I have a number of portable drives I'd like to encrypt but am unsure of the best way to do this:
Ideally I'd like the encryption to work across both linux format and windows NTFS drives.
Would Luks be suitable for this?
If I did use luks or similar what happens if there is a disk error - would that make the entrire file or drive unreadable/unrecoverable?

Is luks my best option for this or are there others (NOT symantic please)

thanks

Not if you expect Windows to be able to access it. And if Windows won't be used for that - why use NTFS?

Hi fred2014,

If you plan to use these drive on Windows and Linux you should look at the encryption program VeraCrypt, it is cross-platform, Windows, Linux and Mac, and may I suggest formatting in FAT instead since it can be read easily by all OS.

VeraCrypt: https://veracrypt.codeplex.com/

1 members found this post helpful.

Hi fred2014,

If you plan to use these drive on Windows and Linux you should look at the encryption program VeraCrypt, it is cross-platform, Windows, Linux and Mac, and may I suggest formatting in FAT instead since it can be read easily by all OS.

VeraCrypt: https://veracrypt.codeplex.com/

Thanks for the replies ...


I've just downloaded veraCrypt to take a look at - for both windows and linux.

More info may help:
All the external drives are formatted NTFS as clients can read them.
I use both windows and linux myself - largely for the same reason.

All the drives are data only so I don't need any boot configs if that
makes any difference. None of them needs to boot.

I do have paragon EXTfs on my windows machines so I could use that
if I used an extFS but the client issue makes ntfs preferable -
Before anyone asks - I don't trust the stuff that comes with the drives as
far as I can spit - that solution is out of the question.

If anyone has more to add I'd welcome the input ---

Especially regarding the disk error question
And which would be the most secure encryption
(I don't understand encryption myself so just the name to select would do me)

thanks again

Since you are going to be sharing keys for the encryption with multiple systems... I don't see the purpose of encryption.

Encryption is usually used to prevent such sharing... If even ONE of the systems is compromised/stolen - you have to replace the keys for ALL of the systems.

jpollard no keys are stored anywhere, when Veracrypt create a encrypted volume you need to create a strong password, when you mount the encrypted volume via Veracrypt the password is required, nothing is stored locally.
Veracrypt is a port of Truecrypt and years ago Steve Gibson did a great podcast explaining how Truecrypt works, it's Security Now! episode number 41, you can find it here
on the TWiT network: https://twit.tv/shows/security-now/episodes/41
or at Steve Gibson website: https://www.grc.com/sn/past/2006.htm and look for episode 41, they also have a pdf transcrypt of the podcast.

And everyone has the password...

You sure nobody will write it down?

Now, if everyone has a separate disk that no one else uses, then everyone has a separate password. Still a problem if they write password down, but at least it is only ONE disk that gets compromised.

I didn't say HOW the key was compromised - just the consequences of WHEN.

jpollard

please stick to answering the questions asked.
If you don't know the answers please don't respond.
If you would like to understand please start your own thread
and stop polluting mine.

The questions I'd most like answered for now are:

Especially regarding the disk error question is data recoverable etc.
And which would be the most secure encryption
(I don't understand encryption myself so just the name to select would do me)

thanks.

+1 for VeraCrypt with an NTFS filesystem (choose the default encryption and hash algorithms, AES/SHA-512 if I remember correctly - they will do fine).

VeraCrypt is very flexible. I currently have ext4, fat32 and NTFS VeraCrypt containers, some partition-wide, others consisting of a single file container.

If a disk error affects the volume header in the container so that it doesn't even mount, you can try restoring the volume header from the backup embedded in the volume. If this isn't successful, you effectively won't be able to recover the data. If it affects somewhere else in the container, then you can try to use VeraCrypt's "Check Filesystem" and "Repair Filesystem" facilities to recover data. Always make a backup of the volume before carrying out any repairs.

Of course, you should be backing up your data regularly anyway so that any such disk errors cause minimum disruption/data loss.

Thanks hydrurga
I've now had time to read the veraCrypt docs.
The docs seem very thorough and answer most questions.
I've just tried my first external drive configured
with 3 processors at 2.4Ghz each (keeping the fourth for the system.
A usb2 drive/interface seems very slightly sluggish at those settings
but I havn't had time to examine further yet.
(I dont want it for video but that seemed a good way to test the system
... ie does video/audio stay in sync and frame rate stay up)
It seems fast enough for my use though.

veraCrypt seems to be very well configured - my only concern is
that 256 bits is not very good encryption IMHO. regardless of US Govt. claims.