[PC-BSD Testing] should /home be in default partitioning

Dru Lavigne drulavigne at sympatico.ca
Mon Mar 21 16:14:01 PDT 2011








This came up on the IRC channel this weekend.

Currently, the encryption page of the PC-BSD Handbook suggests that one should not encrypt /usr as most of its contents are known and that could provide too much data for a cryptographic attack (this was the result of a suggestion by cpercival last year). Yet, the installer by default offers to encrypt /usr. Further, the default partitioning scheme does not make /home which is probably what users are interested in encrypting anyways.

It was suggested that:

1. the default partitioning scheme separates /usr and /home

2. the default encryption option offers to encrypt /home instead of /usr

One of the commenters on the IRC thread suggested that we also look into the ability to use the user's password salted with a randomly generated salt as a passphrase for the encrypted /home. This would relieve the user from entering a password to boot their system but keep things encrypted and secure. The commenter was not sure if the GELI framework would allow this though.

The salted part might be something to discuss with pjd@ at BSDCan?

Cheers,

Dru


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20110321/a669af03/attachment.html>


More information about the Testing mailing list