| 1 |
On Monday, December 10, 2018 12:46:07 AM CET Dale wrote: |
| 2 |
> Howdy, |
| 3 |
> |
| 4 |
> As some may know, I'm making some changes and upgrades to my puter. One |
| 5 |
> thing I'm considering, encryption of a select directory/mount point/file |
| 6 |
> system. One thought I have, create a mount point named say "Encrypted" |
| 7 |
> and put anything I don't want widely seen or hacked in that directory. |
| 8 |
> That would likely be on it's own partition or LVM setup. I would likely |
| 9 |
> keep other things open. Example, I may have /home on a partition of |
| 10 |
> it's own but then have the encrypted directory mounted on |
| 11 |
> /home/dale/Desktop/Encrypted. I could even let that be my Documents |
| 12 |
> directory as well. I'm not to worried about browser history etc. Plus, |
| 13 |
> I could log into KDE and not have to access the encrypted stuff if it is |
| 14 |
> not needed. I don't need encryption to check the weather. lol |
| 15 |
> |
| 16 |
> How I do that isn't a big deal really. My main question is this. If I |
| 17 |
> go to the trouble of doing this, would I be *really* protected? Is |
| 18 |
> there a easily used encryption tool that isn't easily hacked? Also, |
| 19 |
> when I login, I'd like to be able to type in password etc and it be |
| 20 |
> available from that point on, unless I do something to lock it up |
| 21 |
> again. Reason, I may even put some of my videos on that. I watch TV |
| 22 |
> from that a lot. |
| 23 |
> |
| 24 |
> Also, how hard would it be to do the same to my backups, since having a |
| 25 |
> open set of backups would render the encrypted part just available |
| 26 |
> elsewhere? |
| 27 |
> |
| 28 |
> While I get some of how encryption works, I don't keep up with it on a |
| 29 |
> weekly or even monthly basis. I just see the occasional articles on |
| 30 |
> it. I'd rather ask and get input from someone who uses and/or is more |
| 31 |
> familiar with this. In other words, if it is worthless and someone |
| 32 |
> knows it is, then let me know. If one tool is better/easier/etc than |
| 33 |
> another, I'd like to know that as well. |
| 34 |
|
| 35 |
I have not read the full thread, but missed mention of a few things, so here |
| 36 |
is my take on the whole thing: |
| 37 |
|
| 38 |
- Full disk encryption is only necessary if the machine runs the risk of being |
| 39 |
stolen. (physical access) |
| 40 |
- Encryption will not protect against remote hacks as the OS can access the |
| 41 |
files when the storage is decrypted |
| 42 |
- When using encryption, ensure swap is encrypted as well as there is always a |
| 43 |
risk the encryption keys can be stored on swap |
| 44 |
|
| 45 |
Personally, I don't encrypt my desktop as the physical security of my house is |
| 46 |
adequate. My laptop uses full disk encryption, only the boot-partition is not |
| 47 |
encrypted. The decryption key is password-encrypted and stored inside the |
| 48 |
kernel image. |
| 49 |
For clarity, my disk layout on laptop is as follows: |
| 50 |
physical disk - partition - LUKS-encryption - LVM - ..... (The rest is the |
| 51 |
same as what you have) |
| 52 |
|
| 53 |
-- |
| 54 |
Joost |
Archives