However, when examining the underlying encrypted directory one can see that both the file names and contents are encrypted. Without access to the keys, this information should be inaccessible by an attacker:
The existence of the auto-mount and auto-umount flags inform PAM to automatically mount and unmount the eCryptfs directory. Private.mnt contains a path owned by the user where the eCryptfs directory is to be mounted, i.e, $HOME, $HOME/Private, or elsewhere. Private.sig contains signatures identifying the fekek and fnek, without revealing the keys themselves. Finally, the wrapped-passphrase contains the actual mount passphrase, symmetrically encrypted by the user’s system login passphrase.
Advanced Encrypted Home Directory Security
Some Ubuntu Encrypted Home Directory users choose to extend their security beyond the stock setup.
In the default Ubuntu Encrypted Home Directory model, the weakest link in the chain of required keys is usually the user’s system login password. While it is critically important to choose a strong system password, the risk can be mitigated by two-factor authentication.
Two-factor authentication is a system where two separate pieces of information are required to establish a user’s identity. It is trivial to simulate two-factor authentication with Ubuntu Encrypted Home Directories. Simply move $HOME/.ecryptfs/wrapped-passphrase to removable media (such as a USB key or flash disk) and establish a symbolic link from $HOME/.ecryptfs/wrapped-passphrase to the removable location. You can even obfuscate the name of the file on the removable media by calling it something other than â€œwrapped-passphraseâ€:
By using this method, should an attacker manage to crack the log in password, they will not have access to the wrapped-passphrase, and therefore cannot decrypt the data. In order to gain access, they must brute-force a long, randomly generated passphrase before accessing the encrypted data.
Use of swap space and hibernation-to-disk present particularly difficult problems to encryption systems. Decrypted file contents exist exclusively as data structures in running memory. However, if memory gets swapped to disk and the swap space is not encrypted, some of the private data may be written in clear text. Indeed, if a system is hibernated, the complete contents of memory is dumped to disk, potentially circumventing the entire encryption scheme.
For these reasons, it is highly recommended that swap space is also encrypted when using Ubuntu Encrypted Home or Private Directories. The ecryptfs-setup-swap script should accomplish this nicely, however you will not be able to resume from hibernation (suspend/resume is unaffected). Thankfully, the Ubuntu 9.10 installer has already thought of this and will automatically encrypt swap space when enabling an Encrypted Home Directory.
There are a few subtle changes to otherwise normal system operation with an Encrypted Home Directory.
If the home directory is not already mounted then automatic desktop logins, ssh public key authentication and cronjobs that require access to data in $HOME are not possible. This issue can be worked around by disabling automatic unmount (remove $HOME/.ecryptfs/auto-umount), logging in, and establishing the mount at some point prior to public key authentication or cronjob execution. However, the home directory will only be unmounted at shutdown, or when ecryptfs-umount-private is invoked directly.
eCryptfs does not yet work properly on top of remote, network file systems such as NFS, Samba, or SSHFS. This is a known bug and is actively being addressed.
Encrypted file contents are padded, requiring additional storage on disk. While this has little affect on large files, encrypted sparse files appear much bigger.
File and directory names are also padded. Linux has a 256-character file name limit, and a 4096-character maximum path limit. The padding from eCryptfs means that file names and paths which are already near the limit might hit the limit sooner than expected.
Ubuntu has once again taken a complex, highly customizable free software system and made it seamlessly accessible to the wider population. By adding a suite of user space utilities, support in the Ubuntu installer and integration with system authentication, eCryptfs provides an elegant home directory encryption scheme while continuing to deliver an outstanding user experience.
Encrypted Home Directories proudly demonstrate Ubuntu’s leadership in developing a secure Linux desktop without sacrificing usability.