From owner-freebsd-questions@FreeBSD.ORG Wed Mar 22 08:52:49 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2439B16A400 for ; Wed, 22 Mar 2006 08:52:49 +0000 (UTC) (envelope-from duane@greenmeadow.ca) Received: from smtpout.eastlink.ca (smtpout.eastlink.ca [24.222.0.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1085643D5A for ; Wed, 22 Mar 2006 08:52:41 +0000 (GMT) (envelope-from duane@greenmeadow.ca) Received: from ip03.eastlink.ca ([24.222.10.15]) by mta01.eastlink.ca (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTP id <0IWI00GFBTZP2HG1@mta01.eastlink.ca> for freebsd-questions@freebsd.org; Wed, 22 Mar 2006 04:52:37 -0400 (AST) Received: from blk-224-199-230.eastlink.ca (HELO [192.168.0.103]) ([24.224.199.230]) by ip03.eastlink.ca with ESMTP; Wed, 22 Mar 2006 04:52:40 -0400 Date: Wed, 22 Mar 2006 04:51:46 -0400 From: Duane Whitty In-reply-to: <44210DFC.6000308@locolomo.org> To: Erik Norgaard Message-id: <44211022.8010906@greenmeadow.ca> MIME-version: 1.0 Content-type: text/plain; charset=UTF-8; format=flowed Content-transfer-encoding: 7BIT X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAQAAA+k= References: <44210DFC.6000308@locolomo.org> User-Agent: Thunderbird 1.5 (X11/20060309) Cc: freebsd-questions@freebsd.org Subject: Re: encrypted drives X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 08:52:49 -0000 Erik Norgaard wrote: > Hi: > > 1) I was thinking, what is the performance penalty of storing data on > an encrypted device? Sure, for writing documents, coding and stuff, I > guess the performance loss is insignificant, but for music and video > which then needs to be decrypted and then decoded, is this a problem? > > 2) One thing is to create an entire encrypted device for /home. But > that have the unfortunate consequence that other user's data is > unencrypted once the system is up. > > What would be more appropriate is a solution where each home-dir is an > encrypted mfs which is decrypted and mounted when the user log in, is > this possible? > > If not, then the alternative would be to have a private mfs in the > user's home dir which is mounted after login, but I think yet the user > needs root access to mount encrypted devices. > > Is there any possibility for users to mount their own encrypted mfs? > > Thanks, Erik > Hi Erik, Perhaps this would interest you: http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf --Duane