Encrypted HD, forever?

microsoft/linux · 06-15-2005, 11:46 AM

would it be possible to encrypt the entire HD, from boot to shut down? Like have it encrypted so no one else would be able to do anything w/ it at all? Encrypting all the binaries and stuff, and when you turn on you comp. you get prompted for the password, if unable to give it in 3 tries, the comp. shuts down? I'm thinking about a Sci./Tech. Fair project for physics next year. Would I be able to put something to ask for the password in the boot sector?

AlexV · 06-15-2005, 12:14 PM

Linux Journal has had some good articles on that kind of thing:

Using CFS, the Cryptographic Filesystem
Encrypted File Systems
Encrypt Your Root Filesystem

None of those are quite as extreme as the scenario you suggested, but at least it's a starting point! Google around a bit. I'm sure there's more where this came from...

Hope that helps!

microsoft/linux · 06-16-2005, 09:07 AM

I read those articles, anyone else got ideas about the bootsector? The articles mentioned using an initrd, and carrying that on a thumbdrive. It would then require that you boot off the thumbdrive. I don't necesarilly want to have to plug in a thumbdrive everytime I wanna boot. However, that would allow for plausible deniability. If there was no thumbdrive, it would boot Windows off the HD. Other thoughts? What do you know about StegFs?

AlexV · 06-16-2005, 09:31 PM

Quote:

Originally posted by microsoft/linux
[B However, that would allow for plausible deniability. If there was no thumbdrive, it would boot Windows off the HD. Other thoughts?[/B]

Plausible deniability? Whoa... what exactly are you working on? Just remember: When the men in black come to take you away, I had nothing to do with it

Ah, well. The next PATRIOT ACT revision will most likely ban civilian cryptography in the the Land of the Free, and then it won't matter, now will it?

microsoft/linux · 06-17-2005, 09:46 AM

Quote:

Ah, well. The next PATRIOT ACT revision will most likely ban civilian cryptography in the the Land of the Free, and then it won't matter, now will it?

Very very true. However, at that point, we move to Canada! I'm not working on anything overly secretive, just something to play w/. Other thoughts? I'm kinda into cryptography, and numbers, and math, and computers in general

oneandoneis2 · 06-17-2005, 10:46 AM

Check the Linux From Scratch hints section - I recall there being an article in there on using GPG to encrypt filesystems.

Glas · 06-17-2005, 11:05 AM

The problem is you can't encrypt the files on the MBR or your system wouldn't boot. Doing some research I did find this link. It discusses seeting up LILO passwords and actually removing LILO from your HDD and putting it on a Floppy as well as setting a password on it. There are also hardware solutions to your question. Within some BIOSs there are options to set HDD passwords. These can't be cleared by removing the CMOS battery and are actually encoded within the HDDs firmware.

microsoft/linux · 06-17-2005, 06:56 PM

I appreciate all the help. I haven't looked into BIOSes, that would theoretically replace the need to use a thunbdrive to boot. What about GRUB? Would you be able to set up GRUB's passwords? I'm kind of looking for a way to have the computer not even boot if the incorrect password is given at startup. Other thoughts?