Announcement

Collapse
No announcement yet.

encrypted personal data

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    encrypted personal data

    I have been tempted many times to encrypt my personal data but have not. I am looking for opinions from experienced people on whether you regret doing it or not[sic]. some questions thoughts:

    1) is there a noticeably performance hit from encrypting/decrypting? What about a large drive...say 500GB?
    2) what happens with a hardware failure (other than the drive itself)? how hard is it to get the data from the encrypted drive in another machine?
    3) I leave my home directory under root and symlink all my data into it (some symlinks from encrypted drive and some not). Does that matter?
    4) When does the encryption/decryption take place? at mount /umount? or on access/write?
    5) is the drive encrypted by, partition or the file system? can encryption be setup in parted or mkfs?
    6) how does encryption affect fstab?
    7) (what every post should end with) why don't I just use google.

    I am not worried about me and my ability to keep a password, I am worried about implementation and recovery. Maybe I just need a therapist to tell me it is going to be all right?
    FKA: tanderson

    #2
    Re: encrypted personal data

    Personally, unless you have an absolute reason to encrypt your users /home partition (yes, I said partition, as it is highly desireable to set up a separate /home partition as opposed to just installing /home within the root partition), I would not do so. But, that's just me.
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      Re: encrypted personal data

      I would prefer to encrypt files, it is easy and secure. It can be done for example using user actions in Krusader.
      Kubuntu 16.04 on two computers and Kubuntu 17.04 on DELL Latitude 13

      Comment


        #4
        Re: encrypted personal data

        I don't encrypt entire filesystems because I don't want to be locked out of my data if the OS fails. I may start doing it in the future though.

        I do use KeePassX to store sensitive data.

        For encrypting single files with a passphrase there are gnupg and ccrypt.

        For one time encryption of file groups and folders you can use Info-ZIP, 7-Zip, or other archiving tools to create password protected archives, but these use notoriously weak encryption. It would be better to collect your files into a plain .zip or .tar archive and then encrypt that archive with gpg.

        HTH
        Welcome newbies!
        Verify the ISO
        Kubuntu's documentation

        Comment


          #5
          Re: encrypted personal data

          Hi
          mention was made of encrypting files in Krusader, and there are others that allow one to encrypt files with a right mouse click, Konqueror is one.

          I, personally, would probably want to encrypt only files as per Telengard, if the OS goes down one can still get at the files with Knoppix or something.

          However, in say, Nautilus, where there is not "direct" method of encrypting files, such as a folder, by right click, one can set permissions to only you. That would imply that you have some kind of public folder but even though others can see it. Placing the files in a folder which only has you for permissions will hide them from the eyes of others you are the only one who can access them when you are logged in.

          As a reverse way of looking at Konqueror, if one runs it as kdesu then one has root access to files and can change things that need root access.

          Konqueror has many advantages.

          woodsmoke

          Comment


            #6
            Re: encrypted personal data

            Originally posted by Telengard
            For encrypting single files with a passphrase there are gnupg and ccrypt.
            After installing kgpg from repository you can enter password in a small window after doubleclick to decrypt gpg type file in Dolphin, Konqueror or Krusader or during encrypting file with this right click user action in Krusader:
            Code:
            gpg -c --cipher-algo AES256 %aCurrent%
            Kubuntu 16.04 on two computers and Kubuntu 17.04 on DELL Latitude 13

            Comment


              #7
              Re: encrypted personal data

              You might also want to look into encfs (it's in the repositories). I do keep the home partition as part of the OS, because I run several OS's, and they definitely do not like having their configuration files shared. But my personal data itself (documents, pictures, etc) I keep on a separate partition, and I use encfs to encrypt it. Nowadays, encfs uses a key system that is accessible to different OS's, and different version of OS's, so it works out well.
              We only have to look at ourselves to see how intelligent life might develop into something we wouldn't want to meet. -- Stephen Hawking

              Comment


                #8
                Re: encrypted personal data

                @doctordruidphd

                thanks.
                FKA: tanderson

                Comment


                  #9
                  Re: encrypted personal data

                  I am with Snowhog on this one, on my personal laptop.

                  My account password will keep all but the expert Linux user out, i.e...., the one who gains personal possession of my laptop and who knows how to force Grub to show the menu, then to choose the recovery option as root, and then run "passwd accountname" to change it or remove it, thus enabling them to log into my account. To keep that person out a password on the BIOS and the boot up process would also be necessary.

                  The only thing I'd want to keep secret on this box is my KMyMoney file and the file containing the names and passwords of my accounts at various Internet websites. I keep several backups of them in case or my system gets damaged or stolen. If stolen I'd be at my bank to change my account and password info ASAP, and I'd be changing the passwords at this and the other sites I log on to. Everything else on this box can be restored on a new box in minutes from backup media.

                  When I was working and using the laptop the state of NE gave me, it came with security software and passwords pre-installed by the IT administrators. Using passwords wasn't up to me and they renewed them as often as they wanted and gave me the new password by note in my hand. I usually found out about the new password when my old one suddenly stopped working. I was amazed at how many employees wrote their passwords on stickynotes which that stuck on their monitor, their cubical wall, or even their keyboard, or all three!!!.
                  "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                  – John F. Kennedy, February 26, 1962.

                  Comment


                    #10
                    I just use Truecrypt and mount it as a 2GB disk. No noticeable performance hit moving files into or out of it or operating programs installed in the Truecrypt partition. I copy the file to a USB key and use it as secured transport between all my various machines. The only issue is with Kontact since I have my contacts and calendar stored in the TC partition. I just mount TC and then go into Akonadi and "modify" the address book and calendar to the now mounted TC volume and Kontact does its thing.

                    Comment

                    Working...
                    X