I agree...you have to be aware of the level of encryption and where it kicks in.
I have been opting for home drive encryption on my laptops. If the device gets stolen then they don't have access to my personal info. Encryption is definitely good any time someone can have physical access to the machine. Cheers! ~Neil B. On Tue, Dec 21, 2010 at 12:13 PM, Shawn <[email protected]> wrote: > The last time I tried this was with 9.04 (I think, maybe it was 8.10). It > sounds like there are some differences now. > > I had reason to do a full reinstall recently as well. I went with Kubuntu > 10.10 and opted to encrypt the full drive. So I have to enter a (really > long!) pass phrase when I boot the computer, and then enter my user > credentials. All works fine, and I'm in the same boat as you - I'd rather > not mess with something that is doing the job I'm expecting it to. > > I see one large flaw with the encryption - either full disk, or home > directory only. If you are logged in to the box, the encryption is > useless/meaningless. It does matter once you log out or cycle the power > though, and that is the goal. But you have to understand this subtlety so > that you make use of the encryption properly. To be even more secure, one > should make use of encrypted files (via TruCrypt maybe) and encrypt all > network traffic possible (https, or TOR). > > My thoughts. > > Shawn > > > On 10-12-20 10:09 PM, John Jardine wrote: > >> Hi, >> >> I lost a drive today and that prompted a new install. I chose Ubuntu >> 10.10 x64 Desktop to check it out. >> >> I configured it to have an encrypted home directory - not full disk >> encryption. >> >> I can reboot this machine and then ssh to it successfully. This is >> counter to your experience. I can't explain what or why this is >> different though. >> >> I have not bothered to check the directory by booting from another disk >> and checking it out - I'll leave that for the paranoid:) >> >> I did pickup on one part of the install when it gave instructions on >> access without logging in. I was asked to configure a secure passphrase >> to use to manually access my home directory. It said to use a tool >> 'ecryptfs-unwrap-passphrase'. >> >> I haven't messed with it yet - everything is still at the stage where >> "it just works" so I'm loath to fix that:) >> >> Cheers, >> J.J. >> >> >> On Sun, 2010-12-05 at 21:59 -0700, shawn wrote: >> >>> I tried the encrypted home directory and ran into problems with SSH to >>> that box via ssh keys. Which makes sense - the keys are encrypted and >>> can't be read until you login. But you can't login without the keys... >>> Guess it would make sense for a desktop that will be unlikely to be >>> connected TO via ssh. Either that or I missed a step somewhere. >>> >>> I'm running Kubuntu 10.10 now with an encrypted drive. The install >>> process was pretty straight forward and everything is working as >>> expected (with a new *buntu install - sound issues, data migration, >>> etc.) I still want to encrypt a drive manually from the command line >>> just to learn the details, but the docs I've seen are old (2007ish or >>> earlier) and make a lot of assumptions about base knowledge making the >>> docs difficult to read. >>> >>> Shawn >>> >>> On 10-12-05 04:42 PM, Gustin Johnson wrote: >>> >>>> On Thu, Dec 2, 2010 at 11:12 PM, Shawn<[email protected]> wrote: >>>> >>>>> I'm looking for any decent links/how-to's for full disk encryption. >>>>> >>>> For truecrypt >>>> http://www.truecrypt.org/docs/ >>>> >>>> Truecrypt also has an option for a secret hidden OS >>>> >>>> On Ubuntu you can do it at install if you use the alternate install >>>> CD. I used this a couple of times and it worked well. The encrypted >>>> home directory is what I use now. The one issue is that if you have a >>>> slight issue with your hard drive, and I mean slight, all the data is >>>> pretty much toast. It does not even have to be a bad disk, just a >>>> wrong bit flipped at the wrong time which happens more than you think >>>> on modern hard drives. If done right data recovery is not possible. >>>> >>> >>> >>> _______________________________________________ >>> clug-talk mailing list >>> [email protected] >>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>> **Please remove these lines when replying >>> >> >> >> >> _______________________________________________ >> clug-talk mailing list >> [email protected] >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> **Please remove these lines when replying >> > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying >
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
