You are not logged in.

#1 2010-12-14 05:10:44

jalu
Member
Registered: 2009-04-05
Posts: 140

Encryption Newbie: Where should I start?

I am interested in full-disk encryption, though ideally without TrueCrypt due to its non-free (if I understand correctly) nature. I have had trouble figuring out where to start.

I came across the following article on the Arch Wiki. Is this a good place to start, or would this lead me down the wrong path? Is there anything else I might want to look into.

https://wiki.archlinux.org/index.php/Sy … r_dm-crypt

Thanks in advance for the insight.

Offline

#2 2010-12-14 05:44:25

lifeafter2am
Member
From: 127.0.0.1
Registered: 2009-06-10
Posts: 1,332

Re: Encryption Newbie: Where should I start?

Its a great place to start.  Not too long ago did a full system encryption with a random key for the swap on my laptop; used that guide as my base.


#binarii @ irc.binarii.net
Matrix Server: https://matrix.binarii.net
-------------
Allan -> ArchBang is not supported because it is stupid.

Offline

#3 2010-12-14 10:59:37

cedeel
Member
From: ~
Registered: 2009-08-25
Posts: 176
Website

Re: Encryption Newbie: Where should I start?

I think that guide can be a little confusing.
If you are going to install Arch using the installer, you'll find that it is supported there.

Also, IMO the simplest setup involves 2 partitions: 1 boot, 2 luks.
On that second LUKS partition, you would then create an LVM PV, with a VG and several LVs.

I'll be happy to tell you how to do this if you want me to.

Offline

#4 2010-12-16 01:05:33

jalu
Member
Registered: 2009-04-05
Posts: 140

Re: Encryption Newbie: Where should I start?

Thanks for the responses, lifeafter2am and cedeel.

I agree that the guide is confusing (it looks like it needs a rewrite), but it might provide a good-enough starting point for now. Thank you for the insight.

I didn't know that the installer had support for setting up full-disk encryption. Would it be very difficult to set up FDE without reinstalling?

Offline

#5 2010-12-16 01:13:19

cedeel
Member
From: ~
Registered: 2009-08-25
Posts: 176
Website

Re: Encryption Newbie: Where should I start?

If you want that, you basically need to tar up your current installation to get it off the disk, set up the encryption, then unpack to the encrypted disk, and finally edit some config files and make a new initrd.

Offline

#6 2010-12-16 01:15:11

jalu
Member
Registered: 2009-04-05
Posts: 140

Re: Encryption Newbie: Where should I start?

Interesting. I had a suspicion that was the path to take.

Thanks for all of the insight, both. I look forward to taking a look at this (albeit somewhat sloppy) guide.

Offline

#7 2010-12-16 03:39:51

lifeafter2am
Member
From: 127.0.0.1
Registered: 2009-06-10
Posts: 1,332

Re: Encryption Newbie: Where should I start?

Don't forget to zero out your drive.  Otherwise there will be fragments of the original data on the disc.


#binarii @ irc.binarii.net
Matrix Server: https://matrix.binarii.net
-------------
Allan -> ArchBang is not supported because it is stupid.

Offline

#8 2010-12-16 04:54:04

jalu
Member
Registered: 2009-04-05
Posts: 140

Re: Encryption Newbie: Where should I start?

Interesting. Thanks for the tip!

Offline

#9 2010-12-16 09:17:02

vacant
Member
From: downstairs
Registered: 2004-11-05
Posts: 816

Re: Encryption Newbie: Where should I start?

I think that wiki sets you out on the wrong path wink

In fact under "Encrypting a LVM setup ", the wiki also points you to this page. You set up your whole disk (apart from a small /boot partition) with luks encryption, then set up lvm on top of the single large encrypted partition.

I used that page to set up my laptop some time ago and found it a great solution. I type one long password in when I boot and all the lvm partition are available and mounted as required (/, swap, /home, /whatever...).

Offline

#10 2010-12-17 23:14:11

jalu
Member
Registered: 2009-04-05
Posts: 140

Re: Encryption Newbie: Where should I start?

vacant wrote:

I think that wiki sets you out on the wrong path wink

Thanks, vacant. It's great to have a different opinion in the mix.

I'll definitely read through the page you recommend. It does seem to be a good resource.

Thanks!

Offline

#11 2010-12-18 04:29:54

pirate_ox
Member
Registered: 2010-11-15
Posts: 19

Re: Encryption Newbie: Where should I start?

jalu wrote:

I am interested in full-disk encryption, though ideally without TrueCrypt due to its non-free (if I understand correctly) nature.

Wat. Unless I've missed some features of Truecrypt that cost money, it's my understanding that it's completely free and open source.

Offline

#12 2010-12-27 07:48:17

jalu
Member
Registered: 2009-04-05
Posts: 140

Re: Encryption Newbie: Where should I start?

Hey pirate, I just saw this. Sorry for the slow response.

I know there is some contention over the TrueCrypt license (see https://secure.wikimedia.org/wikipedia/ … #Licensing), but I don't know where it stands now. Does anybody know?

Last edited by jalu (2010-12-27 07:48:44)

Offline

#13 2010-12-28 00:03:31

jalu
Member
Registered: 2009-04-05
Posts: 140

Re: Encryption Newbie: Where should I start?

Also, what is a good cipher and a good key size to use? In the second tutorial, the author recommends aes-lrw-benbi and 384, respectively. Are these good choices?

Offline

#14 2011-01-18 06:18:28

edgg
Member
Registered: 2007-02-23
Posts: 8

Re: Encryption Newbie: Where should I start?

It all depends on your system requirements - encryption strength vs speed. I'd google for evaluating the encryption strength requirements, and test performance on the particular system you're building. A 384bit key is probably an overkill, depending on your level of your paranoia. Most data are much cheaper to be stolen by hacking into a running system. I'd worry about backups more than encryption, and physically separated ones at that.

Offline

#15 2011-01-18 06:20:11

jalu
Member
Registered: 2009-04-05
Posts: 140

Re: Encryption Newbie: Where should I start?

edgg wrote:

I'd worry about backups more than encryption, and physically separated ones at that.

Taken care of. Duply + Duplicity = :-)

Thanks for all of the help. I do think I need to do some Googling to research the topic a bit more.

Offline

Board footer

Powered by FluxBB