1 |
On Monday, December 10, 2018 12:46:07 AM CET Dale wrote: |
2 |
> Howdy, |
3 |
> |
4 |
> As some may know, I'm making some changes and upgrades to my puter. One |
5 |
> thing I'm considering, encryption of a select directory/mount point/file |
6 |
> system. One thought I have, create a mount point named say "Encrypted" |
7 |
> and put anything I don't want widely seen or hacked in that directory. |
8 |
> That would likely be on it's own partition or LVM setup. I would likely |
9 |
> keep other things open. Example, I may have /home on a partition of |
10 |
> it's own but then have the encrypted directory mounted on |
11 |
> /home/dale/Desktop/Encrypted. I could even let that be my Documents |
12 |
> directory as well. I'm not to worried about browser history etc. Plus, |
13 |
> I could log into KDE and not have to access the encrypted stuff if it is |
14 |
> not needed. I don't need encryption to check the weather. lol |
15 |
> |
16 |
> How I do that isn't a big deal really. My main question is this. If I |
17 |
> go to the trouble of doing this, would I be *really* protected? Is |
18 |
> there a easily used encryption tool that isn't easily hacked? Also, |
19 |
> when I login, I'd like to be able to type in password etc and it be |
20 |
> available from that point on, unless I do something to lock it up |
21 |
> again. Reason, I may even put some of my videos on that. I watch TV |
22 |
> from that a lot. |
23 |
> |
24 |
> Also, how hard would it be to do the same to my backups, since having a |
25 |
> open set of backups would render the encrypted part just available |
26 |
> elsewhere? |
27 |
> |
28 |
> While I get some of how encryption works, I don't keep up with it on a |
29 |
> weekly or even monthly basis. I just see the occasional articles on |
30 |
> it. I'd rather ask and get input from someone who uses and/or is more |
31 |
> familiar with this. In other words, if it is worthless and someone |
32 |
> knows it is, then let me know. If one tool is better/easier/etc than |
33 |
> another, I'd like to know that as well. |
34 |
|
35 |
I have not read the full thread, but missed mention of a few things, so here |
36 |
is my take on the whole thing: |
37 |
|
38 |
- Full disk encryption is only necessary if the machine runs the risk of being |
39 |
stolen. (physical access) |
40 |
- Encryption will not protect against remote hacks as the OS can access the |
41 |
files when the storage is decrypted |
42 |
- When using encryption, ensure swap is encrypted as well as there is always a |
43 |
risk the encryption keys can be stored on swap |
44 |
|
45 |
Personally, I don't encrypt my desktop as the physical security of my house is |
46 |
adequate. My laptop uses full disk encryption, only the boot-partition is not |
47 |
encrypted. The decryption key is password-encrypted and stored inside the |
48 |
kernel image. |
49 |
For clarity, my disk layout on laptop is as follows: |
50 |
physical disk - partition - LUKS-encryption - LVM - ..... (The rest is the |
51 |
same as what you have) |
52 |
|
53 |
-- |
54 |
Joost |