Encrypted Ubuntu Home Directory Question

[Dave_L]

In earlier versions, there was an issue with deciding when to unmount the home directory. For example, a stray process could prevent the home directory from being unmounted on logoff, so that it would remain unencrypted.

I don't know if that was ever completely resolved.

[rjbl]

I wonder to know if the home directory is encrypted and the system is online as well as the user of the directory is logged in, when there is an intruder who break into the system, does the intruder see the content of the files inside the said encrypted directory?

This question has been asked to my friends. Some of them stated that the intruder cannot see the content of the files but the others disagreed.

I know that when the system is offline or boot from Live CD/DVD, nobody can read your content of the files inside the hard drive without your passphrase.

When the system is online, if the intruder can see the content, what is the point to implement this technique to the system?

Samiux

Basically an external intruder, or other User on the system can only see the contents of your encrypted Home directory, or encrypted sub-directory, if you have shared that H dir, or sub-Dir, with him/her/them.

Access permissions are, by default, set Owner exclusive (In Ubuntu there isn't even Root access on them). If another User has your your logon credentials then they can get at your encrypted files, of course, just by opening a session as You.

Your encrypted Home, or encrypted sub-dir, isn't actually decrypted the moment you logon. Encryption / decryption is done on the fly - as and when you access the encrypted area - and then only the files you need to access are decrypted to read, or encrypted to write back.

Hope this helps.

rjbl

[rjbl]

In earlier versions, there was an issue with deciding when to unmount the home directory. For example, a stray process could prevent the home directory from being unmounted on logoff, so that it would remain unencrypted.

I don't know if that was ever completely resolved.

I cannot remember such an issue arising with eCryptFS and, since the whole directory / Home dir is never actually totally decrypted I cannot understand why such an issue should ever arise. You will recall that in encrypting file systems, such as eCryptFS, files are stored individually encrypted and are decrypted only when the allowed User requests each's opening, if the User writes to the opened file the entire file is encrypted afresh, usually with a newly generated session key.

I cannot recall, offhand, any encrypting FS, virtual disk encryptor or whole disk encryptor which decrypts the entire ciphered space ab initio. On the fly encrypt/decrypt of only the bits of the cypher space the User needs to access to do his stuff with the file(s) has been very much the rule since the original PGPdisk all those years ago.

The main risk with encrypting file systems, like eCryptFS, Microsoft EFS etc, is that file names, sizes, time-stamps and other metadata are not encrypted. The Feds may not be able to ogle your skin flix / dirty pix etc but They sure know what you have been drooling over.

The other big hazard is sharing your encrypting file system's contents over a network. An intruder / non-allowed local User could run a sniffer and capture the files as they are read by the allowed, but remote, users. Most encrypting file system send requested files in clear across the network to the requesting remote User.

Hope this helps

rjbl

[Dave_L]

rjbl:

The issue to which I referred, if I recall correctly, involved having a file open when logging off, so the file system remained mounted.

Ecryptfs *does* encrypt file names, so that's not an issue.