On 20/04/17 02:16 PM, John Andersen wrote:
On 04/20/2017 06:44 AM, Anton Aylward wrote:
What you need to think about is whether the idea of an encryption system that works only when your machine is shut down is enough.
Exactly. And usually that means its only worth while for a laptop that travels and may get lost/stolen, or media that can "walk away".
Let me qualify that: it is only worth while for a laptops that travels and may get lost/stolen WHILE SHUT DOWN. If the thief is ingenious enough to steal your laptop while logged in and the data is accessible in the clear and has the means to keep the laptop powered up then that is a very different scenario. See http://www.johnsandford.org/kidd04.html for a novelization of this scenario.
You are going to give up that encryption key like a blubbering school boy when they come with warrants and guns, so why pretend encryption protects anything on always-running spinning storage in your home or office server room?
The real difference between _their_ Stasi, "The Ministry for State Security" and _our_ Stasi, 'The Department of Homeland Security", is that we live in a more material rich society. We have (cholesterol rich) beef on the table, 40+ inch TVs, Graceland, Disneyland, cheap air travel (if you are willing to queue, be groped and stripped searched, and possibly dragged off kicking and screaming) and other consumer comforts, as well as the ability to bitch and complain about it all on the 'Net, in print and at the pub, just so long as you don't actually do anything.
I've used encryption (LUKS) on 13.2 on my traveling laptop for years and it never caused me any problem. I abandoned it when I did a fresh 42.2 install on SSD.
That reassures me immensely. When I travel, I remove the password protection from all my portable devices. I used to think that it would save a lot of hassle. It used to, yes. Now I'm getting asked why I don't use passwords...
The old disk is in a caddy, and I've occasionally plugged it in to a couple different distros to retrieve data, and it pops up asking for the decryption password each time just like it always did.
Yes, I do that with my old //etc and more, keep the DVDs with /home and so forth. Some RootFS live on LVM partitions. Now I have to figure out how to stop drakut/mkinitrd scanning them. Oh, right /etc/default/grub ... os-prober
(To relate to the topic title, I didn't try whole disk encryption, nor did I encrypt /boot or /root on that laptop, just /home and /data where source code and money things live).
-- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org