You are not logged in.
Pages: 1
I am interested in full-disk encryption, though ideally without TrueCrypt due to its non-free (if I understand correctly) nature. I have had trouble figuring out where to start.
I came across the following article on the Arch Wiki. Is this a good place to start, or would this lead me down the wrong path? Is there anything else I might want to look into.
https://wiki.archlinux.org/index.php/Sy … r_dm-crypt
Thanks in advance for the insight.
Offline
Its a great place to start. Not too long ago did a full system encryption with a random key for the swap on my laptop; used that guide as my base.
#binarii @ irc.binarii.net
Matrix Server: https://matrix.binarii.net
-------------
Allan -> ArchBang is not supported because it is stupid.
Offline
I think that guide can be a little confusing.
If you are going to install Arch using the installer, you'll find that it is supported there.
Also, IMO the simplest setup involves 2 partitions: 1 boot, 2 luks.
On that second LUKS partition, you would then create an LVM PV, with a VG and several LVs.
I'll be happy to tell you how to do this if you want me to.
Offline
Thanks for the responses, lifeafter2am and cedeel.
I agree that the guide is confusing (it looks like it needs a rewrite), but it might provide a good-enough starting point for now. Thank you for the insight.
I didn't know that the installer had support for setting up full-disk encryption. Would it be very difficult to set up FDE without reinstalling?
Offline
If you want that, you basically need to tar up your current installation to get it off the disk, set up the encryption, then unpack to the encrypted disk, and finally edit some config files and make a new initrd.
Offline
Interesting. I had a suspicion that was the path to take.
Thanks for all of the insight, both. I look forward to taking a look at this (albeit somewhat sloppy) guide.
Offline
Don't forget to zero out your drive. Otherwise there will be fragments of the original data on the disc.
#binarii @ irc.binarii.net
Matrix Server: https://matrix.binarii.net
-------------
Allan -> ArchBang is not supported because it is stupid.
Offline
Interesting. Thanks for the tip!
Offline
I think that wiki sets you out on the wrong path
In fact under "Encrypting a LVM setup ", the wiki also points you to this page. You set up your whole disk (apart from a small /boot partition) with luks encryption, then set up lvm on top of the single large encrypted partition.
I used that page to set up my laptop some time ago and found it a great solution. I type one long password in when I boot and all the lvm partition are available and mounted as required (/, swap, /home, /whatever...).
Offline
I think that wiki sets you out on the wrong path
Thanks, vacant. It's great to have a different opinion in the mix.
I'll definitely read through the page you recommend. It does seem to be a good resource.
Thanks!
Offline
I am interested in full-disk encryption, though ideally without TrueCrypt due to its non-free (if I understand correctly) nature.
Wat. Unless I've missed some features of Truecrypt that cost money, it's my understanding that it's completely free and open source.
Offline
Hey pirate, I just saw this. Sorry for the slow response.
I know there is some contention over the TrueCrypt license (see https://secure.wikimedia.org/wikipedia/ … #Licensing), but I don't know where it stands now. Does anybody know?
Last edited by jalu (2010-12-27 07:48:44)
Offline
Also, what is a good cipher and a good key size to use? In the second tutorial, the author recommends aes-lrw-benbi and 384, respectively. Are these good choices?
Offline
It all depends on your system requirements - encryption strength vs speed. I'd google for evaluating the encryption strength requirements, and test performance on the particular system you're building. A 384bit key is probably an overkill, depending on your level of your paranoia. Most data are much cheaper to be stolen by hacking into a running system. I'd worry about backups more than encryption, and physically separated ones at that.
Offline
I'd worry about backups more than encryption, and physically separated ones at that.
Taken care of. Duply + Duplicity = :-)
Thanks for all of the help. I do think I need to do some Googling to research the topic a bit more.
Offline
Pages: 1