-----Original Message----- I think I can handle the next install without LVM. -----Original Message-----
Afaicr LVM is the only option if you want to encrypt your entire disk.
Hw
______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
On 03/04/13 10:56, J.Witvliet@mindef.nl wrote:
I think I can handle the next install without LVM. Afaicr LVM is the only option if you want to encrypt your entire disk.
Hw
Encryption seems like adding necessary complexity to a home computer system? Do I need that?
On 03/04/13 10:56, J.Witvliet@mindef.nl wrote:
I think I can handle the next install without LVM. Afaicr LVM is the only option if you want to encrypt your entire disk.
Hw
Encryption seems like adding UNnecessary complexity to a home computer system? Do I need that? [my spell checker helped ?]
On 04/03/2013 05:28 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
On 03/04/13 10:56, J.Witvliet@mindef.nl wrote:
I think I can handle the next install without LVM. Afaicr LVM is the only option if you want to encrypt your entire disk.
Hw
Encryption seems like adding UNnecessary complexity to a home computer system? Do I need that? [my spell checker helped ?]
That depends. If the box gets stolen and you don't mind that the thief can see all your personal data then don't bother. If you do mind, encrypt your personal data or the entire system. Since it's better to be safe than sorry, I encrypt everything.
Regards, Patrick
Hi!
2013/4/3 Patrick Lists fedora-list@puzzled.xs4all.nl:
That depends. If the box gets stolen and you don't mind that the thief can see all your personal data then don't bother. If you do mind, encrypt your personal data or the entire system. Since it's better to be safe than sorry, I encrypt everything.
I agree with Patrick. I use full system encryption (LUKS) and it is very convenient as you only need to type the password once at boot and then you forget it's there.
Greetings,
-- Jorge Martínez López jorgeml@gmail.com http://www.jorgeml.net
I take my laptop on the road a lot, and I have work stuff on it I don't want the world to see. I don't encrypt the whole disk, but I have an encrypted partitiion, and keep sensitive data on it.
The bottom line is that anybody who can touch your machine can own it, and can own all the personal and private data on it. The only protection against that, other than physical security, is encryption.
billo
On Wed, 3 Apr 2013, Bob Goodwin - Zuni, Virginia, USA wrote:
On 03/04/13 10:56, J.Witvliet@mindef.nl wrote:
I think I can handle the next install without LVM. Afaicr LVM is the only option if you want to encrypt your entire disk.
Hw
Encryption seems like adding UNnecessary complexity to a home computer system? Do I need that? [my spell checker helped ?]
--
box10 Fedora-18 XFCE Linux
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 04/04/2013 08:45 AM, Bill Oliver wrote:
I take my laptop on the road a lot, and I have work stuff on it I don't want the world to see. I don't encrypt the whole disk, but I have an encrypted partitiion, and keep sensitive data on it.
You might also consider keeping it on a flash drive with an ext4 file system, as most people who'd find it wouldn't know how to read it.
Yeah, I tried that, but ran into the issue of having to keep track of all the extra bits of equipment, etc. that I had to travel with. For every extra flash drive, ear bud, phone, pad, network gadget, etc. there's a small finite positive probability that it will get left in a hotel room or banged up bad enough that it won't work. For each one, it's a small probability, but in aggregate, it becomes an issue.
On Thu, 4 Apr 2013, Joe Zeff wrote:
On 04/04/2013 08:45 AM, Bill Oliver wrote:
I take my laptop on the road a lot, and I have work stuff on it I don't want the world to see. I don't encrypt the whole disk, but I have an encrypted partitiion, and keep sensitive data on it.
You might also consider keeping it on a flash drive with an ext4 file system, as most people who'd find it wouldn't know how to read it. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 04/04/2013 10:40 AM, Bill Oliver wrote:
Yeah, I tried that, but ran into the issue of having to keep track of all the extra bits of equipment, etc. that I had to travel with. For every extra flash drive, ear bud, phone, pad, network gadget, etc. there's a small finite positive probability that it will get left in a hotel room or banged up bad enough that it won't work. For each one, it's a small probability, but in aggregate, it becomes an issue.
OK, here's another way to keep it safe: buy a vanity domain and set up a small website. Have a hidden, password protected subdirectory that you can use to stash sensitive material in.
Or, if you really want to be clever, have an extra partition on your hard disk that's not normally mounted. When you need the secure files, mount it at ~/Documents/extra, or something. The really neat thing is that you can have other, innocuous files stored there; you just won't be able to access them when that partition's mounted. (You can even encrypt that one partition if you prefer, but having your whole file system encrypted is just holding up a big, red sign telling everybody that you have something to hide.) If you prefer, of course, reverse this: have that partition normally mounted, containing the dummy files and the souper seekret stuph only available when it's not mounted.
Allegedly, on or about 04 April 2013, Joe Zeff sent:
...[snip a pile of stuff that has nothing to do with real security]... having your whole file system encrypted is just holding up a big, red sign telling everybody that you have something to hide
No, it's just called privacy, something that seems to be sadly lacking in modern society - whether that be unceasing personal questions from governments, or commercial surveyors endlessly polling us about our lives, or social networking WWW services that lull people into blabbing all sorts of personal information out in public... About 15 years ago, anybody asking such personal questions would have been told, quite bluntly, to, "mind your own bloody business."
Just as locking my house isn't about hiding some deadly secret, it's about keeping what's mine, mine, and all the asshats out. Encrypting my data is nothing more than that. And as it becomes easier for ordinary users to securely encrypt drives, it'll become more commonly done. We'll be all the better for it, too.
For what it's worth, in my opinion, encrypting just a part of your drive may give a hint of suspicion, but encrypting the whole drive just looks like sensible security precautions.
Joe Zeff wrote:
On 04/04/2013 08:45 AM, Bill Oliver wrote:
I take my laptop on the road a lot, and I have work stuff on it I don't want the world to see. I don't encrypt the whole disk, but I have an encrypted partitiion, and keep sensitive data on it.
You might also consider keeping it on a flash drive with an ext4 file system, as most people who'd find it wouldn't know how to read it.
As a warning to future readers, this is just bad advice because then the files would be unencrypted on a device that is much easier to lose.
Security through obscurity by itself is not a valid approach. Changing the port that SSH listens on may reduce the number of automated attacks, but it's still important to disallow root logins, use key-based authentication, maintain IP white/blacklists, etc.
Regards,
Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer
On 04/04/2013 10:41 AM, Matthew J. Roth wrote:
As a warning to future readers, this is just bad advice because then the files would be unencrypted on a device that is much easier to lose.
I get the impression that the OP's concern wasn't accidental loss, but theft or otherwise unauthorized access. And, there are lots of ways to carry a flash drive that make them hard to misplace.
Using a Linux-specific file system won't stop anybody from the gubbermint from reading it, but it will deter the casual thief who probably doesn't know that the way Windows stores things isn't the only way. For that matter, you can, if you wish, encrypt the drive, to add a second layer of security and if you're really cautious, the files themselves. One of the nice things about doing it this way is that you can put the drive in your checked luggage and carry the laptop and not have to worry about TSA or Customs finding something you'd rather they didn't see.
On Thu, 2013-04-04 at 12:41 -0500, Matthew J. Roth wrote:
Joe Zeff wrote:
On 04/04/2013 08:45 AM, Bill Oliver wrote:
I take my laptop on the road a lot, and I have work stuff on it I don't want the world to see. I don't encrypt the whole disk, but I have an encrypted partitiion, and keep sensitive data on it.
You might also consider keeping it on a flash drive with an ext4 file system, as most people who'd find it wouldn't know how to read it.
As a warning to future readers, this is just bad advice because then the files would be unencrypted on a device that is much easier to lose.
---- and one that has a substantially higher likelihood of failure than a hard drive. It was a bad recommendation on so many levels. Anyone who entrusts their only copy of a valued file to a USB flash drive is certain to learn a lesson the hard way.
Craig
-
Bob Goodwin -
Craig White -
J.Witvliet@mindef.nl -
Joe Zeff -
Jorge Martínez López -
Matthew J. Roth -
Patrick Lists -
Tim -
William Oliver