| View previous topic :: View next topic |
| Author |
Message |
alexander-m
n00b
Joined: 13 Aug 2004
Posts: 31
|
 Posted: Tue Sep 28, 2004 12:33 pm Post subject: Do you encrypt your partition and your backup discs? |
 |
|
I wanna encrypt both and therefore wantet to ask what way you go.?
What do you do?
a) You don't encrypt your data / your partitions at all.
b) You encrypt your data while it is send thru the web with gnupg or similar
c) You encrypt your partitions (or just one) with CRYPTOLOOP
d) You encrypt your partitions (or just one) with DM-CRYPT
e) You encrypt your partitions (or just one) with LOOP_AES
f) You encrypt your paritions .... with another tool I don't know but which works as well
Would really like to know what you do.
I would also like to find out what is the best way to encrypt a linux system:
So I would realy appreciate it if you could give reasons for your way of encrypting your system or why you do think its not worthwhile to encrypt your box at all !
Thanx in advance! |
|
| Back to top |
|
 |
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Tue Sep 28, 2004 3:50 pm Post subject: |
|
|
I pick a because in this case I have no chance of being locked out of my own data because I lost a password or key ...
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
servo888
Apprentice
Joined: 22 Feb 2004
Posts: 293
|
| Posted: Tue Sep 28, 2004 4:02 pm Post subject: |
|
|
I will be trying option 3 when I get home. It seems rather easy to do, and plus I have a spare parition which I can test with  . |
|
| Back to top |
|
|
Sgeorg
Apprentice
Joined: 01 Apr 2003
Posts: 152
|
| Posted: Wed Oct 13, 2004 5:19 pm Post subject: |
|
|
I only encrypt "home" and "swap" since these are the only places where sensible data should be stored!
if you encrypt "root" (all partitions) then you only be tempted to store something where it should not be!!!!!!
and one thing is clear at all - user data should be in home and not else where.
Ok, there is sensible data in etc, maybe passwords for cups and so on so you could / should encrypt "etc" too.
on fact you should be aware of is, that every home partition is different from an other, there is always different data in it since there a different users. and predicting what data is in home at which place, is nearly impossible. but on root it is quite (more) possible to predict the data at a "specific" position.
All I want to say is that an encrypted root is more extradited to a known plain text attack than home.
so at least if you encrypt root, use a comlpetely different key, than on home.
Georg |
|
| Back to top |
|
|
OdinsDream
Veteran
Joined: 01 Jun 2002
Posts: 1057
|
| Posted: Thu Oct 14, 2004 7:24 pm Post subject: |
|
|
| Sgeorg wrote: | I only encrypt "home" and "swap" since these are the only places where sensible data should be stored!
if you encrypt "root" (all partitions) then you only be tempted to store something where it should not be!!!!!!
and one thing is clear at all - user data should be in home and not else where.
Ok, there is sensible data in etc, maybe passwords for cups and so on so you could / should encrypt "etc" too.
on fact you should be aware of is, that every home partition is different from an other, there is always different data in it since there a different users. and predicting what data is in home at which place, is nearly impossible. but on root it is quite (more) possible to predict the data at a "specific" position.
All I want to say is that an encrypted root is more extradited to a known plain text attack than home.
so at least if you encrypt root, use a comlpetely different key, than on home.
Georg |
This is an interesting point that I hadn't considered before. Does anyone have more information on whether known plain-text attacks against today's standard algorithms (AES, I'd guess?) have actually been effective? I would think it might be a bit harder to perform against gentoo, since even /bin/ is going to contain different programs from box to box.
It just doesn't seem that it would be feasible at all, even on an unencrypted system, to say "at byte ___ on the harddrive, you'll find 0xFE" just because you looked at another similar system. It seems very unlikely, considering the level of abstraction between the actual harddrive hardware and the operating system.
_________________
s/(?<!gnu\/)linux(?! kernel)/GNU\/Linux/gi
Don't blame me. I didn't vote for him.
http://john.simplykiwi.com |
|
| Back to top |
|
|
|
Networking & Security
