[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Linux disk partition encryption

Hi,

I'm thinking to do the disk partition encryptions now. However 

"Hard drive encryption sounds like an intimating concept, mostly because 
it is. The thought of taking your precious files, then using a 
mathematical formula to convert them into random noise before scattering 
them back across your disk is a hard sell. " [1]

1. http://www.maximumpc.com/article/howtos/
how_to_encrypt_your_entire_hard_drive_for_free_using_true_crypt

So I need some demystify of the whole thing around disk/partition 
encryption. The official "Disk Encryption HOWTO" from tldp.org [2] is 
only dated as 2004-11-17, so I would assume it is *way* outdated. In 
terms of security, I tend to turn to people that I trust for help. Having 
tldp.org failed on me, I need your help, people from the Debian 
community, instead of some random blogs found on the Internet.

2. http://www.tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/
also, Linux Encryption HOWTO
http://encryptionhowto.sourceforge.net/Encryption-HOWTO.html
v0.2.2, 04 October 2000

Here are my questions, 

- First very noob question, I don't want whole disk encryption, just want 
to encrypt some selected already partitioned partitions. If someone mount 
those encrypted partitions, will they shows up as empty or, there are 
some hints that the partitions have been encrypted? 

- The Ubuntu [3] and CentOS [4] seems to endorse dm-crypt, instead of 
(widely-used?) cryptsetup-luks. So I need a bit of explanation which is 
better than others. 

3. http://www.humboldt.edu/its/security-encryption-linuxubuntu
4. http://beginlinux.com/blog/2009/04/centos-53-encrypted-block-devices/

- In terms of encryption used, TrueCrypt supports the following 
encryption algorithms: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-
Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent; And these 
hash algorithms: RIPEMD-160, SHA-512 & Whirlpool [5]

5. http://www.informit.com/articles/article.aspx?p=1276279

So I need a bit of explanation why your chosen algorithm is better than 
others. Very very brief will do.

- Is your partition encryption choice as cross-platform as TrueCrypt?

- If I put the encrypted partitions in fstab, then I have to enter 
passphrase for each one of them when PC boot up, I guess. Will the whole 
boot up be hold up waiting for encrypted partitions passphrases?

- Since I need to encrypt more than one selected partitions, if I want to 
mount encrypted partitions manually, is there any alternative way than to 
typing in passphrase for each one of them when mounting them?

- how passphrase are cached? Do I have to repeatedly typing in passphrase  
each time I do the mount? I also heard of passphrase-less disk 
encryptions. Hmm... I don't want to go there so maybe I can skip that.

BTW, I just need a mini intro about disk encryption, it does not need to 
be in-depth or comprehensive but rather short and to the point.

Thanks a lot. 


-- 
Tong (remove underscore(s) to reply)
  http://xpt.sourceforge.net/techdocs/
  http://xpt.sourceforge.net/tools/
Reply to: