LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Encrypting an Existing FS with 'dd'
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-23-2006, 02:37 PM   #1
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Rep: Reputation: Disabled
Encrypting an Existing FS with 'dd'

Is this a safe way to encrypt a file system which already exists (on hda1)?
Code:
> umount /dev/hda1

> modprobe cryptoloop

> modprobe aes

> losetup /dev/loop0 /dev/hda1 -e aes
Password:

> dd if=/dev/hda1 of=/dev/loop0

> losetup -d /dev/loop0

> mount /dev/hda1 /mnt/hd -o encryption=aes
Password:
I've done this with several of my existing file systems (non-journaled systems only) and it seems to work fine. Is there any reason to not use this method? Thanks.
ta0kira
 
Old 01-24-2006, 09:41 AM   #2
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
http://kerneltrap.org/node/2433
http://lwn.net/Articles/67216/

Problems:
->Original Cryptoloop is vulnerable to Dictionnary attacks. If you think bigbrother is watching you, consider dm-crypt.

->dm-crypt is more stable

->Cryptloop will maybe be removed from the kernel >2.7

Solutions:
->Switch to dm-crypt
->Or if using cryptoloop DO NOT USE A KNOWN WORD as your key (there are not so many words that are more than 20 letters unless you are german, chinese,..
->Use a modified cryptoloop.

I think its time to switch to dm-crypt, it's very easy to use with the help of cryptsetup. Also exists LUKS on top of this but i'm not using it
Last edited by nx5000; 01-24-2006 at 09:44 AM.
 
Old 01-24-2006, 01:35 PM   #3
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Original Poster
Rep: Reputation: Disabled
I've been trying out cryptsetup.sh and it works great, however what is the overhead as far as using it from an initrd (not addressed in my original post)? Also, does 'mount -o encryption' share the same weaknesses of losetup? cryptsetup.sh using '-h plain' is compatible with losetup, so does using that option give me the same weaknesses? Thanks.
ta0kira
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Use 'dd' to wipe only partition table linuxchump Linux - General 4 08-20-2005 11:03 AM
the art of 'dd' and harddrives bardinjw Linux - General 5 05-26-2005 08:08 AM
problem about 'dd' jackandking Linux - Software 2 04-10-2005 09:35 AM
Windows partition has bad sectors. Will 'dd' work in place of low level format? gkneller Linux - Software 5 02-26-2004 11:35 PM
Dual boot "merge" from existing 98 & existing Linux atsmith Linux - Newbie 4 07-13-2003 03:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:18 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration