Gentoo Archives: gentoo-user

From: Alan McKinnon <alan.mckinnon@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet?
Date: Mon, 02 Jun 2014 10:07:13
Message-Id: 538C4C9A.5080107@gmail.com
In Reply to: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet? by Dale
1 On 02/06/2014 11:48, Dale wrote:
2 > Neil Bothwick wrote:
3 >> On Mon, 02 Jun 2014 11:24:35 +0200, Volker Armin Hemmann wrote:
4 >>
5 >>>> I'm considering encrypting my home partition one of these days.
6 >>> why? if you are hacked, they just read what you are reading. Encryption
7 >>> does not help you there at all.
8 >> It helps if your computer is stolen. This is more, but not only, relevant
9 >> to laptops.
10 >>
11 >>
12 >
13 > I admit, I have never used encryption like this before. I am assuming
14 > that if I logout of my GUI, then it is encrypted at that point? Once I
15 > log back in, it decrypts it again? Am I at least close?
16
17 All disk encryption works to this general plan:
18
19 You log in (or boot up), the system asks for a password/key or whatever,
20 then unlocks the encryption used. Reads for the disk are decrypted on
21 the fly, writes are encrypted on the fly. What is on disk is always in
22 an encrypted state.
23
24 Safety depends on how you set it up - if you use full disk encryption
25 then you must unlock it at boot time. The disk is still readable until
26 you power off or reboot.
27
28 If you encrypt your home directory then you unlock it when you log in so
29 logging out of your DE safely locks things again.
30
31 You most likely want the second option, the odds that you have a valid
32 need to protect /usr and /opt are not good. As a regular user out there,
33 the stuff you want to protect is in /home (or you could easily move it
34 to /home). You'd also want to encrypt /tmp and swap as your running apps
35 often write secret stuff there (like ssh and gpg sockets) - that is
36 really just an extension of why you want to encrpyt /home itself
37
38
39 > I do have a desktop system. No lappy, yet anyway. Maybe one of these days.
40 >
41 > Dale
42 >
43 > :-) :-)
44 >
45
46
47 --
48 Alan McKinnon
49 alan.mckinnon@×××××.com

Replies