LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-26-2012, 04:48 PM   #1
saeedsssss
Member
 
Registered: Apr 2012
Posts: 43

Rep: Reputation: Disabled
Choose a software for encrypted harddisk


Hi
I after search into internet find cryptsetup , ecryptfs , loop-ASE and Truecrypt .
I want a software on linux(ubuntu 12.04)for building full encrypted disk with pre-authentication in time booting system.

but i have one question .
which one is better for me ?
I tankyou for eny answer.

Last edited by saeedsssss; 09-26-2012 at 05:22 PM.
 
Old 09-27-2012, 12:46 PM   #2
Janus_Hyperion
Member
 
Registered: Mar 2011
Location: /
Distribution: Fedora (typically latest release or development release)
Posts: 372

Rep: Reputation: Disabled
Based on my preferences, I would suggest that you use (LUKS using) cryptsetup. What you described can be achieved easily with cryptsetup. I have encrypted /, swap and /home and have to enter passphrase during boot for the system to boot.

There are probably some online guides to enable one to do this (if needed). Archwiki also has pages that would be useful. Hope this helps.

Last edited by Janus_Hyperion; 09-27-2012 at 01:24 PM. Reason: edited for clarification.
 
Old 09-27-2012, 12:59 PM   #3
casualfred
Member
 
Registered: Aug 2012
Location: Kentucky, USA
Distribution: Slackware
Posts: 97

Rep: Reputation: 27
I can tell you a little bit about LUKS through cryptsetup, since that's what I use. I'm pretty sure with cryptsetup you can't encrypt the full disk; you would need to leave /boot unencrypted (putting it on a different partition). But you can encrypt everything else including the swap space. I actually have two partitions, one with boot, and one large encrypted partition holding two LV's (Logical Volumes), one for root and one for swap. Doing it this way, you only need one password to decrypt the rest of your computer. You can also even set up a key file on a usb stick or something, so that, when the computer starts, it will first look for the key file and decrypt the disk if it finds it, but if it doesn't it will ask for the password. This has worked fine for me. Here's a howto for ubuntu:
http://ubuntuforums.org/showthread.php?t=1205372

Hope this is helpful :)
 
Old 09-27-2012, 01:12 PM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,435
Blog Entries: 4

Rep: Reputation: 3378Reputation: 3378Reputation: 3378Reputation: 3378Reputation: 3378Reputation: 3378Reputation: 3378Reputation: 3378Reputation: 3378Reputation: 3378Reputation: 3378
If you are really serious about that kind of security, I would invest in a disk-controller, a drive, or an external SAN unit that provides hardware encryption of drive content. The key (or certificate as the case may be) is literally installed into the unit via hardware or software, and every I/O operation against the drive is encrypted or decrypted in real time.

One of the all-around handiest of these are USB sticks that have encryption capability. I once saw a sort of dongle that you could plug into a USB port, then plug any ol' stick into it, and everything on that stick would be encrypted with no loss of throughput.

Last edited by sundialsvcs; 09-27-2012 at 01:15 PM.
 
Old 09-27-2012, 01:32 PM   #5
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,585

Rep: Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351Reputation: 2351
I'm not sure about the OS support of USB sticks, I know some are Windows only, so last time I sawsomething like this discussed I found there are USB hard drives with built in keypads for entering the unlock code.
 
Old 09-27-2012, 03:00 PM   #6
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
Well if you're looking for an encrypted USB key I can recommend Ironkey. One caution - the unlocker is 32-bit only so you will need a multi-lib setup if you're running 64-bit.

Seagate and Stonewood both make hardware level encrypted hard drives. The Stonewood is self-contained. Last I checked the Seagate required the system have a TPM but I'm not sure if this is still the case.

LUKS works well for encrypting a Linux system on a block level. You can encrypt everything but a small /boot partition and unlock using a keyfile, password or both. The disadvantage to LUKS is that once unlocked te data isaccessible by the entire system (subject to other access controls and permissions).

TrueCrypt only works with containers on Linux and cannot be sued for full disk encryption like it can on Windows.

loop-AES has been deprecated in many distros for a while now in favour of the cryptsetup option.

ecrtpyfs is a filesystem level encryption scheme that can be used on a directory or file level (similar to Truecrypt). It has the advantage of remaining encrypted until the user who owns the "container" mounts it. Itis not useful however for full disk encryption.

These various systems can be combined depending on your needs (eg encryptfs in user directory on a LUKS encrypted partition on a hardware encrypted drive).
 
Old 09-28-2012, 03:50 AM   #7
saeedsssss
Member
 
Registered: Apr 2012
Posts: 43

Original Poster
Rep: Reputation: Disabled
I tankyou form four persan answer to this question .

I read these four thread. now I try find about types of attack to full encryption disk .
for example if I building full encrypted disk ,and I loss my hard with which kind of attack can pass from this encryption .

AND which one from cryptsetup and loop-ASE ,... can slove this problem ?

Another. about watermaking attack and dictionary attack and other attack that you konw,what?
which future on cryptsetup can prevent from attack ?

I waite for every book and document , website , thread about attack ,

Last edited by saeedsssss; 09-28-2012 at 04:08 AM.
 
Old 09-30-2012, 03:42 PM   #8
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
Regardless of the system chosen be it truecrypt, LUKS, etc. there are two weaknesses: the implementation of the algorithm, and the keys. Unless you are good at both math and programming checking on the robustness of the algorithm is beyond most people's abilities. Choose the one you prefer Blowfish, Twofish, Serpent and AES are good choices. Also chose an appropriate mode (eg XTS, CBC) for your need.

The primary attack vector is the keys and passphrases. Choosing a strong passphrase is the first step. There are numerous articles, tutorials and books on the subject so reiterating it here is wasteful. Once you have a strong passphrase you choose a strong hash when creating the encrypted container/partition (eg SHA-256, SHA-512, WHirlpool, peraps Skein). Be sure to salt the hash as well.

If you take the above technical precautions, it remain to manage any keyfles or password/passphrases you create in a secure manner. If you do all the above the remaining attack vector is cryptanalysis which, for the example algorithms above is a major undertaking and your data should remain safe.

Note in choosing a commercial hardware solution such as Ironkey or Stonewood, your options as to hash and encryption algorithm are more limited. For example both use AES-256 for their products.

(PS - Stoenwood drives are now sold under the name Eclypte)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Software for encryption of harddisk Shailendra28 Linux - Security 3 01-19-2012 07:14 AM
Is this a harddisk or a software error? TTL_2 Linux - Hardware 6 05-04-2009 07:54 PM
attempt to access beyond end of device on encrypted harddisk with reiserfs Skeddie Linux - Server 0 05-03-2009 09:03 AM
Encrypted backup software? werner1975 Linux - Software 2 10-29-2007 07:49 AM
Software RAID using one harddisk laiboonh Linux - Software 3 03-26-2004 10:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration