Re: Modular encryption support



On Wed, 2013-04-10 at 11:55 -0400, Hashem Nasarat wrote:
I think this would be a great feature. Currently, there's an
all-or-nothing approach to encryption with GNU/Linux systems, and this
feature would be a good compromise between difficulty and security.

My point is not to compromise. The aim is to achieve the same level of
security, but without any barriers to the user experience. Allowing you
to only unlock your machine when something private is accessed, rather
than all the time.

Perhaps there could be even be a default folder in a user's home
directory "Private Files" or something that is encrypted by default.

My problem with this, is that it requires a big folder of everything I
want protected. Rather, I want to be able to protect stuff that's still
organised in a sensible place. I've heard people creating symlinks into
the private directory, but this causes issues with backups and
transferring files.

If I have an encrypted folder ~/Documents/secrets/, and I have a regular
backup of my Documents folder, it will miss the encrypted documents in
the case of symlinking to a private directory. Whereas, in my
implementation, the encrypted contents are located at
~/Documents/.secrets-enc/ are thus will be backed up with the rest.

You can imagine the same kind of issue if you want to copy the encrypted
directory over. If you have a monolithic private folder, you must copy
the entire private folder, instead of just the relevant folder.

What I am proposing, is a much more modular approach to security. Does
this make more sense?

Thanks for your feedback,
Sam Bull

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]