A question about the encrypted 'private' folder planned for Ibex

[jamesmcm]

Ok, so I assume the encryption works by creating an encrypting version of the file and then deleting the original unencrypted version. My question is, does it overwrite the original file with a random string of the same length first? If it did this would make it impossible to 'recover' any of it from the hard drive so I strongly recommend it is implemented or else it is just a false sense of security.

Also, is it possible to have a seperate password for the folder than for the user, and does it ask you for your password every time you access it?

[aheckler]

This page may have the info you're looking for:

https://wiki.ubuntu.com/EncryptedPrivateDirectory

[cariboo]

The ecrypted folder is created when you run the script, it asks you for a passphrase that gets stored in /home/<user>/.ecryptfs. It also creates three directories in the users home directory, .Private, Private and .ecrytfs. As it stands right now these directories are set and the names can not be changed. When the Privated directory is unmounted you get the following message:

Code:

 THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA --  Run mount.ecryptfs_private to mount again -> /sbin/mount.ecryptfs_private

The permissions on the Private directory are 40500 when unmounted and 40700 when the directory is mounted.

In other words the owner has read and execute/search access when the private directory is umount and read, write and execute/search access when the private directory is mounted.

Jim

[/etc/init.d/]

My question is, does it overwrite the original file with a random string of the same length first? If it did this would make it impossible to 'recover' any of it from the hard drive so I strongly recommend it is implemented or else it is just a false sense of security.

Implementations like this assume or rely on the idea that any sensitive data is created and immediately saved into the encrypted file system. Otherwise you have the issue of data remenance on the unencrypted copy.

I've demonstrated several times in this board why anything other than full file system encryption is leading people into a false sense of security, but I'll not repeat that here and suffice to say any anything that's going to provide encryption out-of-the-box has to be an improvement.

[jamesmcm]

Implementations like this assume or rely on the idea that any sensitive data is created and immediately saved into the encrypted file system. Otherwise you have the issue of data remenance on the unencrypted copy.

I've demonstrated several times in this board why anything other than full file system encryption is leading people into a false sense of security, but I'll not repeat that here and suffice to say any anything that's going to provide encryption out-of-the-box has to be an improvement.

So implementing a system whereby it creates an encrypted version, then overwrites the original with random data before deleting it would still suffer from the data remaining on the HD unencrypted. I thought overwriting it first helped prevent this problem, or is it not that simple?

[userundefine]

I've looked through some resources on this Private folder idea but I haven't seen this answered, or perhaps I'm thick. The guides say it's ideal to move folders there and then symlink them, i.e., .mozilla. OK, so Firefox can still access .mozilla if it's symlinked, but how is it accessible if Private is supposed to be encrypted? Do you enter your password each time you login?

[MrGreen]

As far as I can see it mounted as soon as your user logs in, Thing is I do not want icon on Desktop very messy... there must be a way to hide it?

Mounted is one thing but on show sort of defeats the object

Ok google is my friend

MrG

[tubbygweilo]

MrGreen,

Applications > Add/Remove > System Tools > Configuration Editor

and then selecting the Configuration Editor box will allow you to use the tool to tidy your desktop by

Applications > Accessories > System Tools > Configuration Editor > Apps > Nautilus > Desktop

and then amending the volumes_visible value you should then no longer see the icon on your desktop.

Hope this helps.

[MrGreen]

Will that remove all icons? anyway will check it out thanks

MrG

[Sylchat]

Hi

I was trying to hide the Private folder from the desktop, as Private contains sensitive data and should not be clearly visible, especially with an empty desktop...

changing the volumes_visible option did the trick (you need to logoff/login), but it will hide any mounted volume, including usb sticks or external disks. They are still accessible in the "Places" menu in the gnome-panel.

And it won't hide regular icon.