[Grml] disk partition encryption roadmap

William Gardella gardellawg at gmail.com
Tue Jan 25 22:08:52 CET 2011


Tong,

For a less intimidating (but still quite effective) HD encryption strategy, check out the grml2hd manpage.  It includes straightforward examples of switching to LUKS-managed encrypted /home and swap partitions after installation, as well as examples of mounting directories for temporary files as tmpfs ramdisks.  I am using more or less the exact setup described in the man page on my netbook.

You can easily set up passphrases for each encrypted partition if you wish.

Best,
Will


On Jan 25, 2011 12:18 PM, T o n g <mlist4suntong at yahoo.com> wrote: 

Hi,



I'm thinking to do the disk partition encryptions now. However 



"Hard drive encryption sounds like an intimating concept, mostly because 

it is. The thought of taking your precious files, then using a 

mathematical formula to convert them into random noise before scattering 

them back across your disk is a hard sell. " [1]



1. http://www.maximumpc.com/article/howtos/

how_to_encrypt_your_entire_hard_drive_for_free_using_true_crypt



So I need some demystify of the whole disk/partition encryption thing. 

The official "Disk Encryption HOWTO" from tldp.org [2] is only dated as 

2004-11-17, so I would assume it is *way* outdated. In terms of security, 

I tend to turn to people that I trust for help. Having tldp.org failed on 

me, I need your help, people from the grml community, instead of some 

random blogs found on the interent.



2. http://www.tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/



Linux Encryption HOWTO

http://encryptionhowto.sourceforge.net/Encryption-HOWTO.html

v0.2.2, 04 October 2000



Here are my questions, 



- First very noob question, I don't want whole disk encryption, just want 

to encrypt some selected already partitioned partitions. If someone mount 

the encrypted partitions, will it shows up as empty or, there are some 

hints that the partition have been encrypted? 



- The Ubuntu [3] and CentOS [4] seems to endorse dm-crypt, instead of 

cryptsetup-luks that grml-crypt uses. So I need a bit of explanation why 

it is better than others. 



3. http://www.humboldt.edu/its/security-encryption-linuxubuntu

4. http://beginlinux.com/blog/2009/04/centos-53-encrypted-block-devices/



- In terms of encryption used, TrueCrypt supports the following 

encryption algorithms: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-

Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent; And these 

hash algorithms: RIPEMD-160, SHA-512 & Whirlpool [5]



5. http://www.informit.com/articles/article.aspx?p=1276279



So I need a bit of explanation why the chosen algorithm is better than 

others. 



- Is your choice as cross-platform as TrueCrypt?



- Since I need to encrypt more than one selected partitions, is there any 

alternative to typing in passphrase for each one of them when mounting 

them?



- how passphrase are cached? Do I have to repeately typing in passphrase  

each time I do the mount? I also heard of passphrase-less disk 

encryptions. Hmm... I don't want to go there so maybe I can skip that.



BTW, I just need a mini how-to about disk encryption, it does not need to 

be in-depth or comprehensive but rather short and to the point, to allow 

anyone with a minimum of linux disk encryption knowledge to create 

encrypted memory sticks, USB disks, or partitions in minutes.



Thanks a lot. 



-- 

Tong (remove underscore(s) to reply)

  http://xpt.sourceforge.net/techdocs/

  http://xpt.sourceforge.net/tools/



_______________________________________________

Grml mailing list - Grml at mur.at

http://lists.mur.at/mailman/listinfo/grml

join #grml on irc.freenode.org

grml-devel-blog: http://grml.supersized.org/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mur.at/pipermail/grml/attachments/20110125/11498865/attachment.html>


More information about the Grml mailing list