Hi i just wondering is it possible to cipher HDD to only have access to it by a key on usb pendrive. My english isn't as good as i like to so try to explain.

I have a HDD with linux (debian) and windows_xp on it. I wan to cipher the hdd and if someone take my hdd or run my pc with live_cd he can't see what's on it. Iss it possible ??

It is possible....check out truecrypt, they put out windows and linux versions of true crypt. I've read one of the best ways to secure your data would be to encrypt an entire partition, then save a vmware image on it, you can even mount several volumes on the same encrypted drive, one full of safe data, that is ok to be exposed if anyone ever forces you to reveal the encrypted info, you can give out the fake, safe encrypted info, and the bad guys would have no way to know for sure that there was a second volume of encrypted info they missed.

http://www.truecrypt.org/

Here are few more useful links.

http://www.linuxjournal.com/node/8574/print
http://www.linuxsecurity.com/docs/HO...ion-HOWTO.html

Best of luck...

David

Thanks this trucrypt is great but is it capable to encrypt hdd with system on it.


1 HDD linux and windows on it. Booting system without password or usb key nothing is booting so you don't know witch operating system i have so you don't know enything . If you boot with legitimate pass or usb key grub is loading or lino and i can chose between the os's.

Vmware server can boot a windows or linux operating system, from another operating system, and the vmware system can be completely encrypted. So first you boot, say, Ubuntu, then from within Ubuntu, you start up vmware, which is a virtual computer, vmware boots that virtual computer, and that virtual computer, all of it, not just some data, can be encrypted. The best part, is that any mortal can do it, you don't need to be a linux expert. And you can reveal some fake data as real, to the man, if you ever need to.

So if the police come knocking at your door and demand you decrypt that stuff so they can read it, you don't have to hassle them, just decrypt the safe stuff. Let them read it and leave.

Your data will be safe, no one but you will be able to read it, and you can keep your butt out of jail, if you live in Iran or China, or maybe even the USA, the way things have been going.

There are problably a bunch of other way to go about it, but this way is easy, and very safe too.

Best of luck..

David

Easy but not effective enough. In Linux one can encrypt all data and in boot time system ask for usb stick or password and data is decryptet is not that easy but can be done i'm looking for similar resolusion for all the systems virtual systems with vm is good but last time i used it i got no acceleration and evrything was slllooow something changed ??

Strictly speaking, it is probably better to encrypt only what you need. For example, the contents of a particular directory could be encrypted, or a virtual-drive created (e.g. via loopback) out of a single encrypted file ... placing only information that truly deserves protection into it.

If you encrypt everything, especially using the same key, you are probably giving me many gigabytes of "known plaintext," where I can obtain a copy of the unencrypted material from other sources and compare it to the encrypted ciphertext of the same material from your (stolen) drive. That's a tremendous "crib" to many cipher systems.

You can just encrypt a limited amount of data, to stop someone from viewing that data with a live cd. That does leave a few holes in your defenses though. For one, your swap file won't be encrypted, and it's possible that "the man" can just read it, and if any of your important data is there, it defeats the purpose of encryption anyway. Also, if the man is looking to find a file called list_of_Chinese_bloggers.txt, which is encrypted, that file name will be scattered all over your system files, and even if you do a search to delete that file name, in a journaling file system, (like ext3) it'll still be around. Which alone might be enough to get you chained to a radiator. Which is why if you are serious about even needing encryption in the first place, you would want the whole disk encrypted. If you just want to hide your porn stash from your Mom, well, your needs are different. Just putting your porn stash into a hidden folder should work just as well. But if you need to hide files from someone other than your Mom, the performance hit you will take encrypting your whole file system should be worth it.

About providing a large crib, I'm unsure how practical that is, or what you can do to mitigate that threat. Use different operating systems in vmware maybe, say, run Ubuntu, then run windows or freebsd in vmware maybe. You can encrypt your data inside the vmware system too, would help quite a bit I think. Does anyone else know for sure ? I'm a crypto novice, hearing from a professional would be nice.

The orgininal poster asked about a key to keep on a usb thumb drive I think. I did find this, which deals with a passphase protected key on a removable medium, I think in the context of an entire filesystem.

http://www.linux.com/howtos/Disk-Enc...oduction.shtml

Best of luck....

David

This is not a problem if you use a correctly implemented, strong encryption algorithm with a long enough key. There exist many algorithms (most notably AES) and implementations (e.g. truecrypt) which satisfy this requirement.

Hi, I just ran across this, might help.http://www.debian-administration.org/articles/469

Supports a removable key too.

Good luck...

David

Hi evrybody. The thing is there is lots of articles about encrypting entire HDD IF you use only linux. Just put this phrase in google "encrypted files systems linux". I'm looking for something more complicated. I can't use vmware to run win in vmware and then run some games or programs becouse it's not efficient. Maybe something changed in vmware but last time a used it I wasn't happy
I'm looking an operationg system to run operating systems
I think is not possible to encrypt entire HDD with linux and windowz on it to use it on daily bases.

Thanks for your posts, I'm happy to read your opinins about the subject.