From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by speech.braille.uwo.ca (Postfix) with ESMTP id 7EED0C1A294 for ; Tue, 1 Mar 2011 01:44:22 -0500 (EST) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PuJJj-0001Lh-Dk for speakup@braille.uwo.ca; Tue, 01 Mar 2011 07:44:19 +0100 Received: from ppp198-218.static.internode.on.net ([59.167.198.218]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 01 Mar 2011 07:44:19 +0100 Received: from jason by ppp198-218.static.internode.on.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 01 Mar 2011 07:44:19 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: speakup@braille.uwo.ca From: Jason White Subject: Re: encryption of partitions/lvm without speakup Date: Tue, 1 Mar 2011 06:44:08 +0000 (UTC) Message-ID: References: <20110227214337.GA8462@romuald.net.eu.org> <20110228040719.GB10613@gmx.net> <20110228054917.GA10311@strigy.yelavich.home> <20110228061356.GA17892@romuald.net.eu.org> X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: ppp198-218.static.internode.on.net X-Newsreader: trn 4.0-test77 (Sep 1, 2010) Originator: jason@jdc.jasonjgw.net (Jason White) X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.13 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2011 06:44:22 -0000 Gregory Nowak wrote: > >Thanks to Joe, Alex, and Luke for your input. It's pretty much as I >had figured things to be. I haven't heard of ecryptfs before though, >will have to look that up. One advantage (if your entire system doesn't have to be encrypted) is that it stores the files under directories in whatever file system you are already using - it doesn't require its own file system, partition or logical volume, if I recall rightly. Encryption of the file names as well as the contents was introduced several kernel releases ago. nother option for those requiring full system encryption might be to try to get it working with a Yubikey or similar device. A Yubikey can be configured to generate a fixed password, but that isn't the standard or recommended mode of operation. Rather, it normally generates a one-time encrypted password that can be verified locally or remotely and integrated into PAM.