Re: Linux disk partition encryption

To: debian-user@lists.debian.org
Subject: Re: Linux disk partition encryption
From: Celejar <celejar@gmail.com>
Date: Thu, 27 Jan 2011 09:02:52 -0500
Message-id: <[🔎] 20110127090252.3fbfae63.celejar@gmail.com>
In-reply-to: <[🔎] ihqvjv$udv$2@dough.gmane.org>
References: <[🔎] ihobsl$pt9$1@dough.gmane.org> <[🔎] 4D40A929.9020900@googlemail.com> <[🔎] ihqvjv$udv$2@dough.gmane.org>

On Thu, 27 Jan 2011 05:25:20 +0000 (UTC)
T o n g <mlist4suntong@yahoo.com> wrote:

> Thanks everyone who commented. 
> 
> On Thu, 27 Jan 2011 00:07:21 +0100, tv.debian@googlemail.com wrote:
> 
> >> - First very noob question, I don't want whole disk encryption, just
> >> want to encrypt some selected already partitioned partitions. If
> >> someone mount those encrypted partitions, will they shows up as empty
> >> or, there are some hints that the partitions have been encrypted?
> > 
> > Don't know what you mean exactly by "show up as empty", with ecryptfs
> > the mountpoint will indeed be empty unless the crypted directory is
> > open. . . 
> 
> My this question seems to have confused most people. What I wanted to 
> know is how would the partition appears to normal Joe. Now my 
> understanding is the following. are they correct? 
> 
> The encrypted partition will appear as unformatted -- with no files 
> system on it, if you just simply want to do 'mount /dev/sdx' (just like 
> how Linux partitions normally appear to Windows). Even if one read its 
> physical sections, they will appear as "random" numbers. Oh, wait, 
> cryptsetup, has a pretty standard header, so an expert can at least tell 
> that the partition is encrypted with cryptsetup, but whether he can 
> decipher or not is a different story.
> 
> Is about correct? 

Pretty much, although I'm no expert.
 
> Further, does disk encryption access the partition directly? I mean, does 
> the 'cryptsetup luksFormat /dev/sdxn' care what type of partition 
> (ext2/3, fat, etc) /dev/sdxn is? 

You seem to be confusing partitions with filesystems here.  cryptsetup
works on raw partitions - the filesystems go on top of the encrypted
volume: /dev/sdxn -> luks volume -> filesystem

> Now another question, which nobody seems to have noticed/mentioned. 
> 
> Since CBC encryption is a "recursive algorithm, the encryption of the n-th 
> block requires the encryption of all preceding blocks, 0 till n-1." [1]
> Now, does it mean if my HD has a bad block in the middle, then all the 
> remaining data will be gone entirely?
> 
> 1. http://clemens.endorphin.org/LinuxHDEncSettings

This seems correct - Wikipedia also says that with CBC:

"Note that a one-bit change in a plaintext affects all following
ciphertext blocks."

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29

Celejar
-- 
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

Follow-Ups:
- Re: Linux disk partition encryption
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: Linux disk partition encryption
  - From: T o n g <mlist4suntong@yahoo.com>
- Re: Linux disk partition encryption
  - From: T o n g <mlist4suntong@yahoo.com>

References:
- Linux disk partition encryption
  - From: T o n g <mlist4suntong@yahoo.com>
- Re: Linux disk partition encryption
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: Linux disk partition encryption
  - From: T o n g <mlist4suntong@yahoo.com>

Prev by Date: Re: [squeeze] Can't run KDE apps as root (Alt+F2)
Next by Date: Re: Linux disk partition encryption
Previous by thread: Re: Linux disk partition encryption
Next by thread: Re: Linux disk partition encryption
Index(es):
- Date
- Thread