Open Korni22 opened 10 years ago
Hi, Korni.
An encrypted filesystem is out of scope for the current phase of this project. It's too much to get into threat models that presume a level of access to the machine that an encrypted filesystem would mitigate.
I'm going to leave the issue open, though.
+1 on this issue. I think this definitely falls within the long-term scope, if not the short-term. Server seizures are a common concern, and doubly so if the recommended install method is on a VM that can be easily imaged or subpoena'd.
I'd consider eCryptfs over Encfs, currently use it for some data-at-rest. Being kernel space seems like a bonus to me. Comparison on Arch Wiki: Disk Encryption
I've long thought about the problem of protecting data at rest, like mail spools, without requiring a separate disk/partition. There's stuff like EncFS, loop-AES, VeraCrypt... Many of them fall short in different ways, or have problems related to being old or unmaintained. eCryptfs is OK, but for my money I would rather suggest dm-crypt on a loopback device.
In order for the encryption to not be totally useless, obviously you can't really have auto-mounting with the key residing on the same server. You'd have to manually enter the passphrase on every boot.
@ageis @JoshData what about https://0xacab.org/riseuplabs/trees ? riseup.net is deploying it now: https://riseup.net/en/about-us/press/canary-statement
Should I open a new Issue or it is not on your plans?
As an mail storage encryption alternative. Was dovecot mail-crypt-plugin considered?
It would be nice to know that your mailboxes are safely encrypted instead of lying around in plaintext.