To encrypt or not to encrypt, that is the question.

[SagaciousKJB]

I'm going to be living on campus in a dorm pretty soon, and I've been pretty concerned with the prospect of someone stealing my computer and gaining personal information, or somehow packet sniffing. There might be some network in place I'm forced to use, and from what I understand, there is a wireless connection available.

Does anyone else use their computer in an environment like this without encryption and feel comfortable about it? I think the reason I have the most concern is not due to packet sniffing ( though I've played around with it and now how insecure most protocols are ), but the property theft issue. I'm not sure if any issues like that are big on campus, but I know that my city has a high incident rate of theft in general.


However, when I think about all of this, to generalizations pop into my mind and that is 1) Not a lot of people in my community really know a significant amount about computers and 2) Linux is certainly a niche subject. The only thing I have to counter that is that I'll be studying with people that want to learn about computers, and probably do have some kind of niche for them, and of course, that old adage, "Better safe than sorry." I just don't know if it's more of a pain than its worth.

I mean, I don't want to get into too much technical detail of course, but it might be a big of a hassle to use disk encryption and then also find ways to encrypt my internet usage. I'm sure the challenges are manageable, but the most tedious aspect is the most important: Disk encryption. I have to backup a lot of data, utilize an encryption solution, and then restore. I've found no way to really do it without backing up and restoring. :/

Anyway, that's just my situation, and I'm sticking with the "Better safe than sorry" motto.

[jayd512]

I would have to go about 50/50 on that. If you're going to be keeping critical or important data stored on your HDD, then you probably would want to look into encryption for your system. As far as internet, that one is kind of dependent on what type on info you plan on sending across the 'net. I, personally, would have to take into account the type of things that you'll be doing on a (possibly) un-secure network.

[Cabhan]

I don't know as much about networking as I would like, but if you're going to be using a wireless network that is unprotected and visiting sites that don't use SSL, I'm not sure how feasible it is to encrypt your Internet usage.

As for disk, I am in a somewhat similar situation to you: I have a laptop at school, I go to school in Boston, and there are a number of laptop thefts.

The thing to remember about laptop thefts is that they almost always follow the "A student left his laptop in the library unattended, and returned for it three hours later and it was gone" storyline. I have never heard of someone's laptop being stolen if they didn't leave it somewhere accidentally.

If you're concerned about theft from your room, buy a laptop lock and loop it around the bed frame or something (something immobile) so that it can't be taken.

If you're doing highly sensitive work or something, disk encryption would maybe be worth it, but otherwise, I don't know.


Oh, also remember that if someone steals your laptop, it's no longer about Windows or Linux. All they need to do is remove the hard drive and plug it in to some other computer, and now as long as they can read the filesystem (and yes, ext3 can be read by anybody because of FOSS drivers) they can view anything on it, regardless of permissions.

[kakariko81280]

Other. I think encryption is very important and I use it where I can, however I lack and Alice to my Bob. Nobody I know cares that much. I do have two people with an off-the-record capable instant messenger, but that is about all.

As for your comments, if someone is going to steal your computer then running Linux will not affect their decision. I have no practical experience looting someone's house, but I wouldn't take the time to boot and check the OS before lifting their PC.

Some distributions support setting up disk encryption during the install. In fact I'm trying to help someone else on this forum recover their encrypted partition and all they had to do was enter a passphrase during boot.

Encrypted backup isn't too hard, I use an encrypted loopback device to backup important data and burn it to a re-writeable CD from time to time.

Network encryption is harder, but only for the same reason I don't use it more. Generally traffic is sent in the clear so to encrypt it out of the possibly dangerous campus network requires some off-site support to send it to for decryption and forwarding. It shouldn't be hard to set up but may cost you money. I have a Netgear access point with OpenWRT and OpenVPN installed on it so I can tunnel my traffic home from coffee shops and whatnot.

Personally, I'd get a packet sniffer on the go and see what you can see. It could be considered unethical, but as long as you don't pry too hard I'd be Ok with it, and it provides a categorical answer to how much other people with packet sniffers can find out.

Let us know how you get on,

Chris...

[ls354]

I tend to encrypt specific folder with true crypt and have a vpn on my 20 dollar a month virtual private server. Be careful when using that wireless network, good luck.

[SagaciousKJB]

Yeah, I'm actually going to be bringing my desktop into my dorm, and hopefully getting a laptop. So one of my wishes was that I be able to connect to my internet wirelessly if I could, and I'd probably accomplish that with SSH tunneling and squid to be safe.

What is loopback encryption per se? Right now I'm procrastinating a little bit with the backup of the data before I encrypt anyway.


The laptop is getting disk encryption no questions asked since it would be the most likely to be stolen, but when it comes to the dilemma about encryption the desktop I still think the "better safe than sorry" motto comes into play.

I mean, I don't have extremely sensitive information, but a couple hundred of phone numbers for business contacts ( some even actually business, haha), a resume, source code to several projects, and files actually owned by other people... I think I've got a reason to protect it.

[Roxoff]

If you're just worried about losing the data so you cant access it yourself, get a memory stick and keep a copy of your data on it, and keep it with you.

If you're worried that someone will be able to take your data and use it, or worse use it against you, then encrypt everything using the strongest encryption keys you can find, and keep a copy on your memory stick which you keep with you all the time.

If it's school work you dont want stolen, then stick it on the university's servers, let them worry about backups and security (but of course, you may want to keep a copy on your memory stick, just in case).

[kveldulf980]

If you're just worried about losing the data so you cant access it yourself, get a memory stick and keep a copy of your data on it, and keep it with you.

If you're worried that someone will be able to take your data and use it, or worse use it against you, then encrypt everything using the strongest encryption keys you can find, and keep a copy on your memory stick which you keep with you all the time.

If it's school work you dont want stolen, then stick it on the university's servers, let them worry about backups and security (but of course, you may want to keep a copy on your memory stick, just in case).

Agreed. Encrypt anything that is potentially dangerous to give out (important addresses, numbers, personal data [although I'm not sure why you would store much of that on the computer, it's probably easier to access in hard-copy form]). Anything else that you don't want to lose, stick it on a flash drive or other external storage.

[kakariko81280]

The loopback device turns a normal file into a block device so it can be mounted and written to like a normal disk. All of the disk tools, including disk encryption, can work on top of it.

I set up a blank CD image on disk, use losetup to make it appear as a block device, then use cryptsetup to make an encrypted block device out of it. Once the encrypted block device is mounted I just write to it as normal. When I'm done I can dismantle the whole setup and get a cd image of apparent garbage to burn to disk.

When I load the CD, cryptsetup can be used to make it readable and mountable again. Without the key, the CD is (as far as I can see) totally illegible.

Let us know how you get on,

Chris...

[SagaciousKJB]

The loopback device turns a normal file into a block device so it can be mounted and written to like a normal disk. All of the disk tools, including disk encryption, can work on top of it.

I set up a blank CD image on disk, use losetup to make it appear as a block device, then use cryptsetup to make an encrypted block device out of it. Once the encrypted block device is mounted I just write to it as normal. When I'm done I can dismantle the whole setup and get a cd image of apparent garbage to burn to disk.

When I load the CD, cryptsetup can be used to make it readable and mountable again. Without the key, the CD is (as far as I can see) totally illegible.

Let us know how you get on,

Chris...

Oh, yeah, that's similar to what I'm doing right now with a thumbdrive I keep my resume on.