Gentoo Archives: gentoo-user

From: Dale <rdalek1967@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet?
Date: Mon, 02 Jun 2014 10:27:51
Message-Id: 538C51A0.8050903@gmail.com
In Reply to: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet? by Alan McKinnon
1 Alan McKinnon wrote:
2 > On 02/06/2014 11:48, Dale wrote:
3 >
4 >> I admit, I have never used encryption like this before. I am assuming
5 >> that if I logout of my GUI, then it is encrypted at that point? Once I
6 >> log back in, it decrypts it again? Am I at least close?
7 > All disk encryption works to this general plan:
8 >
9 > You log in (or boot up), the system asks for a password/key or whatever,
10 > then unlocks the encryption used. Reads for the disk are decrypted on
11 > the fly, writes are encrypted on the fly. What is on disk is always in
12 > an encrypted state.
13 >
14 > Safety depends on how you set it up - if you use full disk encryption
15 > then you must unlock it at boot time. The disk is still readable until
16 > you power off or reboot.
17 >
18 > If you encrypt your home directory then you unlock it when you log in so
19 > logging out of your DE safely locks things again.
20 >
21 > You most likely want the second option, the odds that you have a valid
22 > need to protect /usr and /opt are not good. As a regular user out there,
23 > the stuff you want to protect is in /home (or you could easily move it
24 > to /home). You'd also want to encrypt /tmp and swap as your running apps
25 > often write secret stuff there (like ssh and gpg sockets) - that is
26 > really just an extension of why you want to encrpyt /home itself
27 >
28
29 The second option does sound what I am looking for. Basically, if I log
30 out but leave my computer on, leave home, some crook/NSA type breaks in
31 and tries to access something or steals my whole puter, they would just
32 get garbage for data. That seems to fit the second option best.
33
34 I'll have to get me a new hard drive first tho. I'm going to try and
35 get a 4TB drive at some point and use the current 3TB drive for backups,
36 encrypted to I hope.
37
38 Thanks for the info. Water is not quite so muddy.
39
40 Dale
41
42 :-) :-)
43
44 --
45 I am only responsible for what I said ... Not for what you understood or how you interpreted my words!

Replies

Subject Author
Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet? Neil Bothwick <neil@××××××××××.uk>