| 1 |
Alan McKinnon wrote: |
| 2 |
> On 02/06/2014 11:48, Dale wrote: |
| 3 |
> |
| 4 |
>> I admit, I have never used encryption like this before. I am assuming |
| 5 |
>> that if I logout of my GUI, then it is encrypted at that point? Once I |
| 6 |
>> log back in, it decrypts it again? Am I at least close? |
| 7 |
> All disk encryption works to this general plan: |
| 8 |
> |
| 9 |
> You log in (or boot up), the system asks for a password/key or whatever, |
| 10 |
> then unlocks the encryption used. Reads for the disk are decrypted on |
| 11 |
> the fly, writes are encrypted on the fly. What is on disk is always in |
| 12 |
> an encrypted state. |
| 13 |
> |
| 14 |
> Safety depends on how you set it up - if you use full disk encryption |
| 15 |
> then you must unlock it at boot time. The disk is still readable until |
| 16 |
> you power off or reboot. |
| 17 |
> |
| 18 |
> If you encrypt your home directory then you unlock it when you log in so |
| 19 |
> logging out of your DE safely locks things again. |
| 20 |
> |
| 21 |
> You most likely want the second option, the odds that you have a valid |
| 22 |
> need to protect /usr and /opt are not good. As a regular user out there, |
| 23 |
> the stuff you want to protect is in /home (or you could easily move it |
| 24 |
> to /home). You'd also want to encrypt /tmp and swap as your running apps |
| 25 |
> often write secret stuff there (like ssh and gpg sockets) - that is |
| 26 |
> really just an extension of why you want to encrpyt /home itself |
| 27 |
> |
| 28 |
|
| 29 |
The second option does sound what I am looking for. Basically, if I log |
| 30 |
out but leave my computer on, leave home, some crook/NSA type breaks in |
| 31 |
and tries to access something or steals my whole puter, they would just |
| 32 |
get garbage for data. That seems to fit the second option best. |
| 33 |
|
| 34 |
I'll have to get me a new hard drive first tho. I'm going to try and |
| 35 |
get a 4TB drive at some point and use the current 3TB drive for backups, |
| 36 |
encrypted to I hope. |
| 37 |
|
| 38 |
Thanks for the info. Water is not quite so muddy. |
| 39 |
|
| 40 |
Dale |
| 41 |
|
| 42 |
:-) :-) |
| 43 |
|
| 44 |
-- |
| 45 |
I am only responsible for what I said ... Not for what you understood or how you interpreted my words! |
Archives