Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-23-2006, 08:23 AM
|
#1
|
Member
Registered: Jan 2006
Location: Bremen, Germany
Distribution: Linux Mint 16 KDE
Posts: 40
Rep:
|
Protecting/encrypting my harddisk
On the first sight admittedly a general question, but with certain restrictions/criteria:
1. I want to protect my harddisk from unauthorized access, not just with the login menu but in general with access to files, even from booted systems.
2. I am a novice Linux user, so I could't manage to do that with a greater amount of shell command
3. So either there is a possibility in the Linux system of access rights to protect files from being read by any other than the specified user, even without running the same operating system,
4. or I would have to use a whole filesystem encryption --
in this case, supposed I have forgotten the password, I should be able to retrieve it within one or a few more days.
Thank you for thoroughly reading my question.
|
|
|
12-23-2006, 09:05 AM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873
|
You have to encrypt the entire file system. However if you do this then you will not be able to crack the encryption if you forget the password. The simplest form of disk encryption in Linux is crypto-loop. This encryption system uses the password to create the encryption key. Therefore you must remember the encryption key in order to decrypt the file system.
Adding the requirement that you need to be able to crack the encryption if you forget the password is not intelligent. If you can crack the encryption then so can anyone else. Asking for a lock that you can conveniently break if you lose the key does not make any sense. You can keep an encryption key on a USB Flash drive that you only connect to the computer when you mount the encrypted file system. That would seem to be a good compromise between having real security and meeting your requirement to be able to break the encryption if you forget the password.
Look here for some specific instructions:
http://www.linuxquestions.org/questi...33#post2416433
|
|
|
12-23-2006, 09:49 AM
|
#3
|
Member
Registered: Jan 2006
Location: Bremen, Germany
Distribution: Linux Mint 16 KDE
Posts: 40
Original Poster
Rep:
|
Quote:
Originally Posted by stress_junkie
Adding the requirement that you need to be able to crack the encryption if you forget the password is not intelligent. If you can crack the encryption then so can anyone else. Asking for a lock that you can conveniently break if you lose the key does not make any sense.
|
I didn't think about an absolutely secure system, because it could become even so secure that I for myself could lose access to it! Actually I thought about a password retrieval that is possible but very time-consuming so that there couldn't be an attack during my absence (unless my computer had been stolen).
Last edited by Schreiberling; 12-23-2006 at 09:59 AM.
|
|
|
12-24-2006, 07:30 PM
|
#4
|
LQ Newbie
Registered: Dec 2006
Location: madrid, spain
Distribution: Novell SLED 10
Posts: 24
Rep:
|
I had the need to protect my system and I read quite a bit about ways to effectively protect it. At the end of my reading, I think that the best solution, a good balance between security and ease of use, is the crypto-loop, as you can decide when and it to mount it. You can easily set it up by using Yast. Honestly, I feel pretty comfortbale with it.
However, if you choose to encrypt the whole filesystem, I recommend you have your secret key stored on a USB removable hard drive and a backup of your secret key (and your password). I suggest you store the backup of secret key and password on an anonymous Hushmail account. You can open a free one at www.hushmail.com - be careful, as the free account expires after three weeks if you do not log on.
Cheers,
Alex
|
|
|
All times are GMT -5. The time now is 10:01 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|