On 02/06/2014 11:48, Dale wrote: > Neil Bothwick wrote: >> On Mon, 02 Jun 2014 11:24:35 +0200, Volker Armin Hemmann wrote: >> >>>> I'm considering encrypting my home partition one of these days. >>> why? if you are hacked, they just read what you are reading. Encryption >>> does not help you there at all. >> It helps if your computer is stolen. This is more, but not only, relevant >> to laptops. >> >> > > I admit, I have never used encryption like this before. I am assuming > that if I logout of my GUI, then it is encrypted at that point? Once I > log back in, it decrypts it again? Am I at least close?
All disk encryption works to this general plan: You log in (or boot up), the system asks for a password/key or whatever, then unlocks the encryption used. Reads for the disk are decrypted on the fly, writes are encrypted on the fly. What is on disk is always in an encrypted state. Safety depends on how you set it up - if you use full disk encryption then you must unlock it at boot time. The disk is still readable until you power off or reboot. If you encrypt your home directory then you unlock it when you log in so logging out of your DE safely locks things again. You most likely want the second option, the odds that you have a valid need to protect /usr and /opt are not good. As a regular user out there, the stuff you want to protect is in /home (or you could easily move it to /home). You'd also want to encrypt /tmp and swap as your running apps often write secret stuff there (like ssh and gpg sockets) - that is really just an extension of why you want to encrpyt /home itself > I do have a desktop system. No lappy, yet anyway. Maybe one of these days. > > Dale > > :-) :-) > -- Alan McKinnon [email protected]
