Hi,

I have two computers, a laptop and a desktop. I am about to buy new hdds to both of them, and also an extra hdd with a case and usb2/firewire connection.

I have been trying to encrypt my hdd when I bought the laptop a couple of months ago but had no success. Think I typed wrong at a place and I did not know what to enable in the kernel.

But now I am back at wanting to encrypt the hdd. My desktop will use two hdds, one with the /home, this one should be encrypted. The other hdd will have /boot unencrypted and then the root partition encrypted.

I read somewhere that it is hard to encrypt /boot and this it why it is not worth the effort when trying to encrypt the whole hdd, instead many recommend me to just encrypt /home. But I also want to encrypt /var and /etc, but instead of making two partition for those two I thought I could just make one for /boot and one for the rest (root).
My laptop will have the same but with just one hdd instead of two.

And at last there will be the extern hdd which will of cource be encrypted two.

I also read somewhere that the cryptoloop is not good enough (do not remember why). Instead I should use dm-crypt or something, don't remember the name. Is this right, and why?

Also, I would like to use a usb memory with the key to mount all the encrypted partitions, and also have the usb memory encrypted with a password. How big would the key be, would 128mb be enough? So I would boot the computer, have the memory in the usb slot, I would mount the memory, type in a password, and then use the key on the memory to mount the root partition and then the rest.

Is all this possible and if it is, how hard is it to get all this to work? How hard is encryption to break?
(Here in sweden some anti-pirate organization has gone crazy and they may be after me!)

Regards.

Some distro's do encrypted filesystems natively. Suse 9.3 allows you to encrypt during or after install and lets you set the strength. Combine that with a non-windows native filesystem and 22 or more character password, and you are very safe unless you have murdered someone and they send your drive off to a supercomputer lab.

All encryption is breakable, and all information is knowable. I don't know your laws, but you need probable cause and a warrant in the US, unless they call you a "terrorist", to search your property.

The short answer is, I know Suse does this quite easily. And others do it as well. And if you set it up it will not be worth their while or even within their power to break the encryption. Media companies are just thugs that think they own thought. Nothing more. People that stupid can only be bright by accident. Don't worry about it.

If you are really concerned about data security on magnetic media, encrypt it and keep a powered magnet handy. That will make it impossible to reconstruct and recover. But, unless you are killing people and/or your country is beyond insane- this is overkill. Good luck.


PS- If you are "caught" with data that corporations deem upsetting, and they tell you that they broke your encryption- They Are Lying. Just a heads up from an old guy with a clean record.