Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have two computers, a laptop and a desktop. I am about to buy new hdds to both of them, and also an extra hdd with a case and usb2/firewire connection.
I have been trying to encrypt my hdd when I bought the laptop a couple of months ago but had no success. Think I typed wrong at a place and I did not know what to enable in the kernel.
But now I am back at wanting to encrypt the hdd. My desktop will use two hdds, one with the /home, this one should be encrypted. The other hdd will have /boot unencrypted and then the root partition encrypted.
I read somewhere that it is hard to encrypt /boot and this it why it is not worth the effort when trying to encrypt the whole hdd, instead many recommend me to just encrypt /home. But I also want to encrypt /var and /etc, but instead of making two partition for those two I thought I could just make one for /boot and one for the rest (root).
My laptop will have the same but with just one hdd instead of two.
And at last there will be the extern hdd which will of cource be encrypted two.
I also read somewhere that the cryptoloop is not good enough (do not remember why). Instead I should use dm-crypt or something, don't remember the name. Is this right, and why?
Also, I would like to use a usb memory with the key to mount all the encrypted partitions, and also have the usb memory encrypted with a password. How big would the key be, would 128mb be enough? So I would boot the computer, have the memory in the usb slot, I would mount the memory, type in a password, and then use the key on the memory to mount the root partition and then the rest.
Is all this possible and if it is, how hard is it to get all this to work? How hard is encryption to break?
(Here in sweden some anti-pirate organization has gone crazy and they may be after me!)
Some distro's do encrypted filesystems natively. Suse 9.3 allows you to encrypt during or after install and lets you set the strength. Combine that with a non-windows native filesystem and 22 or more character password, and you are very safe unless you have murdered someone and they send your drive off to a supercomputer lab.
All encryption is breakable, and all information is knowable. I don't know your laws, but you need probable cause and a warrant in the US, unless they call you a "terrorist", to search your property.
The short answer is, I know Suse does this quite easily. And others do it as well. And if you set it up it will not be worth their while or even within their power to break the encryption. Media companies are just thugs that think they own thought. Nothing more. People that stupid can only be bright by accident. Don't worry about it.
If you are really concerned about data security on magnetic media, encrypt it and keep a powered magnet handy. That will make it impossible to reconstruct and recover. But, unless you are killing people and/or your country is beyond insane- this is overkill. Good luck.
PS- If you are "caught" with data that corporations deem upsetting, and they tell you that they broke your encryption- They Are Lying. Just a heads up from an old guy with a clean record.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.