1 |
On 02/06/2014 11:48, Dale wrote: |
2 |
> Neil Bothwick wrote: |
3 |
>> On Mon, 02 Jun 2014 11:24:35 +0200, Volker Armin Hemmann wrote: |
4 |
>> |
5 |
>>>> I'm considering encrypting my home partition one of these days. |
6 |
>>> why? if you are hacked, they just read what you are reading. Encryption |
7 |
>>> does not help you there at all. |
8 |
>> It helps if your computer is stolen. This is more, but not only, relevant |
9 |
>> to laptops. |
10 |
>> |
11 |
>> |
12 |
> |
13 |
> I admit, I have never used encryption like this before. I am assuming |
14 |
> that if I logout of my GUI, then it is encrypted at that point? Once I |
15 |
> log back in, it decrypts it again? Am I at least close? |
16 |
|
17 |
All disk encryption works to this general plan: |
18 |
|
19 |
You log in (or boot up), the system asks for a password/key or whatever, |
20 |
then unlocks the encryption used. Reads for the disk are decrypted on |
21 |
the fly, writes are encrypted on the fly. What is on disk is always in |
22 |
an encrypted state. |
23 |
|
24 |
Safety depends on how you set it up - if you use full disk encryption |
25 |
then you must unlock it at boot time. The disk is still readable until |
26 |
you power off or reboot. |
27 |
|
28 |
If you encrypt your home directory then you unlock it when you log in so |
29 |
logging out of your DE safely locks things again. |
30 |
|
31 |
You most likely want the second option, the odds that you have a valid |
32 |
need to protect /usr and /opt are not good. As a regular user out there, |
33 |
the stuff you want to protect is in /home (or you could easily move it |
34 |
to /home). You'd also want to encrypt /tmp and swap as your running apps |
35 |
often write secret stuff there (like ssh and gpg sockets) - that is |
36 |
really just an extension of why you want to encrpyt /home itself |
37 |
|
38 |
|
39 |
> I do have a desktop system. No lappy, yet anyway. Maybe one of these days. |
40 |
> |
41 |
> Dale |
42 |
> |
43 |
> :-) :-) |
44 |
> |
45 |
|
46 |
|
47 |
-- |
48 |
Alan McKinnon |
49 |
alan.mckinnon@×××××.com |