On 2017-04-20 23:20, Anton Aylward wrote:
On 20/04/17 01:40 PM, Carlos E. R. wrote:
On 2017-04-20 15:44, Anton Aylward wrote:
However, as I've discussed before, what is it you want to focus on when encrypting, code or data? In a perfect world you'd have unlimited (portable) storage that doesn't degrade in speed with decryption. In reality ... what? Maybe you think that LUKS/FUSE is enough.
Data, but there is sensitive data spread on several directories. WiFi passwords somewhere on /etc, logs on /var, temporary files in /tmp, and others I forget. So the answer, for a laptop, is "all".
Don't forget SWAP!
This is why I don't think simply encrypting partitions or files or directories is enough in this sort of context. You need an encrypted DISK.
It doesn't matter, you can encrypt all partitions.
You need a HARDWARE ENCRYPTED DISK !!!
Well, it does exist. It is a standard. But I have no idea how to enter the password when powering the laptop before the hard disk can be read at all. See "man hdparm", then seek the word "security". First hit: "ATA Security Feature Set" And that's about all I know about the thing. Most important, I have not found information about how secure it is. I mean, is it breakable? Is it an access password, or is it true encryption?
I don't care if it can be broken. The average burglar will not know how. If they want read the disk, they will have to sweat.
Once again I refer to the story about the the data thief that stole the laptop while it was active, while the owner was logged in and the encrypted volumes visible in the clear.
I know about that. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)