From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8FA2B1381FA for ; Mon, 2 Jun 2014 10:27:51 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 26FCDE0AA3; Mon, 2 Jun 2014 10:27:47 +0000 (UTC) Received: from mail-yk0-f173.google.com (mail-yk0-f173.google.com [209.85.160.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 16AA8E0A99 for ; Mon, 2 Jun 2014 10:27:45 +0000 (UTC) Received: by mail-yk0-f173.google.com with SMTP id 142so3443278ykq.18 for ; Mon, 02 Jun 2014 03:27:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=ZAJpxCtQLwCcTGqV5N6CrdLaVyCCqV378hc3ODXgj6g=; b=xy/YNuvyqU5u8Z0o8NjuOxfqjmYqe0R8DBRLEiccYGzUWtgsou6q/xLDEIK+cejvMQ 9errkdFZIFARWC8ONIKsgzN+7j7Dlb8/Os4FBc4VeK40vQwsH7e1NsHuipS2p3j153SS PpTOGxysecxkkCsjyIK9Yn4UUO8JpL6OD1/ZmTSdWT+k1e1dlkaJTo6wzZjYskzJ2Vsf G74dFrXuivZJWWgNXZ/ulHUylYHm3U5GudpclTUqCs5nr0FkI8UeWZL38vHBT3MrhHm3 hCcr/+EivYsyD+fKaJj9tqQWbO00AN+YHSJHgyPYTa0yMEc3MypMzn/n+wW9/gSFo+0+ q9cw== X-Received: by 10.236.7.200 with SMTP id 48mr50222926yhp.43.1401704865272; Mon, 02 Jun 2014 03:27:45 -0700 (PDT) Received: from [192.168.2.5] (adsl-98-95-147-33.jan.bellsouth.net. [98.95.147.33]) by mx.google.com with ESMTPSA id y3sm19771652yhd.28.2014.06.02.03.27.44 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Jun 2014 03:27:44 -0700 (PDT) Message-ID: <538C51A0.8050903@gmail.com> Date: Mon, 02 Jun 2014 05:27:44 -0500 From: Dale User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet? References: <538B1D0A.9070405@libertytrek.org> <538B66A1.6070106@googlemail.com> <538C344E.6050809@gmail.com> <538C42D3.6050205@googlemail.com> <20140602103422.39856e78@hactar.digimed.co.uk> <538C485F.5070901@gmail.com> <538C4C9A.5080107@gmail.com> In-Reply-To: <538C4C9A.5080107@gmail.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: a600f906-c072-4d93-a8a4-e8da061d0cc9 X-Archives-Hash: 7c264b16efb1bbc96dbd84ae4bd21162 Alan McKinnon wrote: > On 02/06/2014 11:48, Dale wrote: > >> I admit, I have never used encryption like this before. I am assuming >> that if I logout of my GUI, then it is encrypted at that point? Once I >> log back in, it decrypts it again? Am I at least close? > All disk encryption works to this general plan: > > You log in (or boot up), the system asks for a password/key or whatever, > then unlocks the encryption used. Reads for the disk are decrypted on > the fly, writes are encrypted on the fly. What is on disk is always in > an encrypted state. > > Safety depends on how you set it up - if you use full disk encryption > then you must unlock it at boot time. The disk is still readable until > you power off or reboot. > > If you encrypt your home directory then you unlock it when you log in so > logging out of your DE safely locks things again. > > You most likely want the second option, the odds that you have a valid > need to protect /usr and /opt are not good. As a regular user out there, > the stuff you want to protect is in /home (or you could easily move it > to /home). You'd also want to encrypt /tmp and swap as your running apps > often write secret stuff there (like ssh and gpg sockets) - that is > really just an extension of why you want to encrpyt /home itself > The second option does sound what I am looking for. Basically, if I log out but leave my computer on, leave home, some crook/NSA type breaks in and tries to access something or steals my whole puter, they would just get garbage for data. That seems to fit the second option best. I'll have to get me a new hard drive first tho. I'm going to try and get a 4TB drive at some point and use the current 3TB drive for backups, encrypted to I hope. Thanks for the info. Water is not quite so muddy. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!