Page 4 of 4 FirstFirst ... 234
Results 31 to 38 of 38

Thread: Performance impact of full disk encryption?

  1. #31
    Join Date
    Apr 2008
    Location
    Far, far away
    Beans
    2,148
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Performance impact of full disk encryption?

    As I mentioned, if you want that extra step of security with ecryptfs home encryption then the best thing is to symlink the key file. Your password allows decrypting the key file but if the key file is on a usb key then they need that as well as your password.

    The key is much longer and more random than your password. It usually sits in /home/.ecryptfs/<user>/.ecryptfs/wrapped-passphrase but if you replace that with a symlink to your usb key then it can be kept there instead. You also need to add an entry in fstab so that usb key volume gets consistently mounted somewhere for the symlink to work.

    This method then gives you easy-to-use 2 factor authentication where you need the password and the key. I keep one of those really small ones on my key ring so it's always in my pocket. Even if someone can brute force the password they won't get the data without my keyring. I generally use an 8 char fully random password as well, so it's moderately secure and easy to use.

  2. #32
    Join Date
    May 2007
    Beans
    880
    Distro
    Ubuntu Development Release

    Re: Performance impact of full disk encryption?

    If you are the only user of this computer then LUKS full-disk encryption might be a better option. You'd enter one password to decrypt the disk at boot and then your user password would be separate. After trying out encrypted home on my recent Ubuntu installations for the last few months I'm probably going back to LUKS from now on.
    ~~~
    I liked this old blog post by Aysiu: The Linux community's mixed messages

  3. #33
    Join Date
    Apr 2008
    Location
    Far, far away
    Beans
    2,148
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Performance impact of full disk encryption?

    Obviously we're now going around in circles. My suggestion to use encrypted home was for the user above who was using full disk encryption and was fed up with entering extra passwords for each partition at boot, in addition to the login password. I mean, you either have the extra hassle or you don't... take your pick.

    Unsubscribed.

  4. #34
    Join Date
    Jan 2009
    Beans
    244
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Performance impact of full disk encryption?

    Quote Originally Posted by Jekshadow View Post
    Not fully true, your login password is used to encrypt another randomly generated password that is used to decrypt your home directory.
    Is there any limit to how long you can make your Ubuntu user password? If no, will using a longer password (like a pass phrase) interfere with certain applications that may ask you for your password?
    CPU: AMD Phenom II X4 965 @ 3.5GHz
    GPU: MSI GTX 260 w/896MB DDR3 @ 655MHz
    RAM: Kingston HyperX 8GB (4x 2GB) DDR3 2000
    HDD: Samsung Spinpoint F3 1TB (2x fake RAID0)

  5. #35
    Join Date
    Jan 2009
    Beans
    244
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Performance impact of full disk encryption?

    I noticed that after I logged onto Ubuntu it asked me to make a custom passphrase instead of the default randomly generated one in case something happened to where the system didn't boot and I needed to manually decrypt my information to recover it.

    A terminal window came up where I put in the passphrase. But it didn't ask me a second time for my passphase. That seems kinda risky for ever a standard password. Let alone a pass phrase. The Ubuntu devs should probably do something so that it asks you a second time and calls you out if the two aren't exactly the same.
    CPU: AMD Phenom II X4 965 @ 3.5GHz
    GPU: MSI GTX 260 w/896MB DDR3 @ 655MHz
    RAM: Kingston HyperX 8GB (4x 2GB) DDR3 2000
    HDD: Samsung Spinpoint F3 1TB (2x fake RAID0)

  6. #36
    Join Date
    Oct 2006
    Location
    Baltimore, MD
    Beans
    667

    Re: Performance impact of full disk encryption?

    For those of you saying FDE is not noticeable, what sort of hardware were you running?

    I just booted up an IDE drive without encryption with 8.04 and it runs MILES faster than my SATA drive with encryption running 11.04. I don't know if it is 11.04 that is slow or the drive but I was absolutely floored at how quick the drive was.

    The machine in question is a P4. Yeah, I'm rockin' it old school.
    I am not a lawyer...yet.
    Music Manumit Podcast - remixable Creative Commons music!
    My neglected blog: http://douglasawh.wordpress.com
    My website: http://opensourceplayground.org

  7. #37
    Join Date
    Jan 2006
    Location
    Denver, CO
    Beans
    63
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Performance impact of full disk encryption?

    Well, I have a Dell XPS M1330 laptop with a 4500 RPM drive, 500 GB. It has a Core 2 Duo 2.0 GHz and 2 GB of RAM.

    I have /boot unencrypted, root encrypted with LUKS, swap encrypted with LUKS and a random key, a ramdisk for /tmp, my home directory mounted when I log in with pam-mount (LUKS), and about 450 GB of the drive encrypted with TrueCrypt, which is where most of the data is stored, of course.

    So, this is definitely not a powerhouse system!

    Having laid that out - I don't notice FDE at all, except in one case: when I hook up a USB drive also encrypted with TrueCrypt and back up the big partition. In that case, it maxes the CPU handily and I think there's a bit of a performance hit with the double encryption. Even then, though, that's a big bulk operation that I can let run without caring.

    In short, even on this older box (3.5 years old) it works well. When I upgrade next year, I don't think there will be much of a chance of noticing it under any scenario.

  8. #38
    Join Date
    Oct 2006
    Location
    Baltimore, MD
    Beans
    667

    Re: Performance impact of full disk encryption?

    Quote Originally Posted by fargle View Post
    In short, even on this older box (3.5 years old)
    The box I am talking about is 8 years old, but fair enough.
    I am not a lawyer...yet.
    Music Manumit Podcast - remixable Creative Commons music!
    My neglected blog: http://douglasawh.wordpress.com
    My website: http://opensourceplayground.org

Page 4 of 4 FirstFirst ... 234

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •