When mounting I'm offered the alternative of securing my residence folder-- what does this do?
- Encrypting your residence folder does not in fact make your computer system more safe and secure - it merely makes all the documents and also folders in your house folder more safe and secure from unapproved watching.
- Your computer system is still "at risk" in a security point ofview - yet it comes to be really hard for your web content to be swiped (unless the opponent has your password).
- You will not require to in fact enter your password anymore than you generally do - when you visit to your computer system your documents are flawlessly decrypted for simply your session.
- There is an opportunity (relying on your computers) that this will certainly influence the efficiency on your equipment. If you're bothered with efficiency greater than security (and also you're on an older equipment) you might desire to disable this attribute.
Ubuntu makes use of "eCryptfs" which shops all the information in a directory site (this instance the residence folders) as encrypted information. When a customer is visited that encrypted folder is placed with 2nd decryption place (this is a short-lived place that functions comparable to tmpfs - it's developed and also run in RAM so the documents are never ever saved in a decrypted state on the HD). The suggestion is - if your disk drive is swiped and also the materials read those things aren't able to be read given that Linux requires to be keeping up your verification to create the effective place and also decryption (The keys are SHA - 512 encrypted information based of numerous customer facets - the keys are after that saved in your encrypted key ring ). Completion outcome is practically safe and secure information (as long as your password isn't fractured or dripped).
You will certainly not need to enter your password anymore than common. There is a mild increase of Disk I/O and also CPU which (relying on your computer system specifications) might prevent efficiency - though it's fairly smooth on the majority of modern-day PCs
There's a wonderful write-up on the subject created by the Ubuntu programmer himself, please see : http://www.linux-mag.com/id/7568/1/
A mix of LUKS and also dm - crypt are made use of for entire - disk encryption in Linux. Ubuntu makes use of the Enterprise Cryptographic File System (ECryptfs) from variation > = 9.10 to enable residence drive encryption on login.
An upper and also lower directory site are developed, where the upper directory site is saved unencrypted in RAM, providing accessibility to the system and also existing customer. The lower directory site is passed atomic, encrypted devices of information and also saved in physical memory.
Submit and also directory site names make use of a solitary, place - vast fnek (documents name encryption key). The header of each encrypted documents has an fek (documents encryption key), covered with a different, place - vast fekek (documents encryption key, encryption key). The Linux bit keyring takes care of keys and also gives encryption using its usual ciphers.
Making use of an eCryptfs PAM (Pluggable Authentication Module) does not damage neglected reboots, unlike regular complete - disk encryption remedies.
The eCryptfs layered filesystem makes it possible for per - documents, step-by-step, encrypted back-ups.