Do you mean an encrypted partition dedicated to only storing those specific secrets, or do you mean an encrypted partition with everything, your whole operating system, on it? I’m no expert at this but in the latter case I suspect that would be less secure than Seahorse because your secret files are available, unencrypted, as soon as you boot up your computer. Then the secrets are only safe when the computer is turned off such that it will require the password to start again.
To add to the previous point, if you boot up with FDE and, say, start browsing the web and there’s some Day 1 in the web browser that allows the hacker to sample your files then plaintext files are completely vulnerable (if you yourself have access to the files). That is basically what @Skalman is saying.
You are also losing some deniability by using only full disk (partition) encryption.
I would definitely say “BOTH” if your threat model justifies it. (The main benefit of FDE is in the case of physical loss of custody over the device.)
Another consideration for Seahorse is that you have the choice between a keyring that unlocks automatically upon login and a keyring that must be manually unlocked. The second case effectively gives you a second password.
i was thinking more in line with the FIRST method but taking advantage of GPT and LUKS to create as many small (as small as possible) each with their own unique unlock pass. it would look like you’re having multiple keyrings inside Seahorse each with ‘stay-locked-on-login’ feature unlike the DEFAULT keyring inside Seahorse that’s aptly named ‘Login’
so yeah in this case my ‘BOTH’ turned up to be ‘MANY’
that’s not a bad idea. how would that work then ?
i was thinking that a system like LUKS + Seahorse is more readily available for most home-users that are using a GNU/Linux distribution (not too many i imagine) …
Not sure what you specifically have in mind, but you can just replace where you say “partitions” with " veracrypt containers" and it’d work the same. Each container acts like a regular file, and when you unlock it it becomes a directory. You can use CLI or the GUI, and you can choose to auto mount some, all, or no containers. Obviously veracrypt has to be running to do all this, so you may need it to autostart depending on your wants. They have a .deb installer or you can download the source and build it yourself.
When you are comparing two different security measures with the question “what is more secure?” I find you are more likely to get a good answer if you follow up with a threat model (what you are trying to protect? from whom? what are their capabilities?) and then compare both security measures to that specific threat.
Otherwise there are just too many variables to have an accurate and actionable answer on whether one measure is “more secure” than another. Partition encryption is useful to solve certain threats, encrypting individual files is useful for others.
bookmarks, random-stuff, invoices, some-complex passwords/passphrases that i merely test and store in .txt files, av-files, pictures (of all sorts and sizes), some pkeys, the ocasional meme-collection that i put together myself, .tar-files, .zip-files, maybe back-ups, screen-shots, shorter-or-longer letters, learning-materials, manga, books-in-digital-format, famous-quotes, random-interesting-or-funny lines from movie-scripts, etc, etc.
basically just personal-stuff that i’d like to keep encrypted and kept separate based on the frequency i access them and how much space they take up.
i do agree that both encrypted partitions and files serve their purpose, so for simplicity sake just pick an example and illustrate that and i’ll decide if that is more or less what i had in mind.
do i really need to protect myself from somebody ? maybe i’m just the kind of guy who does this for sport …
Then, if it was me (and it is because I’m currently doing what I’m about to describe to you), I’d make a however-large veracrypt container and store all that stuff in there. When you want to access it, you just open veracrypt, use your password or keyfile(s) or both and mount the container, and there’s all your stuff. When you’re done, dismount it in veracrypt and copy the container over to some external storage as a backup. EZPZ
i’ll accept your suggestion as one way of going about it. any input is ofc welcome and appreciated.
my mind however works best when i triage information based on type and how frequent i need to access/read/modify information so having it all in one basket wouldn’t fit this criteria. this is not a server or a machine i use to keep stuff for remote access so that’s another thing … just personal stuff that i keep local (no backups leave my LAN).
i’m not looking for EZPZ (like i said it’s just sport for me). some people play Chess and make crosswords to keep sharp while i do this so until now i’m leaning toward the multiple LUKS encrypted partitions with different not-so-long-and-complex passphrases instead of just one big partition that would expose everything when unlocked at the same time.
i also take into account that even Linux can get viruses or have other malware although this LMini is entirely air-gapped (no radio NICs at all) and has just a minimum of blobs remaining in the iME. that said if this machine would get infiltrated information could be extracted after one of those partitions is unlocked so i would say that QubesOS would be better compartmentalized however i don’t believe i need to escalate and worry that much after all this is just FUN but still a learning experience that i try to take seriously …
Then I would suggest creating multiple containers.
And so its known, I’m not offering this information as an argument against LUKS partitions, just being informative. I think veracrypt containers would make your life easier than encrypted partitions, but maybe not. You do you, boo boo.
If you want an answer to “which is more secure?” then, yes, you need to spell out what you are trying to protect against.
Loss of custody of the device through loss / theft / confiscation / coercion? For loss or theft then partition encryption is good and sufficient.
My honest opinion is that you should never store a password in plain text, whether it is on an encrypted partition or not, regardless of your threat model, because there is an alternative that is both more secure and equally convenient. If you are going to store passwords on a computer at all then use Seahorse or a password manager or any open source product that is equivalent. My opinion would then also be: avoid any password manager that uses any kind of network syncing unless you reallyreally need that functionality and some kind of independent audit has been done on how the networking syncing works.
Maybe a plain text password on an encrypted partition is OK if the computer is airgapped (and in that case you can ignore the comment regarding network syncing).
Since you mention it, remember that the protection of backups is as important as the protection of the original data but of course you also need to ensure that if a backup is ever needed, the backup can actually be restored (and hence that if a password is needed in order to restore the backup then it is not the case that the only copy of the password is on the original data that you are attempting to restore ).
if i were to give a general reason why i use and support Purism’s products and mission is because i’m defending against proprietary-sw as a general ‘unseen’ potential-enemy and using only free-sw (as is in liberated-sw) gives me MORE peace of mind in this regard.
again if what i’ve written above answers that then fine but i’d like to avoid giving specifics when i’m not even sure when and where that would apply to ME.
i hear you. like i said the LMini is air-gapped (no radio going in or out) but it is sometimes connected to the www by wire. i don’t use network syncing for generating or storing secrets of any kind. i just don’t trust them and there are better options available as you’ve metioned.
about the backup. it’s good that you’ve mentioned it since i hardly even knew about encrypted backups until i heard of Purism and this forum. i’ve also been quite late to the whole Snowden revelations things and before i knew it there was an entire movement out there regarding that … i’m just having a hard time keeping-up is all
That is a slight misunderstanding of what air-gapped means.
Imagine a world, only a few years after the stone age, when there was no such thing as WiFi or any other ubiquitous wireless technology (such as Bluetooth or cellular). So the only network connections were wired ones. So …
A computer or network is air-gapped from an undesirable network (usually but not always the internet) if and only if there is a “gap of air” between it and the undesirable network i.e. not plugged in to the undesirable network, and therefore safe from the undesirable network.
Now add wireless networking to the picture. The term air-gapped is now technically incorrect because it is misleading, and hence out of date (but still of course in widespread use). It is no longer sufficient to have a “gap or air”, an air-gap. You now also need to police all wireless networking - and that is more difficult.
The truly paranoid and very well resourced (coughTLAcough) might take a belt-and-braces approach and use extensive RF shielding on the facility and maintaining physical security of the facility and physically searching people on the way in to and out of the facility and have a spectrum analyzer sniffing for breaches and use 802.1X and …
@reC on the other hand will just ensure that, at its simplest, neither the wired networking nor the wireless networking on the Librem Mini is ever used. A more complex arrangement allows an entire private network but the private network is physically isolated from and radio isolated from any device that is ever connected to the internet - so in that situation you would use networking on the Librem Mini (probably wired only) but you would have to manage and police connections to the private network.
In my opinion a truly air-gapped arrangement for the average home user would be unacceptably inconvenient - but it does depend on your threat model. If you are coming up against nation states (whether your own or another) this would not be unreasonable.
when i read ‘air’ and then ‘gapped’ in ‘air-gapped’ as a more technically inclined lay-person i primarily think about what network-connections are used to transport signals through the air.
the answer to that is obviously radio-wave-established connections (weather that is BT/WiFi/Cellular). however, as you put it, ‘wired’ might be included as well since ‘air’ is an excellent isolation-medium but in the presence of ignorance/lack-of-skill ‘air’ and ‘gapped’ are still powerless …