Hacker News new | past | comments | ask | show | jobs | submit login

Unfortunately, the amount of time I spend running/breaking the development version of Ubuntu prohibits full disk encryption, but I do have /home encrypted. Is that "good enough"?



That's what I intend to do the next opportunity I get. Your swap space could still leak confidential information, though.


I'm willing to risk that since I rarely use any of my swap.


You can and should encrypt your partition, since your home key might end up there.

https://help.ubuntu.com/community/EncryptedFilesystems

If you want hibernate to work you can use uswsusp for example: https://we.riseup.net/debian/encrypted-swap

Sleep always works, but as mentioned above, your key will be in memory...


Interesting.... I think i'll stick with user directory encryption, but thanks for those links.


Well, I use /home with luks on some machines and user directory (encfs) on others, but have all of them with swap encrypted or no swap partition at all.

Since the keys/other private info might leak there, you are not doing it right, unless you have sysctl swappness level set to 0.

Not only that, /tmp and other temporary directories might also be another leaky place...


It's not reliable. Think /tmp (deleted temp file data can be recovered), hibernate/swap, log files, and so on. And OS can be more easily tampered with undetected (rootkits/keyloggers etc).


Considering my habit of re-installing the entire OS every few weeks (I tinker a lot with no safety nets), I think I'm ok. I agree that for anyone else though, it isn't enough.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: