This page looks best with JavaScript enabled

Why Encrypt Your Home Directory?

 ·  ☕ 3 min read

2015-11-24 Update

Since the time of the writing of this document, truecrypt’s reputation has been called into question. Truecrypt’s response was to disband/close. It is unclear/unproven if truecrypt had any issues or was simply getting out of the game while the getting was good. I can no longer recommend truecrypt and recommend replacing Truecrypt with an alternative. While LUKS/cryptsetup is not a 1-for-1 replacement of truecrypt, it is the tool I recommend using for any and all disk encryption.

Background

I’ve had several people ask me why I go to the trouble of encrypting my Home directory (or SWAP, root, network drives, disks, etc.)? My first response is “Its really not difficult to do…so why not?”. After thinking about the question a bit more I decide a better answer was in line.

I can imagine there is a person out there who has their computer/data in a location where no one can get to it (electronically or physically) or ever will; however, the number of people such as this is very small and getting smaller by the day. Nearly everyone today has sensitive information on their computer, be it a social security number, bank account information or the directions to your hiddent pot of gold. If I loose something (or have it stolen) with critical information I want to make sure that whomever finds the information cannot use or otherwise see my information.

Details

Encryption solves this problem; however, it can be difficult to setup or worse yet, difficult to use. There are a variety of encryption options, you can use Truecrypt to create encrypted containers for files/directories or you can use ecryptfs together with linux to encrypt your entire Home directory. Truecrypt has its benefits, you can specify encryption algorythims, methods, sizes, types (hidden/normal) and many more; however, Truecrypt requires you to supply your ‘decryption’ key to decrypt the encrypted volume which can be time consuming if you have many encrypted volumes and cannot be scripted (to occur automatically at login). Ecryptfs was created to solve this exact problem, ecryptfs works by taking your user password as a component for creating the encryption key to encrypt your Home directory. In short, ecryptfs encrypts your entire Home directory in a safe, secure manner such that everything you store in your Home directory is encrypted and safe.

I highly recommend using ecryptfs to encrypt your Home directory. If your Home directory is not encrypted, see our article on Encrypting Home Directory Post-Install. If you have a disk (external disk, usb drives, thumb drives) that you wish to encrypt I recommend using Truecrypt to encrypt the entire disk if possible.

I hope the above information has been helpful and feel free to leave feedback/comments.

Share on

drad
WRITTEN BY
drad
Sr. Consultant