Re: Advice on encrypted filesystem

[rhkramer@gmail.com]

On Wednesday, June 24, 2020 10:20:55 PM David Wright wrote:
> On Wed 24 Jun 2020 at 21:28:38 (-0400), rhkramer@gmail.com wrote:
> > On my Wheezy system, I used cryptsetup to set up a LUKs  encrypted file
> > system on a dedicated partition
> 
> What were the contents of this partition: the OS itself, or /home,
> or an independent filesystem that you'd probably mount under /media?

an independent filesystem mounted as a top level directory

> Same this time around?

yes

> > (actually, two filesystems).
> 
> Do you mean you did this twice, or what?

Hm, I can elaborate a little: I have one filesystem / partition for my very 
sensitive private data, and a second to back that stuff up.

(I have some scripts to allow me to easily open (and close) those filesystems 
-- when they open, the unencrypted content is put on a ramdisk (with the 
intent if somebody gets physical possession of the device (which is a desktop, 
not a laptop), the enencrypted data disappears on power off.) 
 
> 
> Laptops? 

Well, the Buster system is a laptop, Jessie is a desktop.  I don't plan to put 
much, if any, sensitive data on the laptop.  (I don't really even intend to 
take the laptop out of the house, especially during this Covid thing -- I 
installed Buster on it because I needed GCC 7+ and couldn't (easily) do that 
on the Wheezy or Jessie systems.

> Do you use suspend? 

No.

> Desktops? 

See above.

> Do you boot them remotely?

No, but they do stay up 24/7 unless there is a (longer that 2 minute (power is 
UPS supported)) power outage, or a (very rare) reboot.