Tong,<br><br>For a less intimidating (but still quite effective) HD encryption strategy, check out the grml2hd manpage. It includes straightforward examples of switching to LUKS-managed encrypted /home and swap partitions after installation, as well as examples of mounting directories for temporary files as tmpfs ramdisks. I am using more or less the exact setup described in the man page on my netbook.<br><br>You can easily set up passphrases for each encrypted partition if you wish.<br><br>Best,<br>Will<br><span style="font-family:Prelude, Verdana, san-serif;"><br><br></span><span id="signature"><div id="no_signature" style="overflow:hidden;"></div></span><span style="color:navy; font-family:Prelude, Verdana, san-serif; "><hr align="left" style="width:75%">On Jan 25, 2011 12:18 PM, T o n g <mlist4suntong@yahoo.com> wrote: <br><br>Hi,
<br>
<br>I'm thinking to do the disk partition encryptions now. However
<br>
<br>"Hard drive encryption sounds like an intimating concept, mostly because
<br>it is. The thought of taking your precious files, then using a
<br>mathematical formula to convert them into random noise before scattering
<br>them back across your disk is a hard sell. " [1]
<br>
<br>1. http://www.maximumpc.com/article/howtos/
<br>how_to_encrypt_your_entire_hard_drive_for_free_using_true_crypt
<br>
<br>So I need some demystify of the whole disk/partition encryption thing.
<br>The official "Disk Encryption HOWTO" from tldp.org [2] is only dated as
<br>2004-11-17, so I would assume it is *way* outdated. In terms of security,
<br>I tend to turn to people that I trust for help. Having tldp.org failed on
<br>me, I need your help, people from the grml community, instead of some
<br>random blogs found on the interent.
<br>
<br>2. http://www.tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/
<br>
<br>Linux Encryption HOWTO
<br>http://encryptionhowto.sourceforge.net/Encryption-HOWTO.html
<br>v0.2.2, 04 October 2000
<br>
<br>Here are my questions,
<br>
<br>- First very noob question, I don't want whole disk encryption, just want
<br>to encrypt some selected already partitioned partitions. If someone mount
<br>the encrypted partitions, will it shows up as empty or, there are some
<br>hints that the partition have been encrypted?
<br>
<br>- The Ubuntu [3] and CentOS [4] seems to endorse dm-crypt, instead of
<br>cryptsetup-luks that grml-crypt uses. So I need a bit of explanation why
<br>it is better than others.
<br>
<br>3. http://www.humboldt.edu/its/security-encryption-linuxubuntu
<br>4. http://beginlinux.com/blog/2009/04/centos-53-encrypted-block-devices/
<br>
<br>- In terms of encryption used, TrueCrypt supports the following
<br>encryption algorithms: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-
<br>Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent; And these
<br>hash algorithms: RIPEMD-160, SHA-512 & Whirlpool [5]
<br>
<br>5. http://www.informit.com/articles/article.aspx?p=1276279
<br>
<br>So I need a bit of explanation why the chosen algorithm is better than
<br>others.
<br>
<br>- Is your choice as cross-platform as TrueCrypt?
<br>
<br>- Since I need to encrypt more than one selected partitions, is there any
<br>alternative to typing in passphrase for each one of them when mounting
<br>them?
<br>
<br>- how passphrase are cached? Do I have to repeately typing in passphrase
<br>each time I do the mount? I also heard of passphrase-less disk
<br>encryptions. Hmm... I don't want to go there so maybe I can skip that.
<br>
<br>BTW, I just need a mini how-to about disk encryption, it does not need to
<br>be in-depth or comprehensive but rather short and to the point, to allow
<br>anyone with a minimum of linux disk encryption knowledge to create
<br>encrypted memory sticks, USB disks, or partitions in minutes.
<br>
<br>Thanks a lot.
<br>
<br>--
<br>Tong (remove underscore(s) to reply)
<br> http://xpt.sourceforge.net/techdocs/
<br> http://xpt.sourceforge.net/tools/
<br>
<br>_______________________________________________
<br>Grml mailing list - Grml@mur.at
<br>http://lists.mur.at/mailman/listinfo/grml
<br>join #grml on irc.freenode.org
<br>grml-devel-blog: http://grml.supersized.org/
<br></span>