[Tfug] A question on encrypted home directories...

Sat Mar 6 11:34:49 MST 2010

--- On Sat, 3/6/10, johngalt1 <johngalt1 at uswest.net> wrote:

> ----- Original Message ----- From: "Jim March" <1.jim.march at gmail.com>
> To: "Tucson Free Unix Group" <tfug at tfug.org>
> Sent: Saturday, March 06, 2010 10:21 AM
> Subject: [Tfug] A question on encrypted home
> directories...
> 
> > Folks,
> > 
> > I've rebuilt my system as 32bit using Linux Mint - had an app I had to
> > run that doesn't work in 64bit (long story).
> > 
> > To improve performance I avoided whole disk encryption and gone with
> > an encrypted /home.
> > 
> > Here's my question, and it's possibly a stupid one: in Ubuntu it's
> > laughably easy to reset one's user password. Right?  All you do is go
> > into recovery mode, reset the password.
> > 
> > Can I safely assume that will have no effect on the key to the
> > /home/jim directory?!?
> > 
> > I mean, it SHOULD work that way, right?
> 
> I don't know the answer. But if the scenario presented is
> how it works, why encrypt the directory?
> 
> All one needs is physical access to the box, root pass or
> your pass to see the files... Correct? 

If done "smart", the decrypt password isn't present "in any form"
(e.g., in /etc/passwd et al.) but, rather, "runs the decoder"
that decrypts the directory's contents.  I.e., specify a wrong
password and you still *see* the files -- but their contents are
all wrong.

If OTOH, the encryption merely provides you access to some other
key (e.g., like a typical login credential), then it would be 
possible to change the passwd without re-encrypting the entire
directory.

By way of *lame* examples:

The first way is hiring a translator to sit between you and your
files.  He speaks "english" and "some other language" (unknown).
Everything you say to him gets converted to that other language
before being written to disk.  Conversely, everything you try
to read from the disk is first read -- and interpreted -- by
him (in his "native" language).

Your password ("secret") in this scenario is the translator's name
(there are billions of people on the planet... which *one* am
I using to perform this translation).

So, changing passwords (i.e., translators) involves converting
everything back to "english", firing the old translator, then
having the new translator translate everything from scratch.
Then, guarding *his* name as a closely held secret.

The second scenario uses *a* translator.  But, his name is
placed on a slip of paper in a "safe".  You are given the
combination to that safe ("password").  Changing the password
is the equivalent of changing the combination to the safe.
The form that the files take ON THE DISK is unchanged.

The latter is easier/more convenient to implement in that the
encryption layer can chose an efficient way of scrambling
the data without concern for your password.  (e.g., it can
ensure the "key" that *it* uses is much stronger)

The former can be more effective as the only way to "break"
the encryption is to decrypt the files (whereas in the other case,
all you had to do was "crack the safe")