LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-03-2008, 09:43 AM   #1
Ricio
Member
 
Registered: Sep 2003
Location: Colombia
Distribution: Debian
Posts: 220

Rep: Reputation: 30
Exclamation


About 3 months ago, my ipod was stolen, and with it, a bunch of important personal data, now I have bought a 4 GB usb drive I would like to encrypt it along with all files that are stored in it, several questions come in order:
How can I achieve this?
What would be the recommended security encryption to use?, why?
Will I be able to use it on windows pcs?

I also will want to do the same for my laptop partitions, home, var and swap, and in the near future in a bunch of my company windows pc's filesystems or maybe only to specific files (what would you recommend?).

All advice along with tutorials and guides will be greatly appreciated.

Im using Debian lenny with kernel 2.6.24-1 amd64

umm... it really would be helpfull to get some answers, at least the first part! usb encryption is of high importance now, still all the questions are important!

Last edited by unSpawn; 07-03-2008 at 12:36 PM. Reason: Merged posts to retain 0-reply status. OP: edit posts instead.
 
Old 07-04-2008, 06:26 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,991
Blog Entries: 54

Rep: Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744
If you search LQ for "filesystem encryption" you'll find lots of threads discussing just that. Should be easy to pick since only a few methods offer cross-platform compatibility.
 
Old 07-04-2008, 05:53 PM   #3
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 197Reputation: 197
Quote:
Originally Posted by unSpawn View Post
If you search LQ for "filesystem encryption" you'll find lots of threads discussing just that. Should be easy to pick since only a few methods offer cross-platform compatibility.
We shouldn't just tell members to search without at least a few suggestions, that's not the LQ way of helping others.

As for the OP question:

There's Truecrypt (truecrypt.org) for USB devices, it's an open source application and it works with Windows but seems their site isn't loading right now to get full details. I guess since that's your main goal for now, that might be a viable solution.

And well to encrypt data on Linux, you can use http://cipherdyne.org/gpgdir/ which encrypts and decrypts directories with GPG. But if you're familiar with GPG, you can use this to encrypt individual files as well, it's got a Windows port as well if needed. You could probably get similar functionality on Windows or your USB disk as well with GPG.

There are some commercial solutions out there as well, but that's all I know from the top of my noggin.
 
Old 07-04-2008, 10:01 PM   #4
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 66
One thing to keep in mind, especially with a popular program like Truecrypt, is that it require administrator rights on each system to work.

I've been interested in this topic for many months now and have yet to find a solution that is cross platform and doesn't require administrator/root rights to use.

My current scheme is a fully encrypted hard disk (with the exception of /boot of course) using LUKS. The USB key chain I carry around with me doesn't hold really sensitive data. I do however, store my Keepass database on it.

If you're unfamiliar with Keepass, it is a great program for managing passwords and account info written for Windows but with a Linux port called KeepassX. Keepass does not require administrative rights and there is even a portable version available. One feature of Keepass is the ability to attach files to particular entries in the database. I suppose you could use this to store sensitive information.
 
Old 07-05-2008, 08:36 AM   #5
Ricio
Member
 
Registered: Sep 2003
Location: Colombia
Distribution: Debian
Posts: 220

Original Poster
Rep: Reputation: 30
Quote:
One thing to keep in mind, especially with a popular program like Truecrypt, is that it require administrator rights on each system to work.
So I could not see any encrypted data if I dont have administrator privileges, or could see the data, read it, but not write it as a normal user or encrypt?
 
Old 07-05-2008, 08:52 AM   #6
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 66
They reason the encryption programs need administrative rights is because they take the encrypted block of data and mount it as a device. In Windows you would choose a drive letter (like X: or something) and in Linux you would choose a mount point. In both cases the operating system does not allow normal users to mount hard drives. Therefore you could not read, write, or even create an encrypted volume/partition.

BTW:
There are three ways to think about this. 1) You can encrypt an entire partition on a particular disk (or the whole disk itself. 2) You can create an encrypted volume which looks like a large file of random data but contains whatever you want - like an encrypted folder. 3) Or you can directly choose to encrypt specific files/folders (which is kind of like the encrypted volume except the size of the volume is automatically set to the size of your data.
 
Old 07-05-2008, 10:14 AM   #7
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Regarding True Crypt:

I have found that the second most recent version, v5.0a, causes problems with Linux when it is using partitions that it has encrypted itself. This problem is reduced when it is using partitions encrypted by v4.x of True Crypt.

V4.x of True Crypt can be found on the System Rescue CD.
http://www.sysresccd.org

So I recommend that if you want to use the v5.0a (or maybe even v5.1a) of True Crypt you should boot the System Rescue CD and format the partitions using the version of True Crypt on that CD.

The drawbacks are that you will not be able to use the latest features of True Crypt. These are mainly concerned with changing and adding the access password(s) to mount the encrypted partition.

I really like True Crypt. It works on Linux and Windows. That is its main advantage. I do believe that the True Crypt developer(s) are mostly interested in the Windows environment and then port their software to Linux in a less-than-careful manner.

If you don't need the multi platform feature of True Crypt then Linux dm-crypt + LUKS appears be be a good solution.
 
Old 07-05-2008, 10:25 AM   #8
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Quote:
Originally Posted by Ricio View Post
So I could not see any encrypted data if I dont have administrator privileges, or could see the data, read it, but not write it as a normal user or encrypt?
An encrypted partition is mounted by root but is fully accessible by normal users, just like unencrypted partitions. You only need root privileges to mount, unmount, and change access rights to the partition. Once the encrypted partition is mounted it acts just like any other mounted disk partition.

Last edited by stress_junkie; 07-05-2008 at 10:26 AM.
 
Old 07-05-2008, 12:40 PM   #9
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 66
Quote:
Originally Posted by stress_junkie View Post
If you don't need the multi platform feature of True Crypt then Linux dm-crypt + LUKS appears be be a good solution.
I believe one of the goals of LUKS is to be cross platform.


Also regarding what you said about TrueCrypt in general, I agree you should stick with version 4. I don't really like the direction they've taken in version 5. It's much harder to avoid the GUI, documentation is sparse, and there are a number of other complaints which you can read about on the TC forums.
 
Old 07-05-2008, 03:12 PM   #10
Randux
Senior Member
 
Registered: Feb 2006
Location: Siberia
Distribution: Slackware & Slamd64. What else is there?
Posts: 1,705

Rep: Reputation: 54
GPG is not a viable system for many files. It's based on PGP (and now the OpenPGP standard) which was designed for encryption and digital signatures for email. For that use, there is probably nothing better.

For a portable USB drive, Truecrypt is the way to go. It's open source and it works. I've been running 5.0a in test since it came out and I had zero problems. I've used Truecrypt pretty much since it came out and never lost anything.

I agree that the new GUI for Truecrypt is a waste of time but give the guy credit for trying to make it look the same everywhere. You can still use command-line for almost everything and that's what I do.

I like the fact that you can choose ciphers and hashes with Truecrypt and there's no games unlike some other "competitors".
 
Old 07-05-2008, 05:22 PM   #11
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Quote:
Originally Posted by Randux View Post
For a portable USB drive, Truecrypt is the way to go. It's open source and it works. I've been running 5.0a in test since it came out and I had zero problems. I've used Truecrypt pretty much since it came out and never lost anything.

I agree that the new GUI for Truecrypt is a waste of time but give the guy credit for trying to make it look the same everywhere. You can still use command-line for almost everything and that's what I do.

I like the fact that you can choose ciphers and hashes with Truecrypt and there's no games unlike some other "competitors".
This True Crypt web site page says that you need to run Linux kernel 2.6.24 or higher.
http://forums.truecrypt.org/viewtopic.php?t=9129
Another True Crypt web site page says that you have to run Linux kernel 2.6.25.1 or higher. I can't find that one right now.

The problem, which I have experienced, is when you are creating a file system on an encrypted partition it will stop mid-process with a blocking i/o on the disk. Eventually other processes on the system get hung as they attempt to access the same disk. You eventually reach a point where all of the processes that you can see and interact with are hung.

This may also be a problem when writing a lot of data onto a mounted encrypted volume if that volume was encrypted with TC v5.x.

I have avoided it by encrypting my disk partitions with True Crypt v4.3 from the System Rescue CD. Now I can use True Crypt v5.0a on PCLOS to read and write to those partitions.

Once we're all running kernel v2.6.25 we'll see if True Crypt is really innocent in these malfunctions. That could be quite a wait, though. My PCLOS is only running 2.6.18.

Last edited by stress_junkie; 07-05-2008 at 05:28 PM.
 
Old 07-06-2008, 10:56 AM   #12
Randux
Senior Member
 
Registered: Feb 2006
Location: Siberia
Distribution: Slackware & Slamd64. What else is there?
Posts: 1,705

Rep: Reputation: 54
I use Slack's 2.6.17.13 kernel and TrueCrypt 5.0a has been working since the beginning! If you need a 2.6.24 kernel it's news to everyone running Slackware 11.0
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
network file system (NFS) and other file systems ufmale Linux - Newbie 4 05-08-2008 02:01 AM
LXer: Cluster File Systems Attains World Leadership Position In High Performance File System LXer Syndicated Linux News 0 07-14-2006 06:21 AM
Is arrangement of file systems will differ if we copy a file from FAT 32 to ext 3 ? anindyanuri Linux - Software 2 02-20-2005 11:39 AM
appropiate fstab entries -- How to use labels jimieee Linux - Hardware 2 10-31-2003 03:29 AM


All times are GMT -5. The time now is 11:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration