On Tue, 13 Oct 2015, Gustav Degreef wrote:
On 10/13/2015 03:18 PM, Anton Aylward wrote:
My question is this:
Why don't you just encrypt the drive or at the very least the data partition.
There are many perfectly good mechanisms for this.
I've thought about it, but I don't have the expertise to do it and have not had the time to look into it.
LUKS is a default scheme for Linux, of course. I don't know how to use TrueCrypt for Linux yet, but I believe both Grub and cryptsetup support it. Normally on Windows you could / might just use a TrueCrypt hidden partition, and put PortableApps in there. You'd put your email program in there and no one would even know you had email on the machine ;-). They would know you have TrueCrypt though. Either because there is a boot prompt (for a fully encrypted system) or because the program is installed on your system. On Linux it is much harder; there is no portable apps, to begin with. Thunderbird wants to sit in a certain place, and it all has to be in the FHS (Filesystem Hierarchy Standard). Mostly you have to compile it differently to use other locations (?). I also don't really know how Linux really handles mounting crypted filesystems (block devices) at boot and how you can postpone that for certain things you want at a later stage (but there is also no GUI for that, unless you use TrueCrypt for these block devices or containers). And TrueCrypt is unmaintained and doesn't play well with KDE at least (I think it is a GTK application, and it tries to use Nautilus for instance to open locations, and the icon is also not scalable, etc.). In Windows you could have an extra partition and it would prompt you to mount it at log-in. Such a thing doesn't happen in Linux and I don't know how to achieve it. I also don't really know how to prevent those other volumes from being prompted at boot, but that's just me. Then there is also eCryptFS which is an option when you install your computer (e.g. OpenSUSE, probably, also). eCryptFS only encrypts your home folder (by default) using a file-based or file-level encryption format. It is also possible (I still believe) to use a block-level home directory (mounted from e.g. a LUKS container) and I have a tutorial on that but it seems to fck up a bit with the newest mount.luks (complains about nonsensical things). But the downside to that is that you have to specify the maximum size of your home directory in advance. Linux is not as good as well with the no-information-leak thing, I cannot really get Linux up to par with Windows, no matter how much time I have invested in it already. In Windows it would just be easy... But the thing Anton writes in the other mail is very well possible. It doesn't take much to get even an encrypted boot partition and I have one now (on Ubuntu) but the downside is, the Grub prompt is ugly and not user friendly. The upside is only that there are no visible initrd (initramfs) files available to any suspecting member of the human species. I would suggest just sticking to Windows :P if you want real security in that area. But LUKS (for the entire drive) and eCryptFS (for the home directory) are easy second-hand-best solutions that are also available to you. An encrypted "boot partition" with TrueCrypt is effortless, for instance, on Windows. And the prompt is also much nicer. eCryptFS just uses your user password to encrypt (basically) so perhaps that is the best solution for you here. It is possible to set up eCryptFS behind the fact, but I have never done so yet. Something that would be ideal (as indicated) would be the ability to locate your home directory (for a current user) on an USB stick, but in that case I would rather encrypt the whole thing (or the home directory) and then sync to that stick so my data is also on there. It's what they call a "traveler stick" and you can use it with TrueCrypt but it is more oriented towards Windows users. You would truecrypt-encrypt either the entire stick (partition) or you would make a block-file container that contained the volume cq. data with TrueCrypt files available for installation from the visible partition. Normally people use FAT32 for such data sticks though, for interoperability, but that has its limitations. Regards, X. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org