On 07/09/2019 10.27, David C. Rankin wrote:
On 08/30/2019 07:22 PM, Neil Rickert wrote:
One of these days I will have to try encrypted drives. Since SSD will take most of the sting out of the overhead, it may be a good addition. But I always keep coming back to "Why do I need it encrypted to begin with?" Sad, but there is nothing very interesting I worry about someone gaining physical control over a drive an getting. If it's important, it's already encrypted. Why I would want all the files in /opt and /bin and /usr encrypted -- just seems like a stretch. If it's really important, it doesn't even go on a computer :)
Because it is easier to encrypt it all than parts of it. For example, you can encrypt /home, which what I do on my small laptop; but if I click view on a bank statement, it downloads it to /tmp, which is not encrypted. Other applications may do similarly; perhaps Libre Office (I don't know, I have to verify). The logs sometimes contain passwords to places; not normally, but I have seen them in some debug logs. The configuration files in /etc may contain mail passwords, too. So, what, encrypt /tmp, /var, /etc...? Rather encrypt it all. And I don't notice an impact on speed, anyway. I often encrypt backup media; for the same reason, there can be a file somewhere with a password or a bank statement. And the last one I did, I also used filesystem compression, with btrfs. No snapshots, just btrfs compression and LUKS encryption. It just happens that btrfs is the only openSUSE supported filesystem with compression. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)