| * Obsidian1723 Hi all... | 03:10 | |
| h00k | OHAI THAR | 03:11 |
|---|---|---|
| h00k | I smell like hot tub | 03:12 |
| * Obsidian1723 *grumbles about this "IT company" that messed things up - badly* | 03:32 | |
| Takyoji | I'm curious how many here use an encrypted /home partition | 21:48 |
| _diablo | Takyoji: I don't. I don't see a big purpose. Why not just use truecrypt if you actually care about it? | 23:07 |
| _diablo | I trust that encryption far more than whatever unspecified thing Ubuntu has decreed is best | 23:07 |
| _diablo | Do you know off hand what type of encryption algorithms they use? | 23:07 |
| rlaager | I have an encrypted ~, which is what I assume you mean. | 23:22 |
| rlaager | The big advantage of ecryptfs is that I can efficiently rsync my data to a backup server and have it be *encrypted* on that backup server. | 23:23 |
| rlaager | If I had a block-level encryption solution, I'd have to rsync the whole block device, including unused space. | 23:23 |
| _diablo | rlaager: ah, that makes sense. But rsync keeps the encryption intact? | 23:28 |
| rlaager | _diablo: Yes. Here's what "mount" returns for me: /home/rlaager/.Private on /home/rlaager type ecryptfs | 23:29 |
| _diablo | hmmm, couldn't you do the same backup from one container to another container while having both mounted? | 23:30 |
| rlaager | For each regular file in my home directory, there is a corresponding file in /home/rlaager/.Private. So, excluding filename encryption (which ecryptfs has now, but didn't used to), /home/rlaager/.ssh/id_dsa would be /home/rlaager/.Private/.ssh/id_dsa, which would be encrypted. | 23:30 |
| _diablo | ahhh | 23:30 |
| rlaager | Yes, you could, but then you'd have to mount the encrypted container on the remote server. This way, I don't have to trust the remote server with my data. All it ever sees is encrypted data. | 23:30 |
| _diablo | hmmmm, makes sense. okay, I see a potential advantage then. | 23:31 |
| rlaager | I'm moving from one backup server to another right now, but both of them are systems I'm sharing with co-workers. (I work at a small ISP, so we can just colo there.) | 23:31 |
| rlaager | Especially now, with new disks... I'm using only 50% of my drive at the moment. So I only need to sync that 50%, not the whole disk. | 23:31 |
| rlaager | Plus, I can easily exclude certain things. For example, I exclude ~/ubuntu-*.iso. | 23:32 |
| rlaager | This used to be easier than it is now that there's filename encryption (i.e. I used to be able to exclude /home/rlaager/.Private/ubuntu-*.iso.) I know how to write the script to do that; I just need to get it going. | 23:33 |
| _diablo | yeah, fair enough | 23:41 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!