Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a number of portable drives I'd like to encrypt but am unsure of the best way to do this:
Ideally I'd like the encryption to work across both linux format and windows NTFS drives.
Would Luks be suitable for this?
If I did use luks or similar what happens if there is a disk error - would that make the entrire file or drive unreadable/unrecoverable?
Is luks my best option for this or are there others (NOT symantic please)
If you plan to use these drive on Windows and Linux you should look at the encryption program VeraCrypt, it is cross-platform, Windows, Linux and Mac, and may I suggest formatting in FAT instead since it can be read easily by all OS.
If you plan to use these drive on Windows and Linux you should look at the encryption program VeraCrypt, it is cross-platform, Windows, Linux and Mac, and may I suggest formatting in FAT instead since it can be read easily by all OS.
I've just downloaded veraCrypt to take a look at - for both windows and linux.
More info may help:
All the external drives are formatted NTFS as clients can read them.
I use both windows and linux myself - largely for the same reason.
All the drives are data only so I don't need any boot configs if that
makes any difference. None of them needs to boot.
I do have paragon EXTfs on my windows machines so I could use that
if I used an extFS but the client issue makes ntfs preferable -
Before anyone asks - I don't trust the stuff that comes with the drives as
far as I can spit - that solution is out of the question.
If anyone has more to add I'd welcome the input ---
Especially regarding the disk error question
And which would be the most secure encryption
(I don't understand encryption myself so just the name to select would do me)
Since you are going to be sharing keys for the encryption with multiple systems... I don't see the purpose of encryption.
Encryption is usually used to prevent such sharing... If even ONE of the systems is compromised/stolen - you have to replace the keys for ALL of the systems.
jpollard no keys are stored anywhere, when Veracrypt create a encrypted volume you need to create a strong password, when you mount the encrypted volume via Veracrypt the password is required, nothing is stored locally.
Veracrypt is a port of Truecrypt and years ago Steve Gibson did a great podcast explaining how Truecrypt works, it's Security Now! episode number 41, you can find it here
on the TWiT network: https://twit.tv/shows/security-now/episodes/41
or at Steve Gibson website: https://www.grc.com/sn/past/2006.htm and look for episode 41, they also have a pdf transcrypt of the podcast.
Now, if everyone has a separate disk that no one else uses, then everyone has a separate password. Still a problem if they write password down, but at least it is only ONE disk that gets compromised.
I didn't say HOW the key was compromised - just the consequences of WHEN.
please stick to answering the questions asked.
If you don't know the answers please don't respond.
If you would like to understand please start your own thread
and stop polluting mine.
Especially regarding the disk error question is data recoverable etc.
And which would be the most secure encryption
(I don't understand encryption myself so just the name to select would do me)
+1 for VeraCrypt with an NTFS filesystem (choose the default encryption and hash algorithms, AES/SHA-512 if I remember correctly - they will do fine).
VeraCrypt is very flexible. I currently have ext4, fat32 and NTFS VeraCrypt containers, some partition-wide, others consisting of a single file container.
If a disk error affects the volume header in the container so that it doesn't even mount, you can try restoring the volume header from the backup embedded in the volume. If this isn't successful, you effectively won't be able to recover the data. If it affects somewhere else in the container, then you can try to use VeraCrypt's "Check Filesystem" and "Repair Filesystem" facilities to recover data. Always make a backup of the volume before carrying out any repairs.
Of course, you should be backing up your data regularly anyway so that any such disk errors cause minimum disruption/data loss.
Last edited by hydrurga; 08-04-2016 at 07:30 AM.
Reason: Disk errors
Thanks hydrurga
I've now had time to read the veraCrypt docs.
The docs seem very thorough and answer most questions.
I've just tried my first external drive configured
with 3 processors at 2.4Ghz each (keeping the fourth for the system.
A usb2 drive/interface seems very slightly sluggish at those settings
but I havn't had time to examine further yet.
(I dont want it for video but that seemed a good way to test the system
... ie does video/audio stay in sync and frame rate stay up)
It seems fast enough for my use though.
veraCrypt seems to be very well configured - my only concern is
that 256 bits is not very good encryption IMHO. regardless of US Govt. claims.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.