home encryption => long passphrase, login => short passphrase

[jomex]

type in console: ecryptfs-unwrap-passphrase

[BkkBonanza]

@jomex,
You may want to read here ( http://blog.dustinkirkland.com/2009/...tfs-works.html ) to get more familiar with how ecryptfs works. He has other good artcles about it on his blog.

I don't think it makes much sense to have a shorter password for sudo than login/ecrypt mounting since anyone gaining sudo access will already have full access to your home directory, assuming it was mounted at boot. They could just copy material to non-home areas for later use.

If you are serious about security I would recommend using your encrypted home with 2-factor authentication. Use a regular password and a usb flash stick as KEY disk. That blog above also has info on how to set that up and it's very easy. Put one of those tiny usb keys on your key ring so only having both password and key will allow access. I do this when traveling.

Another nice thing about an encrypted home is that it locks when you suspend or the screen saver kicks in so that you can leave your computer and it will secure itself if you forget - probably the biggest class of vulnerabilities is user forgetfulness / errors.