C.T. Paterson wrote: : > John C Nash wrote: : > : > Before I say anything else: <http://xkcd.com/538/>. Please keep that in : > mind through all of this. : : Thanks very much for raising this topic, and for the xkcd reference - : it was the second thing I had thought of. Its importance (especially the image comment) can't be understated. : > There are more topics in this area, but I'll leave it there. Hopefully this : > will kick off some discussion. : > : > Here's a more direct question to the list: : > : > What do you encrypt, and why? : : I was going to post a little more about my experiences, but it's : already clear I have much more to learn than teach, so I'll be more : circumspect and describe my situation instead. That's the wonderful thing about technology in general, and open source software in specific: we all use it slightly differently, so we can all learn from each other. : I'm one of those guys whose ignorance could easily fool me into : thinking I've protected myself when I haven't. Being aware of our own ignorance is a Good Thing. : In terms of perception; one of the disadvantages of what I've done is : that I don't believe I can use suspend/hibernate while travelling, as : the data is not then protected. I'm also forced to consider that the : extra time and effort spent upon every boot-up is not equal to the : risk of my data getting compromised, or the risk to me and my employer : if it does (call it the xkcd equation). After all, I don't use the : secured data every time I start-up. You're right, and well ahead of many people who just tick off the "Encrypt My Home Partition" checkbox on the installer, and then believe that anything and everything they do on their system is protected : suspending and resuming doesn't protect the hard drive, it still remains unencrypted. Some people have looked at changing this, but it's apparently not a trivial fix. That being said, there's no technical reason why you can't suspend and resume your laptop; the functionality's still there, but so is the unencrypted data. (It's probably worth pointing out that hibernating is probably the *worst* thing you could do when you have an encrypted drive mounted, as all your RAM gets written to an *un*encrypted partition on disk -- including sensitive data, and your passwords.) : A clean upgrade to 9.04 is in my future, and I'm considering a : different encryption approach, and so am very interested in the : discussion at play. On a side note, this is where a good threat model comes in to play. When you know what you're protecting against, how you protect yourself becomes fairly clear.