Re: Encrypting an External HDD
On Wednesday 15 April 2015 13:53:20, Stephen R Guglielmo wrote :
> Hi list,
>
> I have a USB external HDD that I would like to encrypt with a
> passphrase. After looking into filesystems, I decided to go with Ext4.
> What's the recommended way of encrypting a drive? Do I partition it
> first, then encrypt that partition?
>
> Internet searches lead me to LUKS & cryptsetup. However, the blog and
> forum posts I've read are a bit old. I'm running Jessie.
I followed this procedure on Monday and got an encrypted USB disk with LUKS:
http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-
cryptsetup-command/
It contains a neat trick to monitor the progress when filling the partition
with zeros:
pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M
It is convenient to monitor the progression as it took more than 4h to fill a
1TB USB3 disk.
I understand that filling the encrypted partition (/dev/mapper/backup2) with
zeros is equivalent to filling the unencrypted partition (/dev/sdb1) with
random data as explained by other procedures.
There is one thing I didn't do as described. I initialized the LUKS partition
with this command
cryptsetup -y --use-urandom -v luksFormat /dev/sdb1
It use /dev/urandom instead of the default /dev/random to generate the master
key. The documentation says it is better to use urandom as random may block if
the computer entropy is low.
Frederic
Reply to: