Whats the output of and and ?

28GiB sounds about right for the usable space you get from a 30GB disk

and...

and...

From that I can tell you have two partitions on your physical disk, one for boot (sda1) and one encrypted partition (sda5 logical, on an extended partition sda2)

The encrypted partition looks to be 30.6GB big

It also looks like the encrypted partition is split into a 1GB swap space and the root file system in the rest of the space (device file of the root is /dev/mapper/kubuntu-root which is 29.5GB)


(you also have a 32GB sd card pluged in )


The last one is an encrypted file which contains the contents of your home directory, it is mounted when you login and is most likely the "virtual" disk you talk about. This looks like ecryptfs's work to me.

So it looks like you have LVM on whole disk encryption (this is a standard way of doing whole disk encryption) as well as home directory encryption which is kind of redundant with whole disk encryption.

which totally explains the mysterious "second" partition. Nice piece of detective work James.

Yes, impressive.

Now then, Oznola: may I ask why you feel the need to [strike]run with scissors[/strike] encrypt your partitions? Unless you have business requirements for doing so, I generally advise against it. Disk encryption entails the very real risk of complete data loss: if you somehow misplace the keys, then the data is unrecoverable. I've had to tell countless number of folk "Sorry, can't help you" -- many more, in fact, than I know who benefited from the encryption. Seems that forgetfulness/carelessness is a bigger risk than laptop theft.

I don't know you personally -- you could, in fact, be of supremely fastidious and cautious character, for whom the very concept of misplacement is an unknown notion! If so, then I congratulate you. I'm simply passing on a bit of wisdom gained from over 20 years working in infosec.

This is of course a real concern...one should always have a copy of the key stored in a bank vault (or another secure, off-site location). Encryption can also complicate data recovery from a damaged disk.

Still, encryption is basically the only thing that can protect your data in the case a (laptop) computer is lost or stolen. Most of us have some sensitive information on our disks...and encryption can protect against identity theft using that information, for example.

hi,

to answer questions and concerns posed by SteveRiley and kubicle,,,

i am always looking for ways to improve my personal practice with computers and increase my knowledge of them and the possibilities they offer. my decision to upgrade access control to my personal computer and my home network is in anticipation of a proliferation of wireless devices with mac addresses where they had not existed before such as cameras, tv sets, home audio systems, kitchen appliances, lamps, light bulbs, etc,,,

each of these new appliances will offer an attack surface in our personal environments. with this new paradigm of "internet everything" in mind my first instinct is to make my personal computer as robust as possible. and then gradually expand the scope of my audit and upgrade to all the stuff here in my home.

i direct your attention to this link for consideration in support of my decision.

kubuntu has the the strongest encryption architecture across the system i have ever seen. if i were to design a robust system where access control was a concern? my first attempt would be like the system i presently have deployed on my dell mini.

with respect to lost passwords? i would concede anything can be lost. but because i have a mature password practice? i consider the probability of loosing a critical password very low.


i want to thank james147 for such a wonderful step-by-step walk-through of the puzzling partitions on my kubuntu mini. i shall read through james147 analysis many more times. and indeed copy it for personal reference.

Encryption does not add a layer of security to a running system... it only ensures against stolen data. You currently have two layers of encryption which is over kill and just increases the risk of data loss without any real benefit I would recommend getting rid of one of the layers of encryption to simplify things.

And although all computer systems that are connected to a network can be hacked into, you have to consider is there a real risk of it happening to you? The article you liked to is more focused on businesses with lots of networked printers rather then home users. I doubt that anyone will bother trying to crack a home printer remotely they they do not already own .

You really have to consider the level of risk as well as how much you want to inconvenience your users when creating a security system. A home system is of low priority to most crackers so are not going to go to extremes to target you.

I read the link. Sounds like more fear-mongering BS to me. Unless I figure out how to print money - I just don't picture leagues of devious hackers out there looking to gain unauthorized access to my printers and burn them out or - god forbid - print something. In my experience most people who react to these sorts of perceived threats never take the time to logically consider what the actual level of threat is.

Computer security isn't much different than any other type of security, at least in my world. Nothing will keep someone out that is committed enough and has the resources. You can only slow them down. That doesn't mean you shouldn't employ any security, but the level of security required should be on balance with the level of threat. My $65 Samsung printer doesn't deserve a multitude of encryption techniques and my home network isn't fire-walled at all (internally). If a hacker is in my house, my problems exceed the damage an unprotected network or an un-encrypted home folder will cause.

So I, uh, have some direct experience with "printer hacking." Back when I was doing security consulting work, I was on-site at a customer and they wanted to ask me about a recurring problem unrelated to the project. Every 90 days they'd detect a new kind of malware. Dutifully, the machines would update their signature files and clean themselves. But why every 90 days? I suggested they set up a honeypot, to facilitate investigation. They did, and 90 days after the previous one, something else showed up. We took the honeypot offline and began analysis. The malware was coming from...the printer!

It was one of those zillion-in-one units, you know the kind -- even changes a baby's diapers. Like so many such units, the printer ran Windows XP Embedded, which never gets updated. Like so many such units, it was designed to regularly "fail" every 90 days, and thus require the gentle ministrations of a service technician. Like so many such technicians, he carried a veritable Typhoid Mary of a laptop, containing a whole lot more than just the manufacturer's diagnostic software.

Each time he visited, he attached his laptop to the printer, and whatever malware du jour that lurked there would immediately jump to the printer. Malware doesn't care what shape you are; x86 boxes running Windows and containing hard drives all look the same, even if your primary output is a laser engine rather than a CRT. I suggested that my client send that printer back for something from a different manufacturer.

I'll end this sordid tale with the following small reminder: your bank's ATM probably runs Windows XP. Possibly even Windows 2000 ....... run, my children, ruuuuuuuuuun!

Not as bad as till machines, some of which still run window 3.1 :O

I thought most ATM's were still running OS2.


EDIT: I just got off the wiki page. It seems OS/2 was in the past but most are now windows as Steve said. Seems Brazil has changed it's ATM to linux though.

If I remember correctly, the USS Cole (all US war ships?) use M$ operating systems!

the Ticonderoga (aegis) class cruisers are/were.

there is a famous case of the uss yorktown loosing control of it's propulsion system moored to a dock at long beach.

it was run by m****s**t NT.