Hi,
I am new at this forum, but I use SuSe thins several years. I have holiday now and I installed Leap 15.2 to 2 PCs. Because I have some very nosy neighbors, who do not have problems with a break-in into my apartment, I decided to encrypt my hard-disks. I found two annoying problems with respect to this topic within the installation procedure:
I am using a password system with all chars at a german keyboard, but without special german chars like äöüß. Unfortunately the supported chars for the password are nevertheless limited. I expected such problems by installing accounts at some internet shops, but not for a linux distribution. Why are the chars limited? There is no reason for doing so.
Before installing leap 15.2 I made a backup of my data to an encrypted usb-hdd. One PC was updated from leap 15.1 to 15.2. Starting this PC I have to wait (1min 30 sec) for this usb-hdd to be found. The solution is easy. Just remove the entry of this device from /etc/crypttab, but it was annoying to figure that out. Before I made the backup, I am using yast to format and encrypt the usb-hdd. The hdd was mounted by hand after it was formatted. I suggest to instruct yast not to make an entry into cryttab, when the media is not mounted via yast or to remove this entry when the media is properly unmounted.
These are only minor problems. The installation not regarding this problems was pretty easy.
Best regards
volger
I encrypt. But I don’t have any problem with nosy neighbors.
Encrypting is good practice. There’s no need to explain why.
I am using a password system with all chars at a german keyboard, but without special german chars like äöüß. Unfortunately the supported chars for the password are nevertheless limited. I expected such problems by installing accounts at some internet shops, but not for a linux distribution. Why are the chars limited? There is no reason for doing so.
I use only ASCII characters for disk encryption. That’s safest. You may be prompted for the password during boot, before the system can read what character set is configured for your keyboard.
Note that you can use a long passphrase. Also, you can add a second encryption key, and maybe put your preferred characters in that second key. But keep the original key available, because if something goes wrong and you need to access the disk for rescue purposes, you might be limited in what character set is available.
Before installing leap 15.2 I made a backup of my data to an encrypted usb-hdd. One PC was updated from leap 15.1 to 15.2. Starting this PC I have to wait (1min 30 sec) for this usb-hdd to be found. The solution is easy. Just remove the entry of this device from /etc/crypttab, but it was annoying to figure that out. Before I made the backup, I am using yast to format and encrypt the usb-hdd. The hdd was mounted by hand after it was formatted. I suggest to instruct yast not to make an entry into cryttab, when the media is not mounted via yast or to remove this entry when the media is properly unmounted.
I’m glad you found that problem.
I will need to experiment with that. I have not personally run into it. But I probably setup the encryption at the command line instead of with Yast. I seem to recall an early forum thread where somebody had that problem, and we were able to direct him to the “/etc/crypttab” entry. I’ll note that you can leave the entry there in “crypttab”, but put “noauto” in the options column for that entry.
Can someone explain, why encrypting partitions and files is done natively, easily and reliably, meanwhile external application is needed to encrypt a folder?
Is it hopeless? Does it require too much work? How come Vera achieved this, meanwhile Linux developers cannot?
I’m not a Windows person, so I have not investigated that.
Why is there no Wikipedia article about cryfs?
Probably, because it is relatively new.
Why does nrickert use “still” in
“cryfs and encfs are still open source”?
Are there rumors that they will disappear from open source world?
Sorry about that confusion.
It’s just an English idiom. Instead of “still”, I could have said “nevertheless” or some other filler word. There is no intended implication about it disappearing.
How reliable is the cryfs? Have people lost files, because the cryfs crashed or refused to work properly?
I don’t know. It is relatively new. I’m not sure how thoroughly it has been tested or analyzed.
How much CPU power does it use when used extensively? More than cryptsetup luksOpen… method? Twice more?
I don’t know that, either. Most people won’t be using it heavily enough that you would notice.