Encrypting Your Laptop Like You Mean It

[Flash]

Encrypting Your Laptop Like You Mean It
Comprehensive and detailed discussion about encrypting hard disk drives, including how to do it in Windows, MacOS and Linux.

[rufwoof]

Encrypting Your Laptop Like You Mean It
Comprehensive and detailed discussion about encrypting hard disk drives, including how to do it in Windows, MacOS and Linux.

You can still visit malicious websites that exploit bugs in Flash, or in your web browser, or in your operating system’s font or image rendering engines, or countless other ways.

What I love about puppy is that you can, if you so prefer, boot a factory fresh operating system and browser each time you power up. Screw up the configuration or catch a virus and its only evident for that one session, corrected/cleared by a reboot. Running entirely in ram also means your HDD's can be protected.

Compared to using a system that's read/write, been up and running/changed for a while, and its browser been used to visit here/there/everywhere with whatever vulnerabilities that might entail, and the thought of such keeps me away from using such alternatives.

My remaster process is a single desktop icon click and takes seconds to run through. If I need to make a change to the core I reboot, make changes, remaster. No need for a savefile if you keep all docs etc outside of puppy space. Brand new factory fresh browser downloaded from Mozilla for each reboot.

That's also great for trying things out. Reboot, loads sfs's/pet's etc to your hearts content, reboot and they're gone. Unless of course you want to keep one to the side and install that/remaster to make it a permanent feature.

[Scooby]

Running entirely in ram also means your HDD's can be protected.

How do you protect your hdd's if attacker gains root?

If you are not talking about physically disconnceting them,
how is it done?

[rufwoof]

Running entirely in ram also means your HDD's can be protected.

How do you protect your hdd's if attacker gains root?

If you are not talking about physically disconnceting them,
how is it done?

I was talking physical disconnection Scooby. Dedicated external drives are cheap nowadays (something like around $50 per TeraByte). There are even options to convert existing drives to external

http://www.ricksdailytips.com/turn-inte ... nal-drive/

Most of the time now I'm PXE net booting a small image to get to GUI desktop/net connected and the rest is pulled down from the cloud (on a high speed internet connection with no bandwidth restriction). That's rapidly approaching speeds comparable to the old 100Tnet LAN speeds. This old clunker's CD/DVD are busted and the internal HDD's aren't much good either, so docs etc are stored either in the cloud or on removable. I use online email. Temporary measure - as my other old (but not so old) half ton beast died the other week and I've not got around to 'upgrading' yet (waiting for my son's 4 core hand-me-down as he's looking to upgrade).

I do still have the HDD partitions showing on my desktop, but not mounted, and nothing on them of much use other than testing other pups etc i.e. grub4dos and initrd.gz/vmlinux/puppy sfs's of things that I tend to try out for a bit with little regard to corruption etc. I don't plug in my main storage whenever I run such tests.

[Scooby]

Most of the time now I'm PXE net booting a small image to get to GUI desktop/net connected and the rest is pulled down from the cloud (on a high speed internet connection with no bandwidth restriction).

May I ask out of curiosity is the "cloud"-data encrypted?

If so, encrypted by you or vendor of the cloud service?

Would it be possible for attacker to gain password to cloud-storage
during one of your sessions, i.e through some exploit like a flash vulnerability?

Does password for cloud-storage linger in RAM?

[Flash]

I haven't tried using any "cloud" storage solution. If you want to encrypt something that you put anywhere, on a local hard disk or in the cloud, encrypt it before you send it. That would guarantee that no one but you (and anyone you give the encryption key to) can read it. For maximum "security" you could even use a different key to encrypt every file you put in the cloud. Managing all those keys and passwords would probably have the practical effect of guaranteeing that no one, including you, would ever be able to read it again.

[rufwoof]

I haven't tried using any "cloud" storage solution. If you want to encrypt something that you put anywhere, on a local hard disk or in the cloud, encrypt it before you send it. That would guarantee that no one but you (and anyone you give the encryption key to) can read it. For maximum "security" you could even use a different key to encrypt every file you put in the cloud. Managing all those keys and passwords would probably have the practical effect of guaranteeing that no one, including you, would ever be able to read it again.

Local crypting/decrypting and working (Libre Office, Abiword/gnumeric ... whatever) is the more secure choice. If you store work files on say GoogleDrive and use Google Apps (spreadsheet etc) then they get to see the content. Download, decrypt, work using local apps, crypt, upload is more private.

[Karl Godt]

Encrypting a harddrive partition or just a file is very unknown to me.

What I know for sure is, that encryption puts a password into the superblock of the partition or file.

Therefore the light encryption of a savefile of ext[2-4] filesystem is very VERY insecure, because
mount -o loop savefile.3fs /mnt/s would say "read dmesg or so" .
dmesg would tell something about unknown mount option "your_password" !