That would escape the need for multiple users having to share the master filesystem key for the whole system).ģ) Is /swap encrypted with the same key as the filesystem? If it is a separate key, is it a permanent key? In Encryptfs the swap key is temporary, once the system is shut down the key is destroyed and another key is generated upon boot, which makes whatever was written to swap the previous session irretrievable.
Or do I have a separate key that can only decrypt my own /home folder + the filesystem and /boot folders?Ģ) If all user accounts are encrypted with separate keys, are these linked to the filesystem decryption key? (Ergo, at the boot screen you can enter your /home user key, then again at the user login screen, as your home user key is linked to the filesystem key-it decrypts only the filesystem plus your own /home user directory, nothing else. That means:ġ) If I log in as User1 on a full-disk encrypted system, and I have sudo privileges, can I "spy" into the contents of User2's and User3's account if I choose? With Encryptfs, you can't-because those are encrypted with different keys. Is the same key used system-wide? This is my biggest question. Plus I've actually done an installation with the full-disk encryption option for someone else.
I've been a Linux user for 13 years, I've been using Ecryptfs for most of that period, and I've used Scramdisk/TrueCrypt/Veracrypt, for my background. I want to know how it works in practice and how secure it is (and what I meant by that is not "how AES is implemented" but what it does and does not do in practice). I don't want an explanation of how AES works, not an explanation of how to install it there oodles of those. I'm posting this because I've not been able to read how the full-disk encryption option actually works.
0 kommentar(er)
