[kwlug-disc] TrueCrypt Safer Than Previously Thought

B.S. bs27975 at yahoo.ca
Sun Nov 22 01:31:15 EST 2015 

Googling veracrypt and getting to https://veracrypt.codeplex.com/ I see 'improved' TrueCrypt - I have no idea if that's true, or if they're the only ones. OTOH, it does seem that they are maintaining something, again I don't know if others are. IIRC TrueCrypt is no longer maintained, so I expect someone doing so in a FOSS manner is a positive thing.

I have never used TrueCrypt on a whole disk, nor use disk encryption at all. I have used a file container backing up confidential windows files across a vpn to a linux system in 3rd party hands.

My desktops at home are all overnight backup sources/receivers - I need them to completely self-boot after a power failure without manual intervention. Thus I have never encrypted the disks - for needing manual intervention to complete booting. If such manual intervention is not needed, a heads up would be appreciated. [Leaving a USB key in the system to facilitate self-booting feels no better than not encrypting at all to me. Again, if I'm mistaken, please note a heads up.]

Lori convinced me some long while ago that I really should encrypt my laptop, just haven't gotten around to it. [It's not an automatic backup receiver. It is a source, but if I haven't been using it to need a new backup, the last backup will do me. So manual intervention there to boot seems reasonable.]

Even then, it seems I've read that to help oneself out in problem situations, one should use an unencrypted boot partition (that then mounts encrypted partitions). Notes to any contrary appreciated. Seems I've also seen notes to only encrypt /home on a different partition (or within a container), but there are configuration and cache files all over a system, so it only seems to make sense to encrypt it all (but boot).

- along with using BIOS passwords for booting / config, that is. Doesn't help if the thieving b*stards removes the disk, but nixes the casual snooper. [See prior - make sure no keyloggers present, comment.] Even then it seems some disks can require a password for any access at all - never used such to know.

And don't forget to have a short screen timeout that requires a password to unlock, too.

>________________________________
> From: CrankyOldBugger <crankyoldbugger at gmail.com>
>To: KWLUG discussion <kwlug-disc at kwlug.org> 
>Sent: Saturday, November 21, 2015 1:38 PM
>Subject: Re: [kwlug-disc] TrueCrypt Safer Than Previously Thought
> 
>
>
>I actually made the jump to Veracrypt not that long ago, so I'm wondering now if I should go back to TrueCrypt.

More information about the kwlug-disc mailing list