Announcement

Collapse
No announcement yet.

The Cost Of Home Directory Encryption & LUKS Full Disk Encryption On Ubuntu 18.04

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Zan Lynx View Post
    I wish that Linux distros would put some work into detecting usable TPM and SED hardware. On almost any modern laptop the hardware can manage secure key storage and full disk encryption on its own. There's zero reason to have the CPU encrypting for you on those machines.
    as you write "mange secure key storage", the TPM is not doing mass, high bandwidth crypto for you, the CPU still has to do that, and has dedicated instructions for this, nowadays.

    PS: I would not trust SED a bit, ...

    Comment


    • #12
      Originally posted by dibal View Post
      Random encrypting swap is also nice: https://wiki.archlinux.org/index.php...wap_encryption
      Better idea - don't use swap at all. You don't need it now that machines have 16 to 64 gigabytes of RAM.

      Comment


      • #13
        Again full disk encryption wins. There are also other problems with ecryptfs. Once I accidently tried it on a fresh Ubuntu install. It took less than 24 hours to fail because the first thing I did was restoring old backups and some files had 240+ character file names/paths. Ecryptfs had a very low maximum for file names so it failed to restore from the backups. Nice. I kind of thought it would use full disk encryption by default.

        Comment


        • #14
          Originally posted by caligula View Post

          Better idea - don't use swap at all. You don't need it now that machines have 16 to 64 gigabytes of RAM.
          It's definitely not yet common for laptops and netbooks to have 16 to 64 gigabytes of RAM. On desktops on the ither hand, you don't need disk encryption nearly as much.

          Comment


          • #15
            Originally posted by caligula View Post
            Better idea - don't use swap at all.
            Or use a swap file.

            Comment


            • #16
              https://www.xkcd.com/538/

              Comment


              • #17
                Originally posted by DanL View Post

                Or use a swap file.
                Last time I tried using a swap file was during a fresh Ubuntu installation, which has its default swap option set to swap file. The world fell apart and the freshly installed Ubuntu could not even boot up.

                Comment


                • #18
                  +1 TPM
                  also, ZFS now has encryption. Would be cool to have it benchmarked against those.

                  My personal experience with home dir encryption is 2x failures and had to restore backups... Xorg would just restart and I couldn't log in, ubuntu 16 at the time, created a new user and restored files.

                  Comment


                  • #19
                    Originally posted by caligula View Post

                    Better idea - don't use swap at all. You don't need it now that machines have 16 to 64 gigabytes of RAM.
                    https://chrisdown.name/2018/01/02/in...e-of-swap.html

                    TLDR: You want swap regardless of the amount of system RAM you have.

                    Comment


                    • #20
                      I am suprised that the pro swap article does not make any mention about the usage of swap for hibernation to disk.

                      Swap is a requirement for that, isn't it? Or are there other ways to achieve that?

                      Comment

                      Working...
                      X