Security Problem
Whenever I boot up my laptop which has Trisquel installed, it logs in automatically to my account without asking for my password. I have the settings set to ask for a password on log in so I'm confused why this happens. Any help would be greatly appreciated.
I cannot help you (since I don't have a machine running trisquel at the time) but I would suggest (in terms of security) to use a BIOS password. More effective than OS password.
Edit as super user /etc/gdm/custom.conf to say AutomaticLoginEnable=false
Note that even with OS and BIOS passwords, somebody can just yank out the hard disk and access it on another machine.
Yes! Thank you kind sir.
You're welcome.
Yes, you are correct, I think full disk encryption is the best option, but it takes an awful lot of time.
And if you lose the keys to the kingdom you can kiss your stuff good bye.
You can prevent this with regular backups in many cases;
for instance, I've encrypted my notebook so I can take it with me in public.
My backups are on pcs at home.
This is a huge step up - the danger of losing my notebook in public is pretty realistic. It happened to a lot of people, and it would be just awful knowing my data in the hands of a foreigner.
But somebody invading my house? Well, you can't prepare yourselfs for every scenario.
I did it by choosing "encrypt whole partition" during the debian installation and it was really easy.
The machine boots just as fast as normal after I type in the passphrase, so I really can recommend this way of doing it.
The boot is fast, but the encryption process takes very long. A normal installation of Debian is about 30 mins, encryption takes hours. That's the only problem with this method, which is very secure and I recommend :)
Does it take that long if you have a separate home partition and only encrypt that one? I can't think of a reason to encrypt the root partition.
"I can't think of a reason to encrypt the root partition."
If you expand the encryption to go beyond just ~/ then you also get things like encrypted swap. Sure your documents might be encrypted, but when you put the computer in hibernate and the contents of RAM can just be obtained straight out of the what's been written to disk (because the contents of RAM have to go somewhere when the computer goes into hibernation mode) that kinda defeats it. You also end up with temporary files being encrypted (which can also be valuable), logs (which can also be valuable), and etc. Think from the attacker's perspective of all that lives outside of home and what a potential use for it could be and you'll see my point.
So my philosophy is do the whole disk or go home.
When you (and others) say "it takes a long time", what sort of time are you talking about?
Is there a rough "x minutes per gigabyte" estimate or is it dependent upon file size and type as well as on hardware type (IDE vs SATA vs SSD, for example)?
I've never looked at encyption before. I have an SSD drive, split into 3 20GB partitions (for root partitions) and a 348GB SATA HD that contains the home partition, that's about 65% used (122GB free).
I suspect others are referring to the processing of wiping the disk in advance. Depending on the specifics, like if it's a new drive or if the information's somehow already been erased, it's not really necessary to have the installer do that.