| View previous topic :: View next topic |
| Author |
Message |
LD
Guru
Joined: 23 Dec 2003
Posts: 336
Location: Middle of No-Where Granbury, Tx
|
 Posted: Wed Jan 03, 2007 10:32 pm Post subject: Full Disk Encryption: Tips and advice? |
 |
|
After reading info on the Full Disk Encryption effort by the US government I started concidering doing the exact same thing myself on all data stores in my possesion. Thought I'd ask you guys your opinion on the best stuff to do this with in software and with hardware.
THoughts?
_________________
[Owner/Operator: Dhampir Dreams]
Last.fm profile
Netflix Profile |
|
| Back to top |
|
 |
blu3bird
Retired Dev
Joined: 04 Oct 2003
Posts: 614
Location: Munich, Germany
|
| Posted: Wed Jan 03, 2007 11:05 pm Post subject: |
|
|
I haven't heard of any efforts of the US government but Seagate offers FDE hard drives.
It's a good way to protect your data eg. your notebook is stoolen but I think Seagate still has some sort of Master-Key if the NSA want's to access the encrypted disk.
I'm using software(sys-fs/cryptsetup-luks) based encryption on my notebook. It works fine with allmost no speed losing.
(If you use a strong algorithm and a good password it'll also take a few months for the NSA to decrypt it  )
Nice HowTo: http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS
_________________
Black Holes are created when God divides by zero! |
|
| Back to top |
|
|
LD
Guru
Joined: 23 Dec 2003
Posts: 336
Location: Middle of No-Where Granbury, Tx
|
|
| Back to top |
|
|
feld
Guru
Joined: 29 Aug 2004
Posts: 593
Location: USA
|
| Posted: Wed Jan 03, 2007 11:08 pm Post subject: |
|
|
I think you need to ask yourself, why do you need full disk encryption?
FDE is one of the worst things to have an accident happen on. Is there a reason why you need your standard binaries encrypted? That's pretty outrageous.
I recommend:
/tmp in ram
SWAP randomly encrypted fresh each boot
/home or other places encrypted to your liking, using a key, and auto mounted when you login and removed when you logout via PAM
_________________
< bmg505> I think the first line in reiserfsck is
if (random(65535)< 65500) { hose(partition); for (i=0;i<100000000;i++) print_crap(); } |
|
| Back to top |
|
|
LD
Guru
Joined: 23 Dec 2003
Posts: 336
Location: Middle of No-Where Granbury, Tx
|
|
| Back to top |
|
|
feld
Guru
Joined: 29 Aug 2004
Posts: 593
Location: USA
|
| Posted: Wed Jan 03, 2007 11:22 pm Post subject: |
|
|
you're paranoid someone might get access to your machine and be able to execute ls? If swap and the files are encrypted, and you have tmp in RAM, they're not going to be able to access much of anything. The most they could ever possibly do is see file names through the locate db.
_________________
< bmg505> I think the first line in reiserfsck is
if (random(65535)< 65500) { hose(partition); for (i=0;i<100000000;i++) print_crap(); } |
|
| Back to top |
|
|
LD
Guru
Joined: 23 Dec 2003
Posts: 336
Location: Middle of No-Where Granbury, Tx
|
| Posted: Wed Jan 03, 2007 11:24 pm Post subject: |
|
|
I don't even want them to be able to do that. I want, if my HDD were to be taken from my possession in any way for it to be completely unreadable by anyone.
_________________
[Owner/Operator: Dhampir Dreams]
Last.fm profile
Netflix Profile |
|
| Back to top |
|
|
wswartzendruber
Veteran
Joined: 23 Mar 2004
Posts: 1261
Location: Idaho, USA
|
| Posted: Thu Jan 04, 2007 3:43 am Post subject: |
|
|
| TrueCrypt |
|
| Back to top |
|
|
rtyall
n00b
Joined: 12 Jul 2005
Posts: 23
|
| Posted: Thu Jan 04, 2007 8:30 am Post subject: |
|
|
I hear that bitlocker is the only encryption you can use without anything at all going wrong, ever.
100% fact. |
|
| Back to top |
|
|
Earthwings
Bodhisattva
Joined: 14 Apr 2003
Posts: 7753
Location: Germany
|
| Posted: Thu Jan 04, 2007 9:26 am Post subject: |
|
|
Moved from Off the Wall to Networking & Security.
_________________
KDE |
|
| Back to top |
|
|
|
Networking & Security
