On 07/26/2015 10:25 PM, Carlos E. R. wrote:
Well, yes, having .fetchmail on a encrypted partition is a second order pseudo-secret. When you are logged in and active that partition is "unlocked" so you can use it. Not exactly, because you need to enter a password to open the partition at some point.
Once again I refer you to the John Sandford novel. The laptop was stolen while the main user was logged in and had opened up the encrypted user partition. UNLESS you have some kind of scripting that says 'open encrypted partition using keyword; extract passwords; close encrypted partition; forget keyword' then all is lost. If you have /home/${USER} encrypted then you need to have it unencrypted to be able to log in and as long as you are logged in it there in the clear. There's the old saying about the cryptanalytic properties of a blunt, heavy objects. Usually they are applied to finding keys. In the Sandford novel it was applied to the user while he was logged in. The thief only had to keep the laptop powered up. So long as it was powered up and he never logged out he had access to the "encrypted" partition. Encrypting individual files is another matter. But then there's the matter of convenience. You can PGP encrypt your files but the program will remember you passphrase for a few minutes as a convenience. Well, you find its doesn't remember it for long enough so you alter that parameter, 15 min, 30 min, one hour, all day. Always a trade off: security vs convenience. Convenience usually wins. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org