LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-23-2006, 08:23 AM   #1
Schreiberling
Member
 
Registered: Jan 2006
Location: Bremen, Germany
Distribution: Linux Mint 16 KDE
Posts: 40

Rep: Reputation: 15
Protecting/encrypting my harddisk


On the first sight admittedly a general question, but with certain restrictions/criteria:

1. I want to protect my harddisk from unauthorized access, not just with the login menu but in general with access to files, even from booted systems.
2. I am a novice Linux user, so I could't manage to do that with a greater amount of shell command
3. So either there is a possibility in the Linux system of access rights to protect files from being read by any other than the specified user, even without running the same operating system,
4. or I would have to use a whole filesystem encryption --
in this case, supposed I have forgotten the password, I should be able to retrieve it within one or a few more days.

Thank you for thoroughly reading my question.
 
Old 12-23-2006, 09:05 AM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
You have to encrypt the entire file system. However if you do this then you will not be able to crack the encryption if you forget the password. The simplest form of disk encryption in Linux is crypto-loop. This encryption system uses the password to create the encryption key. Therefore you must remember the encryption key in order to decrypt the file system.

Adding the requirement that you need to be able to crack the encryption if you forget the password is not intelligent. If you can crack the encryption then so can anyone else. Asking for a lock that you can conveniently break if you lose the key does not make any sense. You can keep an encryption key on a USB Flash drive that you only connect to the computer when you mount the encrypted file system. That would seem to be a good compromise between having real security and meeting your requirement to be able to break the encryption if you forget the password.

Look here for some specific instructions:
http://www.linuxquestions.org/questi...33#post2416433
 
Old 12-23-2006, 09:49 AM   #3
Schreiberling
Member
 
Registered: Jan 2006
Location: Bremen, Germany
Distribution: Linux Mint 16 KDE
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by stress_junkie
Adding the requirement that you need to be able to crack the encryption if you forget the password is not intelligent. If you can crack the encryption then so can anyone else. Asking for a lock that you can conveniently break if you lose the key does not make any sense.
I didn't think about an absolutely secure system, because it could become even so secure that I for myself could lose access to it! Actually I thought about a password retrieval that is possible but very time-consuming so that there couldn't be an attack during my absence (unless my computer had been stolen).

Last edited by Schreiberling; 12-23-2006 at 09:59 AM.
 
Old 12-24-2006, 07:30 PM   #4
anurnberg
LQ Newbie
 
Registered: Dec 2006
Location: madrid, spain
Distribution: Novell SLED 10
Posts: 24

Rep: Reputation: 15
I had the need to protect my system and I read quite a bit about ways to effectively protect it. At the end of my reading, I think that the best solution, a good balance between security and ease of use, is the crypto-loop, as you can decide when and it to mount it. You can easily set it up by using Yast. Honestly, I feel pretty comfortbale with it.

However, if you choose to encrypt the whole filesystem, I recommend you have your secret key stored on a USB removable hard drive and a backup of your secret key (and your password). I suggest you store the backup of secret key and password on an anonymous Hushmail account. You can open a free one at www.hushmail.com - be careful, as the free account expires after three weeks if you do not log on.

Cheers,

Alex
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypting an entire CD binarybob0001 Linux - General 0 03-26-2006 05:30 PM
encrypting emails WannaLearnLinux Linux - Security 6 07-12-2004 02:57 AM
Low Harddisk space. Can I just transfer the entire Linux to a bigger harddisk? davidas Linux - Newbie 12 04-13-2004 03:03 AM
Encrypting Question Bd22 Linux - Security 1 07-11-2003 10:26 PM
encrypting im1crazyassmofo Linux - General 1 04-20-2003 10:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration