Re: Linux disk partition encryption
On Thu, 27 Jan 2011 05:25:20 +0000 (UTC)
T o n g <mlist4suntong@yahoo.com> wrote:
> Thanks everyone who commented.
>
> On Thu, 27 Jan 2011 00:07:21 +0100, tv.debian@googlemail.com wrote:
>
> >> - First very noob question, I don't want whole disk encryption, just
> >> want to encrypt some selected already partitioned partitions. If
> >> someone mount those encrypted partitions, will they shows up as empty
> >> or, there are some hints that the partitions have been encrypted?
> >
> > Don't know what you mean exactly by "show up as empty", with ecryptfs
> > the mountpoint will indeed be empty unless the crypted directory is
> > open. . .
>
> My this question seems to have confused most people. What I wanted to
> know is how would the partition appears to normal Joe. Now my
> understanding is the following. are they correct?
>
> The encrypted partition will appear as unformatted -- with no files
> system on it, if you just simply want to do 'mount /dev/sdx' (just like
> how Linux partitions normally appear to Windows). Even if one read its
> physical sections, they will appear as "random" numbers. Oh, wait,
> cryptsetup, has a pretty standard header, so an expert can at least tell
> that the partition is encrypted with cryptsetup, but whether he can
> decipher or not is a different story.
>
> Is about correct?
Pretty much, although I'm no expert.
> Further, does disk encryption access the partition directly? I mean, does
> the 'cryptsetup luksFormat /dev/sdxn' care what type of partition
> (ext2/3, fat, etc) /dev/sdxn is?
You seem to be confusing partitions with filesystems here. cryptsetup
works on raw partitions - the filesystems go on top of the encrypted
volume: /dev/sdxn -> luks volume -> filesystem
> Now another question, which nobody seems to have noticed/mentioned.
>
> Since CBC encryption is a "recursive algorithm, the encryption of the n-th
> block requires the encryption of all preceding blocks, 0 till n-1." [1]
> Now, does it mean if my HD has a bad block in the middle, then all the
> remaining data will be gone entirely?
>
> 1. http://clemens.endorphin.org/LinuxHDEncSettings
This seems correct - Wikipedia also says that with CBC:
"Note that a one-bit change in a plaintext affects all following
ciphertext blocks."
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29
Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: