Thursday, October 30, 2008

Dustin Kirkland on Encrypted Private Directories in Ubuntu 8.10

Interview with Dustin Kirkland | The Fridge

"Ideally (at least in my mind), each user’s entire home directory would be encrypted using a key that’s unique to them. It would be mounted when the user logs in, and unmounted when the user logs out. That was my original proposal for Intrepid, but this was deemed a bit too ambitious to accomplish within a single release. The compromise was to provide a single encrypted location inside of each user’s home directory, ~/Private."

"Encrypted ~/Private directories in Ubuntu use eCryptfs as the
cryptographic filesystem scheme. eCryptfs first appeared as a
filesystem module in the Linux kernel in November of 2006, in the
2.6.19 release. eCryptfs uses the vetted cryptographic algorithms in
the Linux kernel (AES, by default in Ubuntu), as well as the kernel
keyring for per-user key management. Thus, I would argue that eCryptfs
is built on top of established technologies."

Interesting read. I can't wait to try this one out. I hate having to install 3rd party encryption programs. For some reason it just doesn't seem right. Encryption tightly integrated in the OS, like this scheme would be the future.