On Monday, December 10, 2018 12:46:07 AM CET Dale wrote: > Howdy, > > As some may know, I'm making some changes and upgrades to my puter. One > thing I'm considering, encryption of a select directory/mount point/file > system. One thought I have, create a mount point named say "Encrypted" > and put anything I don't want widely seen or hacked in that directory. > That would likely be on it's own partition or LVM setup. I would likely > keep other things open. Example, I may have /home on a partition of > it's own but then have the encrypted directory mounted on > /home/dale/Desktop/Encrypted. I could even let that be my Documents > directory as well. I'm not to worried about browser history etc. Plus, > I could log into KDE and not have to access the encrypted stuff if it is > not needed. I don't need encryption to check the weather. lol > > How I do that isn't a big deal really. My main question is this. If I > go to the trouble of doing this, would I be *really* protected? Is > there a easily used encryption tool that isn't easily hacked? Also, > when I login, I'd like to be able to type in password etc and it be > available from that point on, unless I do something to lock it up > again. Reason, I may even put some of my videos on that. I watch TV > from that a lot. > > Also, how hard would it be to do the same to my backups, since having a > open set of backups would render the encrypted part just available > elsewhere? > > While I get some of how encryption works, I don't keep up with it on a > weekly or even monthly basis. I just see the occasional articles on > it. I'd rather ask and get input from someone who uses and/or is more > familiar with this. In other words, if it is worthless and someone > knows it is, then let me know. If one tool is better/easier/etc than > another, I'd like to know that as well.
I have not read the full thread, but missed mention of a few things, so here is my take on the whole thing: - Full disk encryption is only necessary if the machine runs the risk of being stolen. (physical access) - Encryption will not protect against remote hacks as the OS can access the files when the storage is decrypted - When using encryption, ensure swap is encrypted as well as there is always a risk the encryption keys can be stored on swap Personally, I don't encrypt my desktop as the physical security of my house is adequate. My laptop uses full disk encryption, only the boot-partition is not encrypted. The decryption key is password-encrypted and stored inside the kernel image. For clarity, my disk layout on laptop is as follows: physical disk - partition - LUKS-encryption - LVM - ..... (The rest is the same as what you have) -- Joost
