From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E0C931381FA for ; Wed, 4 Jun 2014 19:59:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 62E91E094E; Wed, 4 Jun 2014 19:59:20 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2292CE0922 for ; Wed, 4 Jun 2014 19:59:19 +0000 (UTC) Received: from localhost ([141.24.110.138]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0Lxt3Q-1WmngH2QVQ-015IdV for ; Wed, 04 Jun 2014 21:59:17 +0200 Date: Wed, 4 Jun 2014 21:59:18 +0200 From: Frank Steinmetzger To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet? Message-ID: <20140604195917.GA18027@asp> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <538B1D0A.9070405@libertytrek.org> <538B66A1.6070106@googlemail.com> <538C344E.6050809@gmail.com> <538C42D3.6050205@googlemail.com> <20140602103422.39856e78@hactar.digimed.co.uk> <538C485F.5070901@gmail.com> <538C4C9A.5080107@gmail.com> <20140602115452.55741f86@hactar.digimed.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1" Content-Disposition: inline In-Reply-To: <20140602115452.55741f86@hactar.digimed.co.uk> User-Agent: Mutt 1.5.22 (2013-10-16, Gentoo 1.5.22-r3) X-Provags-ID: V03:K0:UnA9tgpeJtgIIp4bVI39VS9jkRy7sZhAx1vKBE6PJo+djiqcVbZ 7NNL32fzxDq/UGPfc8WR8NRI6Vu/vLQkQAY2cXOjxq7vIub2CnpPdbbYK8wxmBoChXcfmfL W8F9tI1MN02SeRnJfABbTnUyh6OGbfPDQbmZr16TGOC/FXI0sv0oEOPSqAWmf9iMNYS34vk QePuWu8VzIa0yGpX76v6g== X-Archives-Salt: 6e225d53-8c2e-4621-a670-b9a44508c06d X-Archives-Hash: 8cc15372eda994db2a373cffa5bb6400 --n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 02, 2014 at 11:54:52AM +0100, Neil Bothwick wrote: > On Mon, 02 Jun 2014 12:06:18 +0200, Alan McKinnon wrote: > > > If you encrypt your home directory then you unlock it when you log in so > > logging out of your DE safely locks things again. I encrypt my home partition with LUKS and enter a passphrase during boot. But I always wanted to get decryption upon login running, especially because it would require me to enter one less password. But haven=E2=80=99t gotten around to that yet. > > You most likely want the second option, the odds that you have a valid > > need to protect /usr and /opt are not good. As a regular user out there, > > the stuff you want to protect is in /home (or you could easily move it > > to /home). > > With one notable exception. There is sometimes sensitive information > in /etc, like wireless passwords. For that reason I put this stuff into /home/etc/$hostname/ (I back up my machines=E2=80=99 /etc on all other machines, also to have a reference if I= need to know =E2=80=9CHow did I do this on $other_host?=E2=80=9D). And then I sy= mlink to that from the real location, i.e.: $ ls -ld /etc/wpa_supplicant lrwxrwxrwx 1 root root 29 28. M=C3=A4r 21:02 /etc/wpa_supplicant -> /home/e= tc/hostname/wpa_supplicant/ Cryptsetup comes early enough in the boot process for this to work (both with OpenRC and systemd). -- Gru=C3=9F | Greetings | Qapla=E2=80=99 Please do not share anything from, with or about me on any social network. I just took an IQ test. The results were negative. --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCgAGBQJTj3qUAAoJEIsxvrVA1DDK0/kQAMrD7zPMlMosH2/sOtZXmQPL tt/9vSnxrEgYHsyW4AjMiqS+QN3xi+gmmBZe0pjOA8b0zJNRFb3tT4jiG4yX/Xkc E8Fp3UPVBKOZrMRw88ONvNnUa3QHcQ9OMFBOdGNDIh/P1gz7o8ZREsrJj6J2jJ8d 0+vQ7L99pxgBAhZKbqXjV7IBY1/rhQL0ij50DNaSoT6lN1H85kiminPvlbV4WqwC KUj6w4F/Bus4Kzkidmvc4hNqDrYeIqjb60rWhUt04YGSyz06MEpq8rpHDlz077kB Jhis//nUMtMsnMjTArB6a1irLRmkWIxDaSIt8bq5oz2IK3mlw7JKreeXiD3iDbBZ GxZ9j9BvCB6HraNdU/WyC7PpIyeVx8FNUqDP0kATF/JsLQiHz0k13EJriTWr7GOk 2VswU++FC7GNmLx7KIYgNPzDSsBAcLMmJoBAsbCZJ90b1utv6NeEnLubRHit3gE0 3WpPfj6j++DvnzR7dSdyDadhvgPORTHk0EQ/ptI4zNZ/1Hi8wq9xIje+8GBVKl3D U+jzD47v8GrcBrXO0ST4QsFS1lyEAMRPmNpUbCx5GpeBRL+Pkh9OaLrSW/YqPPYG i0vPuJKcbUqGRPD33kEMLeSDXimYx661hm8R/3try5Z8x/iz+VxWUWBw2wR1QYVV LxZR1cjELOJpt6sSKgk+ =bwG7 -----END PGP SIGNATURE----- --n8g4imXOkfNTN/H1--