Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
software:encryption [2015/07/30 21:05] cyril [Good passwords] |
software:encryption [2015/07/30 21:39] (current) cyril [Application data and system partition] |
||
---|---|---|---|
Line 21: | Line 21: | ||
==== When to mount ==== | ==== When to mount ==== | ||
- | If your data are very sensitive and you suspect some advanced hackers could try to gain access to it, you should only keep the volumes mounted when you need to use it, and unmount it as soon as you don't need it. To ease it you should have a separate volume for every category of sensitive data you have. It should never be mounted when the computer is unattended, idle, sleeping, or when you are traveling with it. The reason is that it is not that difficult to recover the encryption keys in the RAM if the volume is mounted, even if it is not possible to use the current session; see [[http:// | + | If your data are very sensitive and you suspect some advanced hackers could try to gain access to it, you should only keep the volumes mounted when you need to use it, and unmount it as soon as you don't need it. To ease it you should have a separate volume for every category of sensitive data you have. It should never be mounted when the computer is unattended, idle, sleeping, or when you are traveling with it. The reason is that it is not that difficult to recover the encryption keys in the RAM if the volume is mounted, even if it is not possible to use the current session; see [[http:// |
- | If you data are not very sensitive but you just want to prevent the average hacker thief to get your data, keep it mounted and follow the rest of the instructions. | + | If your data are not very sensitive but you just want to prevent the average hacker thief to get your data, you can keep the volumes |
==== Indexing ==== | ==== Indexing ==== | ||
Line 60: | Line 60: | ||
Sensitive/ | Sensitive/ | ||
- | The next step is to encrypt your whole system partition. It is necessary if your data are very sensitive and you suspect some advanced | + | The next step is to encrypt your whole system partition. It is necessary if your data are very sensitive and you suspect some hackers could try to gain access to it, to prevent from installing spy programs on it (by booting on a live OS or extracting the hard drive). |
Encrypting the whole system partition also encrypts the swap file if there is one. If you are using a swap partition you may want to encrypt it as well (a swap file on an encrypted partition). | Encrypting the whole system partition also encrypts the swap file if there is one. If you are using a swap partition you may want to encrypt it as well (a swap file on an encrypted partition). |