Data security

Ivan Čukić ivan.cukic at kde.org
Thu Jan 5 21:19:17 UTC 2012


In order for decryption to work, the key needs to be saved. Mind that
in sane implementations it doesn't mean user's password, but 2^n-bit
key used in the actual encryption algorithm.

I'm using encfs and it has no real resource issues, none more than
most parts of our current stack. :) And even if reading a file from an
encrypted partition is 10x slower than with a normal file, it is not
important in this case since the system is not on encfs.

The things that we can do regarding this:
 - on device lock, unmount the encfs
 - on device unlock, ask for the password for the activity

Encrypting the entire /home partition would break the above solution,
and it would have a few additional drawbacks:
 - we want to be able to password protect specific activities -
use-case (fania) - a family device with activities for both children
and parents, and kids shouldn't have the access to parents' files.
 - it would pose a problem (as previously stated) when a running
device is stolen.

-- 
Cheerio,
Ivan

--
While you were hanging yourself on someone else's words
Dying to believe in what you heard
I was staring straight into the shining sun


More information about the Active mailing list