Quote:
Originally Posted by richinsc
I have thought about installing TrueCrypt on all my systems but the question that I have is, will I need to start with a formatted and blank hdd, install TrueCrypt and then install OS. Or can I keep my current install and just install TrueCrypt.
|
I've been using TrueCrypt for several years. I think it's great. I use it to encrypt all of my data but not my system files. In order to do this you can keep your current system installation and encrypt separate data partitions. In order to keep things simple I encrypt a partition and mount it on /home. That has all of the user account home directories and user data.
TrueCrypt is designed to encrypt an entire partition, not individual files. In that regard it is very different from Microsoft Encrypted File System, for example.
Quote:
Originally Posted by richinsc
Also during the encryption, how much freespace is needed while the disk is encrypting? Reason I has is one disk only has 300mb free, with possibly less space soon.
|
All encryption and decryption is done in RAM on the fly. You do not need any additional disk space to hold files in some intermediate state.
If you only have 300 MB free you may want to invest in an additional disk.
If you currently have only one partition on the disk then I would recommend that you back up your data, repartition the disk, and create a separate partition for /home.
Quote:
Originally Posted by richinsc
Another question, any suggestions for using TrueCrypt with NFS/Samba Volumes?
|
This is discussed in the TrueCrypt user manual. Basically you have to mount an unencrypted file share, create a file in the file share to hold an image of a file system, encrypt that and mount it on the client computer.
The good part of this is that the data is encrypted while it is traveling over the network between the file server and the client. All of the encryption/decryption is done on the client computer. The files are never decrypted on the file server.
This method prevents multiple access of files on the server. When one TrueCrypt container file is mounted on a client it cannot be mounted on any other client computers.
The alternative is to have TrueCrypt installed on the file server and do the encryption/decryption on the file server. The the files in the container or encrypted partition can be accessed by more than one computer but the data is sent over the network in unencrypted form.
Quote:
Originally Posted by richinsc
Now after I get this installed just need to figure out how to integrate the encrypt/decrypt into kscreensaver so that when I lock kde session the drives get encrytped and unmounted and then mounted and decrypted when I unlock session. This would only be for my non system disks. Same goes for login/logoff.
|
This isn't very practical. Basically the encrypted partition would be mounted while you are logged in. You could create some kind of setup where the mounted volumes would be unmounted when a screensaver is started but it would require you to enter the password for the encrypted partition when you came back to use the computer.
Quote:
Originally Posted by richinsc
And yes to answer the question, I'm paranoid so I want to encrypt everything, even the unimportant stuff.
|
Me too.
Read the TrueCrypt user manual available at the TrueCrypt site, then install it and play around with it.