1 |
Alan McKinnon wrote: |
2 |
> On 02/06/2014 11:48, Dale wrote: |
3 |
> |
4 |
>> I admit, I have never used encryption like this before. I am assuming |
5 |
>> that if I logout of my GUI, then it is encrypted at that point? Once I |
6 |
>> log back in, it decrypts it again? Am I at least close? |
7 |
> All disk encryption works to this general plan: |
8 |
> |
9 |
> You log in (or boot up), the system asks for a password/key or whatever, |
10 |
> then unlocks the encryption used. Reads for the disk are decrypted on |
11 |
> the fly, writes are encrypted on the fly. What is on disk is always in |
12 |
> an encrypted state. |
13 |
> |
14 |
> Safety depends on how you set it up - if you use full disk encryption |
15 |
> then you must unlock it at boot time. The disk is still readable until |
16 |
> you power off or reboot. |
17 |
> |
18 |
> If you encrypt your home directory then you unlock it when you log in so |
19 |
> logging out of your DE safely locks things again. |
20 |
> |
21 |
> You most likely want the second option, the odds that you have a valid |
22 |
> need to protect /usr and /opt are not good. As a regular user out there, |
23 |
> the stuff you want to protect is in /home (or you could easily move it |
24 |
> to /home). You'd also want to encrypt /tmp and swap as your running apps |
25 |
> often write secret stuff there (like ssh and gpg sockets) - that is |
26 |
> really just an extension of why you want to encrpyt /home itself |
27 |
> |
28 |
|
29 |
The second option does sound what I am looking for. Basically, if I log |
30 |
out but leave my computer on, leave home, some crook/NSA type breaks in |
31 |
and tries to access something or steals my whole puter, they would just |
32 |
get garbage for data. That seems to fit the second option best. |
33 |
|
34 |
I'll have to get me a new hard drive first tho. I'm going to try and |
35 |
get a 4TB drive at some point and use the current 3TB drive for backups, |
36 |
encrypted to I hope. |
37 |
|
38 |
Thanks for the info. Water is not quite so muddy. |
39 |
|
40 |
Dale |
41 |
|
42 |
:-) :-) |
43 |
|
44 |
-- |
45 |
I am only responsible for what I said ... Not for what you understood or how you interpreted my words! |