LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 01-13-2006, 09:28 AM   #61
sick-o-windoze
Member
 
Registered: Nov 2003
Distribution: ubuntu 5.10
Posts: 84

Rep: Reputation: 15

Looks like TrueCrypt combined with some other tools will do it for me.

There were no "recommended" transparent solutions for partitions, so if anybody has any positive experiences with them, a post would be appreciated.
 
Old 01-13-2006, 10:26 AM   #62
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Installing Debian onto USB flash media with everything encrypted.

Just do the same on your harddrive.

http://www.debian-administration.org/articles/179

Here's another one after a 1 minute search on google:
http://www.google.com/search?q=encrypted+root+distro
=>
http://www.remote-exploit.org/index.php/Encrypted_EFS


"completely secure computer" is not the same as "secure computer".
There is NO completly secure computer.

Last edited by nx5000; 01-17-2006 at 04:20 AM.
 
Old 01-17-2006, 01:04 AM   #63
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
There's no benefit encrypting files with no confidential information such as binaries in /bin, /sbin, libraries, etc. It backfires as it provides a good deal of known plaintext. It's better to encrypt /home, /tmp, swap and so on.

I would like to know more about this 1344-bits stuff. How do they generate such a large bitstream from only a password and stuff it into 448-bits blowfish ?
 
Old 01-17-2006, 03:45 AM   #64
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
nothing is 100 percent secure! i think maybe you should wear a gun and put your laptop on a autodestruct mode using some kind of bomb (RDX maybe). if by chance somebody tries to rob your laptop your first option would be to resist the attack with your gun and if that fails launch failsafe--------------->BOOM!
no data, no files, no harddisk, no laptop. ENJOY!
 
Old 01-17-2006, 12:38 PM   #65
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3176Reputation: 3176Reputation: 3176Reputation: 3176Reputation: 3176Reputation: 3176Reputation: 3176Reputation: 3176Reputation: 3176Reputation: 3176Reputation: 3176
Quote:
Originally Posted by sick-o-windoze
Windows at least allows me to buy a package to encrypt the whole thing in a way that is completely secure. I'm looking for a real solution for Linux and I'm not finding anything stable. If I search this board on any of the solutions presented, I find lots of threads with serious issues about the use of those tools.
It would be unwise to categorically say "a way that is completely secure." On any system, you simply don't know that. There could be a vulnerability in the closed-source software that you don't know about; see http://www.counterpane.com or Bruce Schnierer's http://www.schneier.com/.

Encrypted-filesystem drivers are readily available for Linux, and since the source-code is available for open review you can be more confident that they don't contain hidden flaws if used correctly. Ahh, but there's the rub. When it comes right down to it, the security (or lack thereof) is the purview of the system administrator... You! A piece of flashy-looking software in a flashy box, easily installed by the user (who is logged on as Administrator without a password, on a public network without a firewall, running exactly the same services wirelessly at Starbucks as he does when connected to the company's wired network... where he might accidentally leave the wireless unit turned-on and thus create an open door into the company's "private" network to a competitor in the office next-door!) may look and feel good ... and be worthless. Worse than worthless.

A quick search on http://freshmeat.net for "encrypted filesystem" shows no less than eight promising-looking options, all with source, many of them cross-platform. These could be applied as a strong part of a well-thought-out security strategy. But a flashy box-product bought at Staples is not a "strategy."
 
Old 02-05-2006, 12:08 AM   #66
Synesthesia
Member
 
Registered: Jan 2004
Location: the abyss
Posts: 208

Rep: Reputation: 30
If your encrypting the hard drive, don't forget to encrypt the memory. Data can be retrieved from RAM after power is lost to the system (shutdown etc), and even possibly after the data has been written over. And of course data can easily be retrieved from many file systems after being deleted.

I'm sorry to see the amount of misdirection and misinformation in this thread. The purpose of this thread was not to find out if windows is as secure as Linux, but to find a security solution on Linux that disables any retrieval of certain information after the physical seizure of a computer.

Some here have mocked good encryption algorithms by saying the more security you implement the more security "they will just crack". This is incorrect. It would take a week on a supercomputer and some good luck to break the heavy encryption algorithms you can utilize to encrypt a file system. Anyone who authorizes to take your computer by law (I'm not disputing the constitutionality of the patriot act and the executive eavesdropping order) will obviously be paying someone else to take the information off your computer. They will definitely not spend a week (or, from their point of view, undefined amount of time) breaking encryption, unless you have left an easy (careless) security loop hole for them.

It has already been said in this thread that your current security solution can be achieved in Linux. However, I have not seen a comparable ALL-IN-ONE security solution for Linux. It is not necessary to have an all-in-one security solution if you are willing to spend a little time "tinkering" with a Linux box.

As for fingerprint authentication for your computer:

Anyone with the resources to retrieve data off your computer can easily take your fingerprint off the coffee cup your threw away at 7/11 last Saturday. Fingerprint authentication won't add to the security of your computer if the government is involved.

Memorize a pattern on your keyboard that will easily allow for a 20 character password. You do not want the weakest link in your security exploited.
 
Old 02-05-2006, 12:27 AM   #67
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 167Reputation: 167
I'm not sure the Linux world can offer something like Drivecrypt - but since the company that puts it out made it to Bruce Schneier's Doghouse at http://www.schneier.com/blog/archive...ghouse_pr.html, then maybe that's OK...
 
Old 02-05-2006, 12:34 AM   #68
Synesthesia
Member
 
Registered: Jan 2004
Location: the abyss
Posts: 208

Rep: Reputation: 30
Quote:
Originally Posted by gilead
I'm not sure the Linux world can offer something like Drivecrypt
After everything that has been said here...I hope that was a sarcastic comment.
 
Old 02-05-2006, 12:41 AM   #69
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 167Reputation: 167
Not at all - Drivecrypt sounds like snake oil and I don't have any interest in seeing "Snake Oil for Linux (TM)".

I use Linux because it fits the business needs of my clients even when those needs are security based. No Drivecrypt under Linux? No worries mate
 
Old 02-05-2006, 04:08 AM   #70
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by Synesthesia
Data can be retrieved from RAM after power is lost to the system
ummm... could you elaborate please?? or were you joking??
 
Old 02-05-2006, 01:16 PM   #71
Synesthesia
Member
 
Registered: Jan 2004
Location: the abyss
Posts: 208

Rep: Reputation: 30
Well, I have some experience retrieving from hard drives, but not memory. I was also surprised when I first learned about this, but now I have read about it some, and it seems to be completely reasonable. Why do you think the linux folk would add support for encrypted ram drives if they were completely useless?

Last edited by Synesthesia; 02-05-2006 at 01:18 PM.
 
Old 02-05-2006, 04:51 PM   #72
Synesthesia
Member
 
Registered: Jan 2004
Location: the abyss
Posts: 208

Rep: Reputation: 30
If there thread starter ever comes back:

http://www.remote-exploit.org/index.php/Encrypted_EFS

That will be more secure than your drivecrypt.
And its basically an all-in-one guide [-_o].
 
Old 02-06-2006, 01:51 AM   #73
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by Synesthesia
Well, I have some experience retrieving from hard drives, but not memory. I was also surprised when I first learned about this, but now I have read about it some, and it seems to be completely reasonable. Why do you think the linux folk would add support for encrypted ram drives if they were completely useless?
okay, but how about some links so that we can also read-up on this very interesting topic??
 
Old 02-06-2006, 04:54 PM   #74
Synesthesia
Member
 
Registered: Jan 2004
Location: the abyss
Posts: 208

Rep: Reputation: 30
I would have definitely posted the links if I still had them. I just did a quick search without any luck, and since its been a while I'm also still interested. It was about data retrieval from the memory, and it (might have been security ebooks, not the web, sorry I don't remember right now) did mention retrieval after power is lost to the memory. Let me know if you find any internet references.

Last edited by Synesthesia; 02-06-2006 at 04:55 PM.
 
Old 02-06-2006, 09:45 PM   #75
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Quote:
Originally Posted by TruckStuff
After reading this entire thread, I think I can safely say that the answer to your question is no, there is no tool publicly available for *nix that meets all of the criteria you have stated.
There's nothing for Windows that does either. Everything he's done can easily be defeated by anyone with physical access to the PC and this little device from ThinkGeek:

http://www.thinkgeek.com/gadgets/electronic/5a05/

Like others have said, security is a process. If you're unwilling to follow good security proceedures/practices no amount of fancy hardware or software will save you, regardless of OS.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Comparing security on Windows and Linux Ephracis Linux - Security 4 07-01-2005 10:17 PM
security: windows vs linux crispyleif Linux - Newbie 10 03-08-2005 03:14 AM
Any Linux Vs Windows 2000 Security resource? neelay1 Linux - Security 1 12-07-2004 02:44 PM
Linux security Vs Windows security keene General 50 11-01-2003 11:22 PM
Linux VS Windows Security demmylls Linux - General 7 10-17-2003 03:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration