Linux disk partition encryption
Hi,
I'm thinking to do the disk partition encryptions now. However
"Hard drive encryption sounds like an intimating concept, mostly because
it is. The thought of taking your precious files, then using a
mathematical formula to convert them into random noise before scattering
them back across your disk is a hard sell. " [1]
1. http://www.maximumpc.com/article/howtos/
how_to_encrypt_your_entire_hard_drive_for_free_using_true_crypt
So I need some demystify of the whole thing around disk/partition
encryption. The official "Disk Encryption HOWTO" from tldp.org [2] is
only dated as 2004-11-17, so I would assume it is *way* outdated. In
terms of security, I tend to turn to people that I trust for help. Having
tldp.org failed on me, I need your help, people from the Debian
community, instead of some random blogs found on the Internet.
2. http://www.tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/
also, Linux Encryption HOWTO
http://encryptionhowto.sourceforge.net/Encryption-HOWTO.html
v0.2.2, 04 October 2000
Here are my questions,
- First very noob question, I don't want whole disk encryption, just want
to encrypt some selected already partitioned partitions. If someone mount
those encrypted partitions, will they shows up as empty or, there are
some hints that the partitions have been encrypted?
- The Ubuntu [3] and CentOS [4] seems to endorse dm-crypt, instead of
(widely-used?) cryptsetup-luks. So I need a bit of explanation which is
better than others.
3. http://www.humboldt.edu/its/security-encryption-linuxubuntu
4. http://beginlinux.com/blog/2009/04/centos-53-encrypted-block-devices/
- In terms of encryption used, TrueCrypt supports the following
encryption algorithms: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-
Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent; And these
hash algorithms: RIPEMD-160, SHA-512 & Whirlpool [5]
5. http://www.informit.com/articles/article.aspx?p=1276279
So I need a bit of explanation why your chosen algorithm is better than
others. Very very brief will do.
- Is your partition encryption choice as cross-platform as TrueCrypt?
- If I put the encrypted partitions in fstab, then I have to enter
passphrase for each one of them when PC boot up, I guess. Will the whole
boot up be hold up waiting for encrypted partitions passphrases?
- Since I need to encrypt more than one selected partitions, if I want to
mount encrypted partitions manually, is there any alternative way than to
typing in passphrase for each one of them when mounting them?
- how passphrase are cached? Do I have to repeatedly typing in passphrase
each time I do the mount? I also heard of passphrase-less disk
encryptions. Hmm... I don't want to go there so maybe I can skip that.
BTW, I just need a mini intro about disk encryption, it does not need to
be in-depth or comprehensive but rather short and to the point.
Thanks a lot.
--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/
Reply to: