http://blogs.gnome.org/hughsie/2007/11/26/dear-fedora-developers/ Blog about geeky stuff Sun, 29 Jan 2012 09:38:55 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://blogs.gnome.org/hughsie/2007/11/26/dear-fedora-developers/comment-page-1/#comment-143 Anonymous Mon, 26 Nov 2007 17:08:35 +0000 http://blogs.gnome.org/hughsie/2007/11/26/dear-fedora-developers/#comment-143 We're working on some bits for easier file system (well, really block device) encryption for Fedora 9 that will basically boil down to [X] Encrypt and protect data that then prompts you to unlock at boot. First anaconda bits landed about a week ago, but there's still quite a bit more work to do. The problem with the "encrypt my home directory" case is that all of the encryption solutions are block device based. And a separate block device per user home directory just doesn't scale. Growing and shrinking filesystems online sucks (ie, you can't shrink) and you can't know a priori how much space each user is going to need. So blah, losing. <a href="http://ecryptfs.sf.net" rel="nofollow">eCryptFS</a> is somewhat promising as an overlay filesystem, but alas, not nearly ready and progress is slow on things like separate encryption keys per fs subtree and allowing things like a ~/Public which _isn't_ encrypted (so that it can be access by apache which won't have access to your keyring and thus wouldn't be able to decrypt it) We're working on some bits for easier file system (well, really block device) encryption for Fedora 9 that will basically boil down to [X] Encrypt and protect data that then prompts you to unlock at boot. First anaconda bits landed about a week ago, but there's still quite a bit more work to do. The problem with the “encrypt my home directory” case is that all of the encryption solutions are block device based. And a separate block device per user home directory just doesn't scale. Growing and shrinking filesystems online sucks (ie, you can't shrink) and you can't know a priori how much space each user is going to need. So blah, losing. eCryptFS is somewhat promising as an overlay filesystem, but alas, not nearly ready and progress is slow on things like separate encryption keys per fs subtree and allowing things like a ~/Public which _isn't_ encrypted (so that it can be access by apache which won't have access to your keyring and thus wouldn't be able to decrypt it)

]]>