I just bought an external disk (MyBook) and decided to encrypt it using TrueCrypt. When I was taking the preparations i really wonder if I was the only one and what people drives them to do something like that. Encrypting your data isn't an 1 minute decision if you look @ the work. You need to learn a password over 20 characters and insert them every time you boot up your computer (if you use it allot).

I personally have a few resons but the most important one is the one I just learned a few weeks ago. A friend of my had the unlucky that a few buglers visited him while he was asleep, steeling his laptop, external disk, digital camera, ... Getting your stuff stolen is bad, knowing that people you don't know are looking at it is worse. So the day that I would be in bad luck and people stole my stuff, I don't want them to be able to look at my personal files.

So, whats you motivation, if you have one :-)

I have nothing that I care if anyone saw, so no. when I plan my assassinations, I keep it separate, uh, did I just say that?

I don't have a big external hard drive (just a 2 GB USB stick and a few SD memory cards) and I don't store anything really personal on them or on my laptops. My SSH and GPG private keys are protected with strong passphrases so that's not an issue either. In short, no, I never encrypt whole drives, that would be an unnecessary hassle for me. I do, however, always have KGPG at hand in case I need to encrypt single files, but that's all.

I encrypt my data using Truecrypt (and the native encryption in ubuntu for the operating system disk), because I'm paranoid and I can. I don't want people in my stuff, looking at my stuff, stealing my stuff or anything else -- and I don't really think it's that much of a hassle. Takes a day to encrypt large drives (I have a 750GB that went in like 8 hours, I just started it before I went to bed) and then you type a password in once a day or less. I mostly want it encrypted if it's rebooted, like stolen or rebooted because it's locked.

Funny story though: At work I encrypted both my linux and windows boxes about three days later some tech guys came by to redo the domain config and couldn't boot my PCs. (They actually didn't recognize that one was running linux) So when I get in, I track them down, boot my Windows box and tell them to go ahead.

The guy goes "So, you have a boot-up password?"
Me: "No."
Guy: "But I couldn't get in your box."
Me: "Boot passwords are against policy, my hard disk is encrypted."
Guy: "Who did that for you."
Me: "I did"
Guy: "Well... what do you have in here that needs to be encrypted"
Me: "If I wanted you to know, I probably wouldn't have gone to the trouble of encrypting it."
Guy stomps off angrily after finishing the config setup.

LOL

Thought I would share,

Xan

that story made my smile.

I encrypt my data using Truecrypt (and the native encryption in ubuntu for the operating system disk), because I'm paranoid and I can. I don't want people in my stuff, looking at my stuff, stealing my stuff or anything else -- and I don't really think it's that much of a hassle. Takes a day to encrypt large drives (I have a 750GB that went in like 8 hours, I just started it before I went to bed) and then you type a password in once a day or less. I mostly want it encrypted if it's rebooted, like stolen or rebooted because it's locked.

Funny story though: At work I encrypted both my linux and windows boxes about three days later some tech guys came by to redo the domain config and couldn't boot my PCs. (They actually didn't recognize that one was running linux) So when I get in, I track them down, boot my Windows box and tell them to go ahead.

The guy goes "So, you have a boot-up password?"
Me: "No."
Guy: "But I couldn't get in your box."
Me: "Boot passwords are against policy, my hard disk is encrypted."
Guy: "Who did that for you."
Me: "I did"
Guy: "Well... what do you have in here that needs to be encrypted"
Me: "If I wanted you to know, I probably wouldn't have gone to the trouble of encrypting it."
Guy stomps off angrily after finishing the config setup.

LOL

Thought I would share,

Xan
Haha. That is funny.
Well, I don't encrypt whole drives, but I do just use GPG for encrypting specific files. But if I were to encrypt a partition, I would just use TrueCrypt and use a spare partition for all of my highly sensitive stuff. :)

Dr Small

I don't want people in my stuff, looking at my stuff, stealing my stuff or anything else

For this, login passwords are strong enough for me. There's just my mother and sister here besides myself, and I don't think they'd know how to mount my RAID from a Live CD ;) I guess it all depends on the environment the machine runs in.

I don't use encryption on my computer, because only me use my computer, so I don't care about it.
But when I need save or backup my personal data to other computer, I always compress to 7-zip file with long password.

For this, login passwords are strong enough for me. There's just my mother and sister here besides myself, and I don't think they'd know how to mount my RAID from a Live CD ;) I guess it all depends on the environment the machine runs in.
Same situation for me but i don't have a RAID drive, my mother and sister just don't know how to do anything like that. :p

One thing I've wondered is if I Encrypt the 2nd hard drive on my server (the one with the files I want) and the OS hard drive fails how screwed am I at getting another hard drive, install some OS on it (the same? a different linux?) and be able to get access to my files on the 2nd hard drive?

For Laptops, since they are more desired and out in public compared to desktops/servers, I would think Encrypting the data would be helpful (esp if you have a backup).

My son is a self-training hacker so I HAVE to take security action. At age 4 he tried logging into my account ("daddy"). Age 5 he asked me while I was doing something on the computer "what's your username?". Now he's 6 and I'm getting worried!

Believe it or not. I have no secrets and no need for encryption and stuff. The work I do for my clients used to have a lot of confidential stuff but these days I work more and more on social and health issues and my work is more in public domain. I have even stopped using credit cards and if only someone breaks into my bank account , he would only feel sorry for me and deposit a buck or two. I do not drive any kind of vehicle not even a bicycle and have no use for keys or burglar alarms.
The only places I need a password is on my Ubuntu computers and email accounts. The other thing that worries me is that I live in a place where I have to lock the door of my house when i go away. Wish I find a place and lifestyle where I wont have the need for locks and passwords or security.

Haha, there is nothing better than watching novice PC users (aka most people in their 40s) getting schooled by little kids.


Xan

I don't encrypt whole partitions, but I do encrypt some of my personal stuff (i.e. my perfect plans to take over the world ;)). I use the OpenOffice built-in encryption for documents and mcrypt on command line for other stuff -- with the help of some simple Bash scripts.

One thing I've wondered is if I Encrypt the 2nd hard drive on my server (the one with the files I want) and the OS hard drive fails how screwed am I at getting another hard drive, install some OS on it (the same? a different linux?) and be able to get access to my files on the 2nd hard drive?


I'm not sure about a stand alone drive... but I found a link that had this information on mounting an encrypted LVM drive/partition that I have on my laptop. I recently had to do this to get data and worked great. this maybe able to work on a stand along drive in some fashion.



This is the commands I ran to mount the encrypted part using a the Ubuntu 8.04 livecd.

As Root:

apt-get install cryptsetup lvm2
modprobe dm_mod
modprobe dm_crypt
modprobe aes (this gave error but this all still worked)

cryptset luksOpen /dev/sda3 external (external is anything you want name) (obviously sda# is whatever you need it to be)
enter passwd from hell

Now the tricky part... there isn't a way to find out the VG name in the LVM2 setup.. you just have to know it. Luckly I had named my VG the same as the computer name.

vgchange -ay kessel (it will see the vg on the now unencrypted
section) (kessel was my VG name)

lvscan (gives you the device names for the mounts)

mount /dev/kessel/root /mnt/kessel

Happily copy all data off that you want.

umount /mnt/kessel

vgchange -an kessel
cryptsetup luksClose external

My laptop is dual boot with vista and hardy. The hardy partition is encrypted with the LVM option from alt-cd. which is what I use all the time. vista is just there to look pretty. but is unencrypted.

I do this on my laptop in case it gets stolen I don't have to worry about it.