drive. Encrypting the whole partition is fine, but if it mounts all of '/home' for one user, doesn't it decrypt every other user homedir as well?

and yea, the other benefit to using loopback would be quick, easy, 1-file backups