From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C4436138359 for ; Mon, 6 Jul 2020 06:37:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 82EFAE089C; Mon, 6 Jul 2020 06:37:22 +0000 (UTC) Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id EC6D3E0894 for ; Mon, 6 Jul 2020 06:37:21 +0000 (UTC) Received: by mail-qk1-x733.google.com with SMTP id r22so33819611qke.13 for ; Sun, 05 Jul 2020 23:37:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=eIF29HY42I5UZowRBZCQItOYPtHCyVKqDFwRVUATqNw=; b=FpiDkEbQjT7H4rZ8H+9khWbp6dKauoOf5JTjis7VXSdustCtFR6IDXiaLk743Gr9UC MI2UHyn2YnX99XvvL7vjU7+Ht30fp+Mls6W9d7bv4W8cFKCtm4ETWOviuk3YaGWK/eJL vwu+zHrKI4P5zkOH7SYC3FkYz9uUZvp0UgEpIJ+hYt5RNpsrQKnHcI2fVioJYtbI7Sgc KsqVmUsw4y8R+17coBg9sggp0YFlEPsBKD4vQGSza4ImdyDvWqkJKlC14CMH1COIkAsa 65Jcd6Lxv+QXt3cPZ39T7fldWwwygusUrpxq4qPNgGM/Fho5XqGKn31ypqWQwCTOgfXr cIQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=eIF29HY42I5UZowRBZCQItOYPtHCyVKqDFwRVUATqNw=; b=GDkXWXHWYfYuq7c/8/LK8djOr9KWuV07CjMFowWDwdQw8Y/MKG+FHN9gTiBdgU93Ta U52atHuPXBqLcwwdM+KgzzWlJtJ0gpUZ8zecnyX0gS0S0wxS+xy+gf5hzDMLxIB7iPcm 63bue3jriktlTGZZPEtgqec9/Sqkb/yjFk359wINJ2GNOYLpmXnE0Mb9kwxvzJ2zUONj NVzMRmg+37Gh5XkMpQX68XcKCb5cUI2Sw+oHFMV322WpQyOMntz3NpFjJETVLYj8zOBa X8ouiexXBjT32uxmRFpbqIhECWNjRHY8VS5EtEkhKJN3LeXQw9/+p2/G8sBU5MF5ZSm2 RpOg== X-Gm-Message-State: AOAM5309s3ic48Jl3ktCEb7ML3K4ajNpwCBi4UZ719gvvFKgEyh77yAz pIFBZtoZXqSc0ZLMLZVS3aHTSCv4 X-Google-Smtp-Source: ABdhPJxEV35tP6U7y7lLRQ/6VEFlP2zg/eMG6dV/Igo77zRZQUvAMreozjfZFwciipLP0A3lDC/mrg== X-Received: by 2002:a37:4249:: with SMTP id p70mr32358369qka.496.1594017441111; Sun, 05 Jul 2020 23:37:21 -0700 (PDT) Received: from [192.168.0.100] (adsl-074-188-244-087.sip.asm.bellsouth.net. [74.188.244.87]) by smtp.gmail.com with ESMTPSA id p63sm18909163qkc.80.2020.07.05.23.37.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 05 Jul 2020 23:37:20 -0700 (PDT) Subject: Re: [gentoo-user] Encrypted drive setup at login and locking on logout. To: gentoo-user@lists.gentoo.org References: From: Dale Openpgp: preference=signencrypt Autocrypt: addr=rdalek1967@gmail.com; prefer-encrypt=mutual; keydata= mQINBFxc7MgBEAC+zrgEdqJJiDe/UDAB+ScmferXWfJTVjbVT2T4DQ7jiLrgP9aNUo1HioNF mrU3JPOCR32gvZyTbY1+niO5+VSo/+pSqQ785h6ZDj1klMkrg6tEzGnf2MNBpBj4houZwxQ+ WDKKTg2M9F+lv8wTIdR/JQn+hSviktLMtrghQlyLhpapsLXWLA6gMFebpQYwxUwemvan8ddX lQvJe9FGyFYvBi0dp1gl10F2O+DVZJxvX8xkX+yImVlhVJiC31gXHRcj+Qlo7gprlU7TIieF Uow6/ZvYKJ26pztVdFCg5w0rMJkF/x8Zd4A6wnuptiAPmWaQ1+YKgYDonbDUgwqFSx5/lN5z DGZ4LlioxeUTTPVvZsqBIeDz6jNFA583OYbo1/S26dqrvTFf2DKlsvoDpVfAhNlwJPjoixs0 X3FNqPv+M10n4kq5Iz7Q9E3O4s/nfFIYGocEslVka7zZPkXSaHbsn+KJlY8XV6qxtCEdh0/V XX1+1aU2J74M0JikWhpwxTZ1dP5aOyWSPPEgFFIRW6xwwC02SoRH9a7mggfGYp/YjPlONNaT SCL8sgRfvmq3D0XTbLyTjSbExxkfKDmbePQagawDE3TlI/oivHf1JaAcbwMb3LZuU4TGcOIl 5D+x7q0MUIeCop0ZFOwAnqW3AVVNvsBkv2KN+IHJryWAf0/iMQARAQABtBtEYWxlIDxyZGFs ZWsxOTY3QGdtYWlsLmNvbT6JAk4EEwEIADgWIQTZ7suruPBaS60bCYXvEM/XWu+ZnAUCXFzs yAIbIwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDvEM/XWu+ZnN+7D/4/1dNG4aCz0+v+ 0dcjV5tY1feYEWCdHKyDzxWBxlCpd/0NPRQeNY4VMjbCl/sq7GkXi/c2SbfWDQ5BQRkkExG1 pSwuXSIehGok/4fpTi3HDAguRvzdCqlKPt7me05FyiC/WnpY5GOlJ3ruGw2qABv/RmV2q5b/ tkq7h1y1f16DTNr3/nsj8HzHcrHdXdL4kaYChSOe/dbQR9Stqak7eMyR+iwvrJMNF/CGl70P 2x5ybsXMDzRVOqNcpa5ZdhEMTVh6+vC1SOmm1BFMF8XCqBEvBbcHWDQmGYTdNCsS/ADm8CBl gvjJgLdIsAzoMu4WHQDFnzXAoArqFWgAf53isOS4AWrv29tF9b8Aa1vb7h5JEa+ArcMsA6Gl X38+GY6WXXaxKI9n3PTCWu9tPGnRh7mABjnwEosDDqmzw8aTAYECb3avDuGY2rmcjgh4H6RE w08d63j1T4d5J9wlm4TGtW/VHgbUFkATEdH3Acl/EjFiyqTiX7p8kU6Reu5enIkogA93xoQh Rmy7ZiST/5LN+ZkaOdyjIw0L+5KalslN9SKt809YxgJ6kPo657LNTFPiFvFA46/SEWcBYrzq Xk0wEW0gBRWf+BqN0qRhU0/EQ+QfRdLLFg2xtUePwlheYLXxfyDLrdCCOLWYpkzbjCZHLS4u 69smbvR9S9KBDNzJybxEWrkCDQRcXOzIARAA5IGRWTqaM44IJgBYghZg2fGj0Am7KWPhE7V7 T/EEe7vVSUEFqHtlHzI4ZK6Q0AZ9uAEjE8IJIQ7KoTjzNqAtabP0vp3s0szgtJlsZ+8vGKlQ my7fvzSrdoQL0Xn7CEwJYFXJ1EMUcYIQeoHG1cUAaXx73k9BFbjwjnUeMrqlV/ZovQlg7duW nESfQ7HZu5NrtYyY3jPMUouxiO9WQPh+IHxZbt1absF2VcvRAymD32RxGvMPbw6ChMRD/p9O 4PH7M5rXaxr78NXQX9E48vrI00f1cYb9NSN1HnSV8cW3jKObVjdBk6jPQwrMvdpgdQhUB9aZ HS/9mC9mmAgiXKyCpzXe7FPB6QznSfn4GIaC/luy1e6SLUkJhRK/niB+gq+Mfxg2zXNuDUTI cMGmpDCp3kgUoorkaltk8RW09io95BkXrGhcDNuSGZfAParBc7RXyYpbIcax8St7tEAd2oFh 4seYOPUlzuhGrPpqR/91wrFc4E1260GKauSr4UhMJv6tygBwyC0mmBMKi+ZXw6ZdZxA5fg7y 35P3TILjznCXXTDgRHq9A3NknKRMcgFacX6eIhANkMFo6oJVjuEgy1dvu1wFfDq7c+i8GAHu L4pYzyXYu6PporlNNU0xSwdVgzM/uuK0lt+UxCimgC+YR3IezgDcbfudb7h9dGIwL+bbPL0A EQEAAYkCNgQYAQgAIBYhBNnuy6u48FpLrRsJhe8Qz9da75mcBQJcXOzIAhsMAAoJEO8Qz9da 75mcXZ4P/1YXgWDZek7mhzrf6uaQzMxa92P89HeWz4PlgB/32symeEFAV04WazzBZffI8AYY rGA1Xmu/2VaB9+FOODyKhUWBc2UL0NRWBk6POwboyTdKlclmpixaN9zLcBt0YLejoRfN1B/5 aQf9/lUDZMnAiCyz0FgeqEMUshldmwWC35RqnjrCbbuk2vIqSH6BLDIXU6jQrLHE1DF0ai41 wLtQFAFXPhn45n0ZwYhVs4Z32z4sjXrIvgBgCaXa4HM+L1Klne0KiNM8ReFTTpTE0SgyDOSZ O3MOa2n77i6JbVtsbiFYnNeP3J9S/l3jevGpZEtNQOKrIm1MW8jGuHWtsDeMkT/mCcSodlkt PxIo+mMK9GpGvG2hW80LiohqNfUbNwAmr3blOYY4URPXPRnEnPs4pmTmL5owjw2dkg145i9I D42Tq+XZ6YtWt3SGzGbAYow6XwTwZ5NFAzV9UQuCGrDw4KWan6O6Z+VIYWsn0UMZlu1Obxna aocofkaUCbISK26kImuD1aA8juSHC18Qv1xUage6/UakbSxyDtACqt6hOVFKX3IA59ApdNRT +2x3iCmlvF9MJsGgFq6IpqL+Fk7iWV8Kjbz0wQOId6N9+JdQh3LrLaS7a1PowUm1z9DK5/O0 Yg+gpDnEOOFI7WM5u7a7FSM2Z/LXGVwel/0eWvLk9tN6 Message-ID: Date: Mon, 6 Jul 2020 01:37:19 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------B5EF800E189C94CAE9F7A253" X-Archives-Salt: a68b4bd5-a835-4f97-bd3d-dfb608072e38 X-Archives-Hash: ef185805d54e0c55b31445d0dc9a7ef4 This is a multi-part message in MIME format. --------------B5EF800E189C94CAE9F7A253 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit William Kenworthy wrote: > Hi Dale, I looked at Veracrypt and ran into the fact that it on windows > Veracrypt MUST be installed by an administrator which is a blocker for > using USB keys on computers I don't control (such as transporting files > securely between locations - i.e., where there is potential to lose the > usb key): > > see > https://www.veracrypt.fr/en/Using%20VeraCrypt%20Without%20Administrator%20Privileges.html > > BillK > Does that mean that on windoze a person can open a encryted USB stick without a password?  From what I read, it sounds like it doesn't put the stick at risk, as long as you are not using key files or sharing your password by storing it somewhere.  It just means you have to be admin to install Veracrypt but not to access a encrypted USB stick.  From the way it sounds, you insert USB stick, run Veracrypt, enter password, do what you want with the stick, close it and then remove the stick.  Or am I missing something?  I might add, when I use cryptsetup and mount a external drive I use, I do that as root.  Since my password is only in my head, no password, no access root or not, right? I'm new to this encrypted thing.  I'm learning but don't know all of it and may never know all of it.  I figured out the other day that when I select a two part or three part encryption, it actually encrypts the thing twice or three times.  It's like having to pick two or three locks on a door instead of one.  Only they have to be done in order and you don't really have a way to know if you did it right until you figure out the rest.  I bet that drives the NSA and other Govts nuts.  lol  By the way, the USB stick will have instructions about things after I'm buried or whatever.  I plan to keep the USB stick in a safe and share the password with the person that will be taking care of things.  When I'm gone, they can open the USB stick to access files on what to do and such.  Until I'm gone, they won't know what is on the stick or have access to it.  Getting older makes one think about these things.  :/  External drives will have things that when I'm gone, they gone too.  I just wonder how many encryption tools have been cracked that we don't know about.  It's not like they going to tell us or anything. Dale :-)  :-)  --------------B5EF800E189C94CAE9F7A253 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
William Kenworthy wrote:
Hi Dale, I looked at Veracrypt and ran into the fact that it on windows
Veracrypt MUST be installed by an administrator which is a blocker for
using USB keys on computers I don't control (such as transporting files
securely between locations - i.e., where there is potential to lose the
usb key):

see
https://www.veracrypt.fr/en/Using%20VeraCrypt%20Without%20Administrator%20Privileges.html

BillK

Does that mean that on windoze a person can open a encryted USB stick without a password?  From what I read, it sounds like it doesn't put the stick at risk, as long as you are not using key files or sharing your password by storing it somewhere.  It just means you have to be admin to install Veracrypt but not to access a encrypted USB stick.  From the way it sounds, you insert USB stick, run Veracrypt, enter password, do what you want with the stick, close it and then remove the stick.  Or am I missing something? 

I might add, when I use cryptsetup and mount a external drive I use, I do that as root.  Since my password is only in my head, no password, no access root or not, right?

I'm new to this encrypted thing.  I'm learning but don't know all of it and may never know all of it.  I figured out the other day that when I select a two part or three part encryption, it actually encrypts the thing twice or three times.  It's like having to pick two or three locks on a door instead of one.  Only they have to be done in order and you don't really have a way to know if you did it right until you figure out the rest.  I bet that drives the NSA and other Govts nuts.  lol 

By the way, the USB stick will have instructions about things after I'm buried or whatever.  I plan to keep the USB stick in a safe and share the password with the person that will be taking care of things.  When I'm gone, they can open the USB stick to access files on what to do and such.  Until I'm gone, they won't know what is on the stick or have access to it.  Getting older makes one think about these things.  :/  External drives will have things that when I'm gone, they gone too. 

I just wonder how many encryption tools have been cracked that we don't know about.  It's not like they going to tell us or anything.

Dale

:-)  :-) 
--------------B5EF800E189C94CAE9F7A253--