T o n g schreef:
There is no such thing as random noise generated from mathematical formulas. But I do of course understand your issues. I have a more pragmatic view: if you know the algorithm and password, you'll be fine, so keep that secure.Hi,I'm thinking to do the disk partition encryptions now. However "Hard drive encryption sounds like an intimating concept, mostly because it is. The thought of taking your precious files, then using a mathematical formula to convert them into random noise before scattering them back across your disk is a hard sell. " [1]
Truecrypt seems to support "hidden" partitions, that show up as empty space. As far as I know the luks-dmcrypt setup that I'm advertising does not have that option.Here are my questions, - First very noob question, I don't want whole disk encryption, just want to encrypt some selected already partitioned partitions. If someone mount those encrypted partitions, will they shows up as empty or, there are some hints that the partitions have been encrypted?
- The Ubuntu [3] and CentOS [4] seems to endorse dm-crypt, instead of (widely-used?) cryptsetup-luks. So I need a bit of explanation which is better than others.
http://www.hermann-uwe.de/blog/howto-disk-encryption-with-dm-crypt-luks-and-debianI have a luks-encrypted external hard drive partition, which is great. When I plug in the disk under kde it will automatically ask for the password.
Good question. I think for keeping your files safe from the kid-next-door, they'll all be fine. For more serious encryption, they'll probably also be fine.- In terms of encryption used, TrueCrypt supports the following encryption algorithms: AES, Serpent, Twofish, AES-Twofish, AES-Twofish- Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent; And these hash algorithms: RIPEMD-160, SHA-512 & Whirlpool [5]
- Is your partition encryption choice as cross-platform as TrueCrypt?
No, luks and dm-crypt are linux only
There's such a thing as the crypttab for automatically decrypting during the boot cycle. I have no experience, though. Another, long explanation of dm-crypt with luks:- If I put the encrypted partitions in fstab, then I have to enter passphrase for each one of them when PC boot up, I guess. Will the whole boot up be hold up waiting for encrypted partitions passphrases?
https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt
It is cached until you close the encrypted volume. For proper encryption, you therefore need to go for at least an encrypted swap page, and secure your RAM-memory for something like 30 minutes after switching off power so than nobody can get the password from there.- how passphrase are cached? Do I have to repeatedly typing in passphrase each time I do the mount? I also heard of passphrase-less disk encryptions. Hmm... I don't want to go there so maybe I can skip that.
I hope my comments were of some help, others may know more about this.
Attachment:
signature.asc
Description: OpenPGP digital signature