| 1 |
On 02/06/2014 11:48, Dale wrote: |
| 2 |
> Neil Bothwick wrote: |
| 3 |
>> On Mon, 02 Jun 2014 11:24:35 +0200, Volker Armin Hemmann wrote: |
| 4 |
>> |
| 5 |
>>>> I'm considering encrypting my home partition one of these days. |
| 6 |
>>> why? if you are hacked, they just read what you are reading. Encryption |
| 7 |
>>> does not help you there at all. |
| 8 |
>> It helps if your computer is stolen. This is more, but not only, relevant |
| 9 |
>> to laptops. |
| 10 |
>> |
| 11 |
>> |
| 12 |
> |
| 13 |
> I admit, I have never used encryption like this before. I am assuming |
| 14 |
> that if I logout of my GUI, then it is encrypted at that point? Once I |
| 15 |
> log back in, it decrypts it again? Am I at least close? |
| 16 |
|
| 17 |
All disk encryption works to this general plan: |
| 18 |
|
| 19 |
You log in (or boot up), the system asks for a password/key or whatever, |
| 20 |
then unlocks the encryption used. Reads for the disk are decrypted on |
| 21 |
the fly, writes are encrypted on the fly. What is on disk is always in |
| 22 |
an encrypted state. |
| 23 |
|
| 24 |
Safety depends on how you set it up - if you use full disk encryption |
| 25 |
then you must unlock it at boot time. The disk is still readable until |
| 26 |
you power off or reboot. |
| 27 |
|
| 28 |
If you encrypt your home directory then you unlock it when you log in so |
| 29 |
logging out of your DE safely locks things again. |
| 30 |
|
| 31 |
You most likely want the second option, the odds that you have a valid |
| 32 |
need to protect /usr and /opt are not good. As a regular user out there, |
| 33 |
the stuff you want to protect is in /home (or you could easily move it |
| 34 |
to /home). You'd also want to encrypt /tmp and swap as your running apps |
| 35 |
often write secret stuff there (like ssh and gpg sockets) - that is |
| 36 |
really just an extension of why you want to encrpyt /home itself |
| 37 |
|
| 38 |
|
| 39 |
> I do have a desktop system. No lappy, yet anyway. Maybe one of these days. |
| 40 |
> |
| 41 |
> Dale |
| 42 |
> |
| 43 |
> :-) :-) |
| 44 |
> |
| 45 |
|
| 46 |
|
| 47 |
-- |
| 48 |
Alan McKinnon |
| 49 |
alan.mckinnon@×××××.com |
Archives