Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm planning on encrypting my system (openSUSE 12.3) with TrueCrypt, I'll have multiple partitions. The scheme will be:
* 1GB for /boot (Unencrypted)
* 60GB for "/". This partition will have password A.
* 8GB for "/swap". This partition will have password B.
* The rest (about 862GB) for /home, this partition will have password C.
I couldn't find any conclusive help on the web so I'm counting with people who already did it on opensuse or any other Linux distro.
swap (if you mean virtual memory) and /home are usually mounted at every boot, do you really want to enter 3 passwords during system bootup?
You need to somehow enter credentials. As you want "/" to be encrypted, the bootloader need to ask about password or keyfile and it need to invoke decryption tool before mounting. I don't known how it can be done with normal bootloaders. Maybe the better solution would be encryption of a whole disk.
I don't want to encrypt the whole disk since I'll be re-installing the system from times to times, so it'll be a real overkill to me: First encrypt everything, and and when I want to re-isntall the system I need to de-crypt everything, re-install and then encrypt everything again. If the encryption process didn't take too long I would do FDE, but for my 1TB drive it takes 16 hours to do FDE.
So to speed things up the only required thing will be re-install the system and them encrypt it's partition, the rest will be all encrypted.
Then you probably need to create custom initrd, with truecrypt and libraries it needs and execute own script at proper time. But I don't known how to do it exactly, maybe more advanced users will help you.
I don't known if this is worth the effort. More simple method would be unencrypted "/" and encrypt only what you really want, like "/root", "/tmp" or "/var", then truecrypt can be executed from real system startup files, like "/etc/rc.local", when all required libraries and devices are available.
Can you encrypt swap space (outside of encrypting the entire disk)?
Do you really need to encrypt the operating system? Seems like that would slow down system performance.
1Gb is a huge amount of space for /boot
60Gb is a huge amout of space for /, given that you have /home seperated out already. But maybe you have some large database in /var or /opt or something.
But you have a large harddisk, so why not, I guess?
Can you encrypt swap space (outside of encrypting the entire disk)?
Do you really need to encrypt the operating system? Seems like that would slow down system performance.
1Gb is a huge amount of space for /boot
60Gb is a huge amout of space for /, given that you have /home seperated out already. But maybe you have some large database in /var or /opt or something.
But you have a large harddisk, so why not, I guess?
With Debian I can encrypt the "/" partition and choose whatever cipher I want to whatever partition I want, even swap (except boot), as you can see here http://img10.imageshack.us/img10/756/ofo8.png
1BG is enough for years of use =)
60GB is because FlightGear alone is about 14, and most of the times my root partition occupies about 25, so I have enough free space to install any game I want. (at least on Ubuntu most games were installed on / instead of /home)
But this is not a Truecrypt. You really need to use a Truecrypt? Use the same method as on Debian or look at opensuse documentation.
Quote:
at least on Ubuntu most games were installed on / instead of /home
Mountpoint has no meaning during installation. On most system user programs are installed on /usr, for example on Ubuntu games data (taking up most space) occupy /usr/share/games. You can mount any directory on separate partition. If you known that you will use many games, then separate partition for its data is a good option (rather than exhausting "/" some day).
Other method could be creating a symlink to other partition. For example, due used space on "/" in my work computer, I created /opt symlink, to my /home/opt which lies on separate partition, where I install additional programs.
But this is not a Truecrypt. You really need to use a Truecrypt? Use the same method as on Debian or look at opensuse documentation.
Mountpoint has no meaning during installation. On most system user programs are installed on /usr, for example on Ubuntu games data (taking up most space) occupy /usr/share/games. You can mount any directory on separate partition. If you known that you will use many games, then separate partition for its data is a good option (rather than exhausting "/" some day).
Other method could be creating a symlink to other partition. For example, due used space on "/" in my work computer, I created /opt symlink, to my /home/opt which lies on separate partition, where I install additional programs.
I thought I needed TrueCrypt, but it's good news that Debian does this as well =)
Now I have "/", "/swap" and /home encrypted with Twofish-xts-plain64 and a 64-bit password with random letters, numbers, symbols and etc
Be patient, "they" will come Decryption is only matter of time and available resources.
Even if "they" came with all computational power today trying to de-crypt this drive they wouldn't be able =)
Password = Strong
Algorithm = Very strong (I didn't use AES because it's one of the most unsecure regarding the AES finalists)
Did Debian did a good job implementing encryption? I sure hope so hehehe
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Decryption is only matter of time and available resources.
