Forgot your password?

Of all my locally stored data, I encrypt ...

Displaying poll results.
None at all
  12880 votes / 49%
A portion of my home directory
  2839 votes / 10%
All of my home directory
  1219 votes / 4%
Home directory, backups, flash drives, etc. All!
  1099 votes / 4%
Some other combination of possibilities
  2190 votes / 8%
I'll never tell -- you'll have to beat it out of me
  5587 votes / 21%
25814 total votes.
[ Voting Booth | Other Polls | Back Home ]
  • Don't complain about lack of options. You've got to pick a few when you do multiple choice. Those are the breaks.
  • Feel free to suggest poll ideas if you're feeling creative. I'd strongly suggest reading the past polls first.
  • This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane.
This discussion has been archived. No new comments can be posted.

Of all my locally stored data, I encrypt ...

Comments Filter:
  • No need (Score:5, Funny)

    by Anonymous Coward on Monday November 21, 2011 @07:09AM (#38122492)
    Nobody wants to see those naked pictures of me anyway
    • For sure!

    • Re:No need (Score:5, Funny)

      by Nationless (2123580) on Monday November 21, 2011 @01:49PM (#38126080)

      Naked pictures of me IS the security. I have all my sensitive documents hidden within a folder within a folder within a folder filled with naked pictures of me.

      It's the perfect reverse porn hiding place.

      • Re: (Score:3, Funny)

        by bughunter (10093)

        Would that be called 'Rule 43?'

      • by AmiMoJo (196126)

        This reminds me of an attack on a Windows user that involves deep directory trees.

        All current versions of Windows have a path length limit of 256 characters. If you create a directory tree that ends up longer than the path limit the user won't be able to delete it via the normal Explorer shell or command line. At the lowest level they won't even be able to open or rename the last folder, so an attacker could call it something like "bomb making plans" and there would be no way for the victim to change it. Th

      • Re:No need (Score:5, Informative)

        by GPLHost-Thomas (1330431) on Tuesday November 22, 2011 @11:02AM (#38135606)
        More seriously... If you use truecrypt, it has a very nice feature of having multiple passwords give access to different data. So, one way of hiding your data would be to encrypt them in one of these containers, then create another one using another passphrase. Then if for some reason someone asks for your passphrase (let's say, a court order, or the like...), then you just give the password that decrypt few p0rn files on your HDD. Nobody will be able to tell if there's another content using another passphrase, and such content type is the perfect excuse for encryption. :)
        • Obligatory (Score:5, Insightful)

          by Yenya (12004) on Wednesday November 23, 2011 @09:37AM (#38147564) Homepage Journal

          Obligatory XKCD:

    • Re:No need (Score:5, Funny)

      by Meriahven (1154311) on Monday November 21, 2011 @04:18PM (#38128110)
      Yup, it's the time-honoured "security through obscenity" approach again.
  • by Anonymous Coward

    My netbook has full drive encryption. My desktop is less digitally secure but less likely to fall into "hostile" hands.

    • by clarkn0va (807617) <> on Monday November 21, 2011 @06:07PM (#38129552) Homepage

      My netbook has full drive encryption

      ...and is featured on the wikipedia page for "slow".

    • I do almost the same thing with my netbook and my notebook but instead of the full drive I have a Truecrypt mount for documents and portable apps. If I need to quickly fire up the machine and get on the net I can - but if I want access to any of my documents, bookmarks, Eclipse workspace or my portable apps, I have to mount the drive. We've made this a standard practice for all company notebooks where I work - very little speed compromise and stolen or lost computers pose very little risk (as long as they
      • The downside of this approach is the risk of data leaking onto the unencrypted volume, through temporary files, swap space, browser caches, files inadvertantly saved in the wrong place and so-on.

        If you use linux you can mitigate this by disabling (or encrypting) swap and using ramdrives for /home, /tmp, /etc and /var so everything not explicitly saved is wiped out on reboot. For distribution updates you would need a script that resets /etc and /var to the stored state, clears /tmp remounts root read/write,

  • Dropbox (Score:5, Interesting)

    by Anonymous Coward on Monday November 21, 2011 @07:23AM (#38122544)

    I have a small (2 MB) TrueCrypt container for sensitive data inside my Dropbox. I use it to store things like scans of my passport and issued tax ID code (it's a thing that my country has that you have to have to do banking) should I need them on the go. I also keep my passwords encrypted inside the Dropbox with KeePass.

    However, now that I trust Dropbox less than I used due to some SNAFUs on their part I might introduce per-file encryption for everything in it. The problem is that there's apparently no cross-platform solution to do it for me.

    • by Smallpond (221300)

      I have been looking for some piece of cross-platform encryption for just that: so I can keep a file of my passwords and not have to worry about someone else getting access to it. I'm thinking of writing something in Perl but wonder if there's already a good alternative.

      • Re:Dropbox (Score:5, Informative)

        by Anonymous Coward on Monday November 21, 2011 @11:40AM (#38124408)

        I have been looking for some piece of cross-platform encryption for just that: so I can keep a file of my passwords and not have to worry about someone else getting access to it. I'm thinking of writing something in Perl but wonder if there's already a good alternative.

        Use KeePass. It can encrypt with AES or Twofish, works on Linux and Windows (probably on Mac too), has a good interface and is free software.

      • I have been looking for some piece of cross-platform encryption for just that: so I can keep a file of my passwords and not have to worry about someone else getting access to it. I'm thinking of writing something in Perl but wonder if there's already a good alternative.

        GPG combined with text files (one per service/site) that contain the encrypted ASCII text blocks. Easy to backup (you could even print the ASCII block out on a piece of paper) and as secure as you keep your GPG key(s). It's probably the b
    • Sounds similar to what I do but for keeping my tax records along with other data I would rather other people not get a hold of. I use USB sticks though.
    • by LilWolf (847434)
      Switch to a better service. Like Wuala []. It actually encrypts your files on your device before sending them off to their storage. Wuala does not have access to your password so you're likely as safe as you can be with a service like that.
    • by artor3 (1344997)

      I do the exact same thing, and now you've got me curious. What snafus have occurred that would actually affect the security of things like TrueCrypt and KeePass? I've been operating under the assumption that as long as I use strong passwords, they're pretty much impenetrable.

      • by Nerdfest (867930)
        With Keypass, use a key file rather than just a password if you want to be really sure. This protects you from keyloggers as well. Carry the key file with you on a USB stick.
    • by Nerdfest (867930)
      Try SpiderOak [] rather than DropBox. You supply the encryption key for your data, as opposed to the DropBox single key solution. Cross platform, and great referral bonuses too.
      • Wrong name. Given the usual meaning of "spider" in a computer context I personally find it hard to trust a company with that name. It's not that I believe that they are actually collecting information through a loophole, it's rather that I can't trust the expertise of people who call a company for secure data storage "SpiderOak". Or do they release the source code of their applications?

        • by Nerdfest (867930)
          They do release a lot of their code, and have contributed a lot of their internal tools. As far as I know, they don't release full code for their client. I think faulting them for their name is a bit picky, personally.
  • I'm naive enough... (Score:5, Interesting)

    by KeiserSoze (657078) on Monday November 21, 2011 @07:31AM (#38122568) Homepage
    ... to think that I'm uninteresting and inconsequential enough that nobody would ever be interested in my /home/ directory. I hide behind a router and firewall, and run GNU/Linux. Isn't that enough for us peons?
    • by xaxa (988988)

      ... to think that I'm uninteresting and inconsequential enough that nobody would ever be interested in my /home/ directory.

      I hide behind a router and firewall, and run GNU/Linux. Isn't that enough for us peons?

      I do that too. I have one encrypted file, which stores password hints for infrequently used logins. (The "hint" is something like "9...a...N", which means "my too-often-used password beginning 9, the too-often-used password beginning a, and the letter N, or a unique word beginning with N".) It's encrypted using GPG.

      • I'd like to do that, too...but I'm afraid to forget that password. :(
      • by Nutria (679911)

        I have one encrypted file, which stores password hints for infrequently used logins.

        I do something similar using a "passwords.txt" file in an encfs [] container.

    • by Anrego (830717) *

      Isn't that enough for us peons?

      Probably more than enough, yes.

      Encryption against "bad guys": they beat it out of you
      Encryption against the cops: they charge you with a dozen other things.. and depending on where you live, probably charge you for hindering an investigation or such.

      I encrypt everything, but more because I have a weird interest in it. I also run seperate isolated networks (internal/external) and have individual firewalls on all my boxes.. all of which I recognize as serious overkill, as the threat I am most likely to face i

    • by AmiMoJo (196126) <mojo&world3,net> on Tuesday November 22, 2011 @07:29AM (#38134006) Homepage

      No, we should all encrypt everything by default. Otherwise encryption looks suspicious and laws like RIPA can target people who use it. If everyone encrypted everything it would be much harder to make prosecute any particular individual.

  • by Robert Zenz (1680268) on Monday November 21, 2011 @07:43AM (#38122612) Homepage
    xkcd: Security []
    • That's probably the best example of what "physical access to the device" could mean.

  • by tqft (619476) <<moc.oohay> <ta> <ua_sworrubnai>> on Monday November 21, 2011 @08:00AM (#38122698) Homepage Journal

    having screwed up every disk partitioning scheme I have tried and rm -rf * on my laptop /home the other day why would I trust myself with something complicated?

    I have enough drama trying to get motivated to do backups

  • by data2 (1382587) on Monday November 21, 2011 @08:06AM (#38122726)

    I have all my harddisks encrypted. Less of a hassle than remembering to store everything just in /home (/srv anyone) and then forgetting about caches in /tmp or /var/tmp.
    And I am quite glad for it, as I have had a laptop stolen with a lot of private stuff on it, too.

  • I use a combination of encryptions and physical separation of data from system - the data is encrypted as-it-goes, the drive itself is full encrypted, and that drive sits in a Phoenix safe. A monthly backup goes elsewhere, which is also encrypted using a different method.

    • by Anrego (830717) *

      I have two classifications of data: replacable (rips of DVDs I own, music I own, stuff from the net, etc) and irreplacable (projects, documents, photos).

      I have an internal file server, where all the data is encrypted. My media directory is shared over NFS, my home directory files are shared over sshfs.

      For backups I've got a few copies of the irreplacable stuff. I have two external hard drives that I rotate periodically and backup to using rsnapshot. I have recently also started backing up to my linode VPS a

    • by Zocalo (252965)
      Pretty much the same here, specific data that warrants it goes into encrypted files/partitions as approriate, the rest goes to disk as is. I don't see any reason to waste CPU cycles encypting stuff that I've downloaded off the internet or I don't give a crap whether someone else sees it. The only other things I would add to the list are cache/temp directories and any swap files/directories/partitions - you never quite know what data your application or OS is going to put on disk via that particular route,
  • Only selected files that contain sensitive information.

  • by thogard (43403) on Monday November 21, 2011 @09:31AM (#38123108) Homepage

    What about on media that is nearly unreadable these days? I've got stuff on mag tape, punch cards, ST506 drives and SASI disks.

    • by Achra (846023)
      At last, a like minded individual! All of my most important data is stored on Floptical Diskettes.
  • I set up most of the computers I use now in a more innocent time. Right now I just encrypt my backup drives, but I plan to move to full-disk encryption on all my mobile computers. No plans to encrypt the home server or gaming PC yet.

  • on the theory that it's easier for that to grow legs. When this computer gets replaced by something that accelerates AES I may consider crypting the internal hard drive as well.

  • by angel'o'sphere (80593) on Monday November 21, 2011 @12:07PM (#38124836) Homepage Journal

    I store the one bits on one machine and the zeros on another.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Wow! Do you compress it?

    • by Bradmont (513167)
      Ahh, but once I figure out which is which, all your data will be mine! Hahahaha!
    • by dargaud (518470)

      I store the one bits on one machine and the zeros on another.

      Seems a great way to run a RAID system with only 2 drives. Incredibly efficient too, since you don't actually need to commit your writes (they always only contain zeros or ones). And if one disk fails, you replace it, do "dd if=/dev/zero of=/dev/sdd" on it for the '0' disk and you have restored all your data. Of course you have to remember which one holds the zeros and which one holds the ones, otherwise you are screwed.

  • by BagOBones (574735) on Monday November 21, 2011 @12:45PM (#38125296)

    Nearly all of my personal documents are incredibly mundane, I have a KeePass database and a TrueCrypt file for my Banking and other financial docs that may contain vital personal info...

  • How do you do "All"? (Score:4, Interesting)

    by marcosdumay (620877) <marcosdumay@gma[ ]com ['il.' in gap]> on Monday November 21, 2011 @01:22PM (#38125772) Homepage Journal

    For the people that choosed the "All!" option, aren't you afraid of losing a key and being unable to access all of your data? I'm quite afraid of encrypting backups already (encrypt in transit, keep it in trusted locations seem way more secure). I can't imagine how one sleeps at night knowing all their /home is encrypted.

    (I've once lost the key of my laptop. No big deal, I have backups for that. But I don't have backups for the backups...)

    • by antdude (79039)

      What about corruptions? That also suck and backups are important again.

    • by Kjella (173770)

      Based on my experience with HDDs, I generally expect catastrophic failure rather than corruption so I'm no more or less screwed than you. There's no "master key" to everything, each disk can be opened individually with my passphrase. Which I remember. And short of brain damage I don't think I'll forget that and in that case I got bigger problems.

  • Is there a good way to encrypt just the home directory in Mac OS X? FileVault can only encrypt the whole drive in Lion. I don't need to be secure from Mossad / CIA or anything, but it would be nice if my personal stuff was decently encrypted in case my MacBook is stolen.
    • by bkmoore (1910118)

      In previous versions of OS X (Pre 10.7), FileVault just encrypted home directories, that is the home folder was just an encrypted writeable disk image. The problem arose with the introduction of Time Machine in 10.5. Time Machine and FileVault did not work very well together because Time Machine would back up the whole home directory every time a file within it was changed. In Lion, with FileVault on, only the changed files are backed up with Time Machine.

      If you want to just encrypt one folder tree, just ma

      • by mmcuh (1088773)
        Doesn't OS X have any filesystem-level encryption like ecryptfs or encfs on Linux? Seems like a weird oversight.
        • You can install encfs on the Mac too. There are even GUI add-ons available for it, though personally I don't use them.

        • by pesc (147035)

          Doesn't OS X have any filesystem-level encryption like ecryptfs or encfs on Linux? Seems like a weird oversight.

          Yes it does and it is built in. But it is not supported for the boot partition.

          As the parent to your post said, you can easily create encrypted disk images that grow as they are used which you can mount by double-clicking on it. OS X will then ask for the key before the image is mounted.

  • All backups are encrypted, of course. Mostly because copies of them are stored elsewhere.

    Other than that, nothing except some USB sticks with the most sensitive data. If I did a new install from scratch today I'd probably do a full disk encryption (just click another button in the Debian installer) but I'm too lazy to change my existing systems.

  • by John Hasler (414242) on Monday November 21, 2011 @02:31PM (#38126522) Homepage

    Anyone who's withit stores it all in the "cloud". No need for boring encryption: you know you can trust Carbonite.

  • I encrypt everything not because I'm paranoid or have anything super secret but because it is easier to dispose of old hard drives. When I replace a drive I simply throw the old one away. I don't have to spend any time wondering if there was anything on there I needed to wipe. I don't have to spend any time worrying about how to wipe a broken drive.

    • by gman003 (1693318)

      There's another, better way.

      Pop the thing open, and jab a screwdriver through the discs. Maybe hammer them out of shape a bit, too. It's not exactly hard or particularly time consuming - about five minutes each.

      That's the system the DoD and NSA use. They're predictable paranoid in assuming that anything they can do (or even think they'll be able to do), anyone else can do. If you want to protect your stuff from them (and you probably should), just use their own procedures.

  • I have an IronKey USB thingamajig from ThinkGeek that I stuff all mission-critical private data on to. Although, to view the data I need to decrypt it, and since just about every OS duplicates that data into unsecure swap space, it feels kinda pointless... but it makes me feel good anyway.

    • by Ltap (1572175)
      Well, the whole point of an encrypted flash drive is to make stealing the flash drive useless, not to provide 100% security. Semi-related, I've found that security works as something of an ecosystem -- doing one thing and expecting it to secure you perfectly isn't very bright, but many people take the "panacea" approach. Security suites (or truly awful suites, like anti-virus/firewall/defrag/backup/security jack-of-all-trades-master-of-none) only encourage this idea.
    • I have one of these. 4GB, supplied and mandated by Work (tm). I keep all work related and sensitive files on it.

      Yes, it does you no good once it is plugged in and decrypted to expose the drive.. but then again how is that different from Truecrypt?

      As the other responder said, the main purpose here is for when the device is lost. I've lost several tiny 4GB drives .. mostly because they were in my pocket without a leash.. but they were for casual file transport... and did not have anything important.

      Work manda

  • Its encrypted and it's local. So I think a larger should have *technically* picked the 5th option.

  • I don't encrypt my music, pictures, or movies folders, but do encrypt documents and non-"documents" application data folders. Plus all backups. If I had a system that could do full-disk encryption in hardware, rather than software, I'd use it.

  • that if you have just one bit faulty in the entire encrypted volume, the entire thing becomes unusable?

    Try making a quick TrueCrypt volume, and using a hex editor to change a byte. The whole thing is useless.

    So if there's a failure in storage on your SSD or HD, everything's ruined. If it was not encrypted then you'd probably not even notice.

    • by iggymanz (596061)

      not true, changing a bit only corrupts a TrueCrypt ciphertext block (128 bits). You only have to deal with corruption to the same extent you would have to with normal filesystem, as long as you remember to make backup copies of volume header (lose that and you can't mount the volume)

    • If that was true, then writing one bit of data would require re-writing the *entire* hard drive. Any encryption system where writing 1 byte takes less than ~5 hours will not corrupt the whole hard drive if one sector goes bad.

      However... hard drives go bad all the time, so you need backups anyway! My drive can die any day, and I won't loose more than a couple hours work.

  • I work as an IT consultant and sometimes have to bring home more or less sensitive information -- all such information (actually all customer information) I keep in an encrypted container, with one for each of my customers. And no, I do not use the same password for all containers!

    For what it's worth: I use TrueCrypt as it is cross-platform and I back up my whole containers to two off-site locations in another country. And to manage passwords I use KeePass and KeepassX.

    Anything else, you inquisitive so-
  • I turned on the new full disk encryption feature for months and never noticed any real performance issues. Intel's hardware accelerated encryption is plenty fast enough to keep up with a hard drive's i/o speed.

    But because the whole system is encrypted, it moves the login screen to before the system even starts booting, and that mini-os had a couple of bugs when switching from one monitor to another. So I turned it off last week. I'll turn it on again one day after they've ironed that stuff out.

  • Just the Porn. Seriously.
  • Key management? (Score:5, Insightful)

    by pesc (147035) on Wednesday November 23, 2011 @04:49AM (#38146330)

    The difficult questions are:
    - How do you manage your encryption keys?
    - What is your procedure for changing them?
    - How many bits of entropy does your key really have? Did you say you used AES-256?

    Encryption is easy. Proper key management is hard.

  • ... i.e. /home/karellen, but the whole /home partition.

    Well, to be more precise, I encrypt the /var partition, and /home is a bind mount to /var/local/home

"In the face of entropy and nothingness, you kind of have to pretend it's not there if you want to keep writing good code." -- Karl Lehenbauer


Forgot your password?