Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet?

[Dale <rdalek1967@gmail.com>]

Alan McKinnon wrote:
> On 02/06/2014 11:48, Dale wrote:
>
>> I admit, I have never used encryption like this before.  I am assuming
>> that if I logout of my GUI, then it is encrypted at that point?  Once I
>> log back in, it decrypts it again?  Am I at least close? 
> All disk encryption works to this general plan:
>
> You log in (or boot up), the system asks for a password/key or whatever,
> then unlocks the encryption used. Reads for the disk are decrypted on
> the fly, writes are encrypted on the fly. What is on disk is always in
> an encrypted state.
>
> Safety depends on how you set it up - if you use full disk encryption
> then you must unlock it at boot time. The disk is still readable until
> you power off or reboot.
>
> If you encrypt your home directory then you unlock it when you log in so
> logging out of your DE safely locks things again.
>
> You most likely want the second option, the odds that you have a valid
> need to protect /usr and /opt are not good. As a regular user out there,
> the stuff you want to protect is in /home (or you could easily move it
> to /home). You'd also want to encrypt /tmp and swap as your running apps
> often write secret stuff there (like ssh and gpg sockets) - that is
> really just an extension of why you want to encrpyt /home itself
>

The second option does sound what I am looking for.  Basically, if I log
out but leave my computer on, leave home, some crook/NSA type breaks in
and tries to access something or steals my whole puter, they would just
get garbage for data.  That seems to fit the second option best. 

I'll have to get me a new hard drive first tho.  I'm going to try and
get a 4TB drive at some point and use the current 3TB drive for backups,
encrypted to I hope. 

Thanks for the info.  Water is not quite so muddy. 

Dale

:-)  :-) 

-- 
I am only responsible for what I said ... Not for what you understood or how you interpreted my words!