Do you encrypt your hard drive(s)?

Naikon

I do. Nothing beats an entire LVM container encrypted with LUKS. I mean, it's not that hard to setup during an install for instance on modern Linux distros. Honestly, key based authentication and encryption should be mandatory on all systems, including sensitive ones.
As a "citizan", you are within your rights to protect your privacy. This isn't North Korea. Encrypt as you please. I suggest blowfish. I know a few people use TrueCrypt for files, but would you bother with the whole disk(including swap)? AIB could learn a thing or two:pac:

blubloblu

There's nothing worse than encrypting something, storing it away for a few years and completely forgetting the passphrase.

Naikon

blubloblu wrote: »

There's nothing worse than encrypting something, storing it away for a few years and completely forgetting the passphrase.

Yeah, that would suck donkey balls. I can't think of any way to circumvent this situation, except maybe for a cool biometric device currently not available for use.
Mind you, there was a case in the UK not that long ago where a guy was jailed for not revealing his key. "But Officer, I 'forgot' the key!" should be an acceptable excuse imo;)

bnt

Yep - on my Ubuntu netbook, I have an encrypted /home directory, which I back up to an encrypted USB drive. In there, some "core" files go on to Dropbox too.

Jagera

I would - I spent a few hours trying to encrypt a USB driveto work on Linux & Windows. I couldn't get it going, so I gave up. I will come back to it though.

I wanted to partition the drive, 80% encrypted, and 20% non - for general non secure purposes.

Khannie

Not currently. Would be interested in switching /home to an encrypted drive though. Is it much hassle?

Dan_Solo

Naikon wrote: »

This isn't North Korea.

No, but can't US Border Control demand access to your files and even image your hard drive if they so feel like?

Khannie

AFAIK TrueCrypt has a feature that means you can hide a partition entirely (and therefore deny its existence).

Demand all ye want. If you don't know something's there it wont do you any good.

Dan_Solo

Khannie wrote: »

AFAIK TrueCrypt has a feature that means you can hide a partition entirely (and therefore deny its existence).

Demand all ye want. If you don't know something's there it wont do you any good.

Well, Truecrypt can deny its existence, but if YOU deny its existence and US Border Control find it... your ticket might be automatically switched to "Destination: Guantanamo. One way."

challengemaster

Dan_Solo wrote: »

No, but can't US Border Control demand access to your files and even image your hard drive if they so feel like?

Someone should inform them there's easier ways to get pr0n :pac:

Capt'n Midnight

Naikon wrote: »

Yeah, that would suck donkey balls. I can't think of any way to circumvent this situation, except maybe for a cool biometric device currently not available for use.
Mind you, there was a case in the UK not that long ago where a guy was jailed for not revealing his key. "But Officer, I 'forgot' the key!" should be an acceptable excuse imo;)

Biometrics could change over time, a cut on your finger tip.

Those people in Anglo should not be handed out a get out of jail free card.

Capt'n Midnight

bw wrote: »

I would - I spent a few hours trying to encrypt a USB driveto work on Linux & Windows. I couldn't get it going, so I gave up. I will come back to it though.

I wanted to partition the drive, 80% encrypted, and 20% non - for general non secure purposes.

encfs is just about the easiest to use for individual folders

sudo apt-get install encfs
encfs ~/.hidden ~/visible

at next logon just use up arrow to get the encfs line again

You will now have a hidden folder in home with encrypted files in it
visible is a temporary mirror image of the hidden folder - except that everything there is decrypted


each file is encrypted (including the name - so go by date/size) so you can email them or archive them one by one, just drop back in the hidden folder to have them appear decrypted in the other. This can be handy since a bad sector won't take out the full volume, data recovery on encrypted files isn't exactly easy.


BTW since memory is cheap just put tmp into it ,
this may also improve your battery life if using a laptop.

Capt'n Midnight

Naikon wrote: »

I do. Nothing beats an entire LVM container encrypted with LUKS.

"Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)"



If you are paranoid then you should at least have multiple layers
- BIOS passworded and set to do memory test on each boot (not fast boot)
- HDD password ( set in BIOS and different to one for BIOS)
- Filesystem encrypted
- Home folder encrypted with different algorithm
- Don't bother wiping swap file on shutdown, buy more ram instead of using swap

To stop someone nicking passwords out of RAM - perhaps some fancy lock when laptop is closed, of course you will also need to disable USB / CD / LAN boot options as well.


Then again I know someone who didn't remember that his home drive was encrypted during an install and a failed upgrade later he's not a happy bunny.

Jagera

Capt'n Midnight wrote: »

If you are paranoid then you should at least have multiple layers
- BIOS passworded and set to do memory test on each boot (not fast boot)
- HDD password ( set in BIOS and different to one for BIOS)
- Filesystem encrypted
- Home folder encrypted with different algorithm
- Don't bother wiping swap file on shutdown, buy more ram instead of using swap

- keep post-it-notes with passwords hidden under the keyboard

Capt'n Midnight

Dan_Solo wrote: »

No, but can't US Border Control demand access to your files and even image your hard drive if they so feel like?

TBH this is like smuggling guns into the US it's a stupidity filter

you can buy weapons in Walmart,
you want IED's ? buy a copy of Make and head down to the hardware store

you want to keep your data secure ?
vanilla install and use the cloud / download your info after you get to the states