Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-01-2006, 02:59 AM
|
#1
|
Senior Member
Registered: Dec 2005
Location: Finland
Distribution: Slackware, CentOS, RHEL, OpenBSD
Posts: 1,006
Rep:
|
Loop-AES questions
Hi,
I was thinking on making a distro hop again, this time to Arch. I have used Arch once before but that didn't impress me as I din't even get my nVidia drivers installed
Im currently running Debian Sid with encrypted LVM partitions using the dm-crypt.
After browsing net a bit and making myself more familiar to encryption options I though to try the loop-AES as it seems to be more secure and faster option than the dm-crypt.
Does loop-AES work with LVM or how?
Correct me if I'm wrong, you can install a Arch and then encrypt the existing installation without erasing the data on partition with loop-aes?
I'm planning on using the Suspend2 also with the loop-aes. I'll follow this http://wiki.suspend2.net/EncryptedSwapAndRoot.
After I have sufficient info I think I try to install it on my laptop.
|
|
|
10-02-2006, 05:05 PM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873
|
I thought I knew the answer to your questions but I decided to verify what I thought I knew. It turns out that there is so much to know about this subject that I would like to just refer you to the sources that I found.
I have this file on my system partition.
/usr/share/doc/packages/util-linux/README.loop-AES-v2.2d
Also you can look for the web page here.
http://loop-aes.sourceforge.net/
I wish that I could have summarized it in a couple of sentences but I think that you really need to read the full story.
|
|
|
10-03-2006, 08:50 AM
|
#3
|
Senior Member
Registered: Dec 2005
Location: Finland
Distribution: Slackware, CentOS, RHEL, OpenBSD
Posts: 1,006
Original Poster
Rep:
|
I've read that readme and it would seem that system installed and then encrypted doesn't get wiped, is this correct?
What about LVM? Can I use LVM partition and encrypt that with loop-aes?
|
|
|
10-03-2006, 09:12 AM
|
#4
|
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873
|
The essential model is like this. You have a physical device. You associate an encryption module with a loop device and then create a link from this encrypted loop device to the real device. Then you communicate with the loop device. The real device can be a file, a disk, or a virtual device like a RAID set.
I wrote up the details for using a file as an encrypted file system. The principles remain the same. Check out this post of mine.
http://www.linuxquestions.org/questi...33#post2416433
I seem to recall something about encrypting a file system that already has data on it and keeping the data. I don't recall how that is done or what tool to use.
Last edited by stress_junkie; 10-03-2006 at 09:15 AM.
|
|
|
10-03-2006, 09:36 AM
|
#5
|
Senior Member
Registered: Dec 2005
Location: Finland
Distribution: Slackware, CentOS, RHEL, OpenBSD
Posts: 1,006
Original Poster
Rep:
|
Quote:
Originally Posted by stress_junkie
I seem to recall something about encrypting a file system that already has data on it and keeping the data. I don't recall how that is done or what tool to use.
|
I read the loop-aes readme and nothing in the root partition encryption seems to wipe the data from the partition AFAIK. Would be nice to know before I start to mess around with this
LVM issue isn't that important currently as I have only the root partition besides boot and swap.
|
|
|
10-04-2006, 03:14 AM
|
#6
|
Senior Member
Registered: Dec 2005
Location: Finland
Distribution: Slackware, CentOS, RHEL, OpenBSD
Posts: 1,006
Original Poster
Rep:
|
I think that I just try to install this and after this fails I'll go back to wiping my partition and do a fresh install with dm-crypt and luks.
|
|
|
10-04-2006, 05:39 AM
|
#7
|
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873
|
That is often the best approach. Make a backup. Try something. If it works then that's good. If it doesn't work then you still have your backup. Either way you learn something.
|
|
|
10-04-2006, 06:05 AM
|
#8
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
I'm just starting to mess around with AES-loop encryption with a distro im making from slackware, so this thread myight be worth keeping an eye on
|
|
|
10-04-2006, 12:44 PM
|
#9
|
Member
Registered: Nov 2005
Posts: 144
Rep:
|
If you want to encrypt an xeisting partition, you can use aespipe and dd:
Code:
dd if=/dev/hda1|aespipe (...)|dd of=/dev/hda1
This encrypts your first hard disk partition with loop-aes. You can also insert a lvm device instead of hda1. Of course, you should not do that with a partition that is currently mounted, and if something goes wrong during encryption (which will take some time depending on the disk size), e.g. a power failure, you will have a disk which is partly encrypted. So do a backup before you encrypt partitions with important stuff on them.
Btw, you can also use aespipe to encrypt iso files. That way, you can encrypt cdroms.
Regards,
Lotharster
|
|
|
All times are GMT -5. The time now is 07:02 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|