[kwlug-disc] Why Encrypt? [Was: Re: OT - degauss/wipe a dead hard drive/LTO tapes]
unsolicited
unsolicited at swiz.ca
Mon May 3 15:46:48 EDT 2010
Speaking of encryption ...
So why bother encrypting?
- surely no significant financial loss would be incurred by most in a
worst case scenario.
- it's a PITA.
- just how likely is it that someone breaking in (non-laptop) is hunting?
- just how likely is it that that lost/stolen laptop doesn't just have
its drive reformatted?
- just how likely are the worst case scenarios, anyways?
Now if you're keeping credit card data around, etc., OK. You have a
duty. But I doubt that's frequently the case.
So, to the list, why bother encrypting?
Chris Irwin wrote, On 05/03/2010 3:36 PM:
> On Mon, May 3, 2010 at 13:33, Oksana Goertzen <ogoertzen at gmail.com> wrote:
>> Re: drive encryption
>>
>> How do you back up your data if the drive is encrypted? Do you back up the
>> whole volume? .. and how do you do that - login as a different account and
>> backup the directory/volume? I guess I'm a little concerned about
>> corruption and
>> then the whole volume is gone. I do use encryption for files and some
>> emails but
>> my keys are on the hdd [.. and yes, there is a difficult & long password
>> defined
>> for the key].
>
> For my laptop, I used ecryptfs, which was an option during the Ubuntu
> installer. It only encrypts my home directory, which is fine since
> that is all I care about. It is decrypted via a PAM hook at logon. I
> sync $HOME with unison, so I'm logged in when that happens and the
> unencrypted data is copied. Even if I wanted to automate, files are
> still accessible in their encrypted form (as plain files, not a
> loopback image or anything). Back those and the key up, and you're
> good.
>
> For my desktop, I don't bother. /home is over nfs. Otherwise I'd do
> the same as above.
>
> For my server, I haven't bothered. I went with md raid 5, and the
> disks are from two different manufacturers, so I don't think there is
> as much of a worry there of disk manufacturers seeing anything. I
> could go ecryptfs as well, but since it only works while logged in, I
> would not be able to do a lot of the automation I currently do. Also,
> since my logins to the server are via ssh key auth, and that would not
> decrypt $HOME.
>
More information about the kwlug-disc
mailing list