You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2009-03-09 12:15:01
- UQ-igor
- Member
- Registered: 2009-03-05
- Posts: 42
Encryption scheme to use
Hi,
I have a couple of small text files that I keep encrypted using gnupg - just in case my laptop gets stolen I would rather not have anyone go through my bank details and other sensitive information.
As I said, at the moment I just use gnupg to encrypt the files I want to protect, but I've been looking at making an encrypted container and mounting it as a loopback device using either truecrypt or dm-crypt. However, I don't know if this is worth the effort in my case since I only have a couple of small files.
Basically, I would like to know if there are any advantages / security pros if I switch to using truecrypt / dm-crypt and setup an encrypted partition over the current system I'm using (encrypting files with gnupg).
Thanks for reading!
-Igs
Last edited by UQ-igor (2009-03-09 12:16:12)
Offline
#2 2009-03-09 12:32:07
- Dieter@be
- Forum Fellow
- From: Belgium
- Registered: 2006-11-05
- Posts: 2,004
- Website
Re: Encryption scheme to use
big disadvantage of your approach : you may still have sensitive information in /tmp or swap.
I just recommend everyone to encrypt the entire blockdevice. (everything except /boot). there's no real performance penalty (unless you have a <1Ghz or so machine. You just need to enter the password at startup, I don't know if that bothers you? You could also use a usbstick with your key on it
< Daenyth> and he works prolifically
4 8 15 16 23 42
Offline
#3 2009-03-09 13:33:29
- Xyne
- Forum Fellow
- Registered: 2008-08-03
- Posts: 6,965
- Website
Re: Encryption scheme to use
Encrypting everything is usually overkill plus it also means that you have everything unencrypted when you're running the system so you're only safe when you shut it down. Of course you could use multiple layers of encryption, but that's normally overkill too, plus you end up stacking performance penalties.
You should definitely encrypt swap. If you have enough ram for it, you could use a ram disk for tmp to keep that data off the disk, otherwise use a random key to encrypt tmp at each boot. Your entire encryption scheme is weakened by not encrypting swap and temp.
In your case, you should probably look into using EncFS. As you're only dealing with a few small files it seems unnecessary to encrypt the whole system or set aside disk space in an encrypted container for them.
My Arch Linux Stuff • Forum Etiquette • Community Ethos - Arch is not for everyone
Offline
#4 2009-03-09 13:57:46
- vacant
- Member
- From: downstairs
- Registered: 2004-11-05
- Posts: 816
Re: Encryption scheme to use
With 2GB RAM, I have /tmp in ram, no swap and an encrypted /home. No problems so far running kdemod 4.2. It means I can keep passwords in plain text files, or firefox etc.
Last edited by vacant (2009-03-09 13:59:15)
Offline
#5 2009-04-16 03:09:11
- na5m
- Member
- From: Rancho Cordova, CA
- Registered: 2008-11-19
- Posts: 30
Re: Encryption scheme to use
I'm weighing encryption choices myself. I'm leaning toward not using a swap partition at all ( I have 4gigs of main memory, and don't run very many apps at once. ) And I want only two partitions: /boot (of course, which is not encrypted) and / (which will be encrypted and contain everything else, including /var & /tmp ). I'm like the OP in that I only have a couple of files that I really want encrypted. I believe that encrypting the whole partition is the way to go towards this end.
I don't believe that this is over-kill. In fact, it seems that this is the way that the industry is moving: whole volume/disk encryption. In addition to Arch64, I run Windows 7 with BitLocker ( AES-256 + the Diffuser ). I can't perceive any system speed degradation and I feel that my personal data is truly secure 
There is a wiki here on archlinux that walks one through the encryption process. I'm going to follow it and hope it works out well.
Let's go check out Hades!
Offline
Pages: 1