Porteus

I would like to make a USB drive with my important documents. I have put my documents in an "archive" directory and an "encrypt" directory. The encrypt directory is for passwords, tax info, etc.

I would like to carry the USB drive on my keychain so I always have the data. How can I encrypt the "encrypt" directory so I can keep the passwords safe if I lose the usb drive?

Is there a way to change the root password so that I can keep others from opening the Porteus system? Except for guest use?

Thanks

Please use Porteus v1.2 and inside the Porteus Settings Centre (System tools menu) you will find a button to encrypt a folder and to change your passwords.

Thank you

Are there any other best practices for creating a disaster recovery usb drive?

We'd probably have more suggestions for you if we knew more specifics about what you wanted to included for disaster recovery. In the case of just keeping importent documentation around in an encrypted folder, here's my suggested method:

1) boot into porteus without the "changes=" cheatcode, so that your changes are not saved persistently (for each session they will be saved in RAM, which is volatile memory, so they will *poof* when you shut down the system)
2) Copy the files from your Hard Drive into a folder inside /tmp, or /home/guest rather than your flash drive (e.g. /mnt/sdXY/path/) before you encrypt them.
3) encrypt the folder containing your documents and then move the encrypted file onto your flash drive.

When you access the files, go in the reverse order:
1) copy the encrypted file into /tmp
2) decrypt the file there
3) use or transfer files from there to a secure location

Why do it this way? Because if you place your important files onto your flashdrive (either directly or as a part of saved changes in an unencrypted save.dat) and then erase them, there is still the possibility for a knowledgeable "bad guy" to recover the deleted files from the drive in the unencrypted state. I have done this myself when I've accidentally deleted stuff.

Of course, you can run programs that are supposed to overwrite the data a bunch of times, etc., to obliterate it, but it's better in my opinion to just never let the unencrypted files hit your flash drive in the first place.

Disaster recovery... in my case I mean a USB stick that I can keep on my keychain that will allow me to access all of my personal documents (resumes, writings, recipes, website backups, pictures, various data from experiments) as well as passwords to websites and financial accounts. In case of fire/flood/emergency I can escape to another country or region and still have my data.

I also like to be able to boot up into a familiar but private desktop environment on a borrowed computer or at work.

At this time I have encrypted the /encrypt directory on the USB stick using the Porteus Settings Center encrypt function. I am using a 64 Gb USB stick.

Sounds like you are using it correctly. In case of natural disaster or the government come looking for you because of your nasty free energy experiments you can simply take you USB (and passport) with you. Porteus also supports and encrypted 'save file' which essentially means any changes you make to porteus will be saved to a file and encrypted. I believe the current setup you have will suffice. It uses aes-256 encryption so things should be pretty safe.

Heheh, unfortunately my antigravity device is not very energy efficient, it keeps taking down the power grid.

Is there a way to require a login to get root status?

I have encrypted the porteussave.dat file and changed the root password, but the toroot cheatcode will get into root without a login.

Can the toroot cheat be defeated?

How do I require the password splash page to appear?

How do I require the password splash page to appear?

you could read /boot/docs/cheatcodes.txt and search for 'noautologin' cheat.
please also read about all other cheats before you ask next question.

anyway - i dont think 'noautologin' cheat is required.
if someone fails 3 times while typing the password during boot then finishes in 'always fresh' mode.
your data are still safe no matter if one has root or not as container is never opened.

For some reason I had the feeling I should secure root with a password, but in the case of a live system, it is only necessary to secure (encrypt) the sensitive data. In fact, anyone can inspect the files in a live usb drive, change them or delete them, they don't need root to do so, they just need to plug it into their pc.