You are not logged in.

#1 2009-02-14 15:17:28

initbox
Member
Registered: 2008-09-27
Posts: 172

Hard Drive Encryption?

I figured we could start a discussion about hard drive encryption. So, do you encrypt your hard drive? And, if you do, what tools and what algorithm do you use? Do you encrypt the whole hard drive or just some folder or a specific partition?

I've been thinking about it, but I don't really have any personal data, just config files with comments. tongue I'm probably getting a netbook soon, so encryption would actually be useful.

But, if you want to be paranoid, you would have to use a long password. It might be hard to memorize. Writing it on a piece of paper wouldn't be that bad, since realistically, nobody would want to mug you for your data (as long as you keep the paper and computer separate, atleast.) Except maybe for your warez, if you have any. And on a laptop it would probably get annoying, since you would have to type the password over and over again, if you shut it down often or something. Storing the key on an USB stick doesn't sound like a good solution either, since if it breaks, your data is lost.

I like keeping things simple and the whole encryption thing seems like an extra hassle that isn't worth it. Maybe it would be, if I had actual personal data.

So, do you encrypt?

E: I guess this is Linux-specific, since I'm interested about the tools as well, but maybe this would indeed be better suited for Offtopic (didn't think about it before.) roll

Last edited by initbox (2009-02-14 15:22:22)

Offline

#2 2009-02-14 15:42:14

Barrucadu
Member
From: York, England
Registered: 2008-03-30
Posts: 1,158
Website

Re: Hard Drive Encryption?

I have yet to encrypt an entire partition or disk, but I do use GPG on some files. My GPG private key is on my laptop, but the passcode is only in my head.

Offline

#3 2009-02-14 15:44:45

dolby
Member
From: 1992
Registered: 2006-08-08
Posts: 1,581

Re: Hard Drive Encryption?

I did a fully encrypted + LVM2 Arch installation when i got my laptop. Thought it was very slow and having encrypted data wasnt worth the loss in speed. If i tried that in the future i would encrypt only /home or a seperate storage partition.


There shouldn't be any reason to learn more editor types than emacs or vi -- mg (1)
[You learn that sarcasm does not often work well in international forums.  That is why we avoid it. -- ewaller (arch linux forum moderator)

Offline

#4 2009-02-14 16:15:41

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: Hard Drive Encryption?

My data partitions are encrypted. That is, the RAID 5 on my server, and the external HDs on my laptop smile.

I use loop-AES for it (rediffed so i can just throw it in my kernel PKGBUILD). I have to do all the mounting manually though, and it requires a patched util-linux-ng (which Arch already graciously does).


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#5 2009-02-14 16:51:22

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 2,000
Website

Re: Hard Drive Encryption?

I use dm_crypt -> lvm -> /, /home, etc (eg I encrypt everything except /boot)
Also my backup disks are encrypted.

I don't notice a real performance problem with it, cpu usage is low and I have low iowait.  There is a benchmark somewhere that compares systems with dm_crypt vs normal system and the performance penalty was remarkably low.

I use xts, because it was recommended at http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root and I couldn't find any reported issues with it on google, so it looked good.


< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#6 2009-02-14 18:15:00

anrxc
Member
From: Croatia
Registered: 2008-03-22
Posts: 834
Website

Re: Hard Drive Encryption?

While searching for most suitable system for my laptop I found eCryptfs implementation to be best fit https://launchpad.net/ecryptfs


You need to install an RTFM interface.

Offline

#7 2009-02-14 19:05:17

fflarex
Member
Registered: 2007-09-15
Posts: 466

Re: Hard Drive Encryption?

I use LUKS encryption with a key file on a USB drive for the convenience of not having to type something in everytime I boot, and a password in case I lose the key file. I just followed the instructions in the wiki so I used XTS.

Offline

#8 2009-02-15 01:51:00

chilebiker
Member
From: Zurich, Switzerland
Registered: 2006-07-18
Posts: 161

Re: Hard Drive Encryption?

I use TrueCrypt for my /data and its backup partitions. Apart from the upgrade from v5 to v6 I didn't have any trouble with it.


Don't panic!

Offline

#9 2009-02-15 03:37:56

kludge
Member
Registered: 2008-08-03
Posts: 294

Re: Hard Drive Encryption?

dm-crypt-->LUKS-->LVM2, everything but /boot.  don't notice a performance hit, but then again i don't expect this laptop (800 mhz pIII, 512 mb ram) to run all that fast.  rotorrent's hashing operations and the nightly slocate db update make it choke, but i don't think that's related to the encryption.

as far as remembering the password goes, mine is long and complex, but my fingers knew it better than my head did within a week.  that's when i burned the slip of paper wink

(though after that one time when i forgot it during a previous installation, i think having a key on a physically secured external medium would be a good idea... just in case.)


[23:00:16]    dr_kludge | i want to invent an olfactory human-computer interface, integrate it into the web standards, then produce my own forked browser.
[23:00:32]    dr_kludge | can you guess what i'd call it?
[23:01:16]    dr_kludge | nosilla.
[23:01:32]    dr_kludge | i really should be going to bed.  i'm giggling madly about that.

Offline

#10 2009-02-15 10:06:12

onearm
Member
From: Anywhere but here
Registered: 2006-07-06
Posts: 359
Website

Re: Hard Drive Encryption?

dm-crypt-luks for me too (since it first was implemented in the kernel if I'm not wrong). Never found a particular reason to encrypt the whole system so just the data partition is, mounted whenever I wish with a custom script.

For specific files that I want to put on cd/dvd/usbkey I use gpg


To get something done, a committee should consist of no more than three persons, two of them absent.
--
My Github

Offline

#11 2009-02-15 11:22:54

moljac024
Member
From: Serbia
Registered: 2008-01-29
Posts: 2,676

Re: Hard Drive Encryption?

Barrucadu wrote:

I have yet to encrypt an entire partition or disk, but I do use GPG on some files. My GPG private key is on my laptop, but the passcode is only in my head.

Correct me if I'm wrong, but doesn't gpg copy the decrypted file to the hard drive ? What good is that then ? Can't the file be recovered in the decrypted form from the filesystem after it was deleted ?


The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
--------------------------------------------------------------------------------------------------------------
But if they tell you that I've lost my mind, maybe it's not gone just a little hard to find...

Offline

#12 2009-02-15 14:16:55

Barrucadu
Member
From: York, England
Registered: 2008-03-30
Posts: 1,158
Website

Re: Hard Drive Encryption?

moljac024 wrote:

Correct me if I'm wrong, but doesn't gpg copy the decrypted file to the hard drive ? What good is that then ? Can't the file be recovered in the decrypted form from the filesystem after it was deleted ?

Only if you use the "--output" parameter. The default behaviour is just to dump it to stdout.

Offline

#13 2009-02-15 16:05:33

sirius
Member
From: Norway
Registered: 2008-12-25
Posts: 68

Re: Hard Drive Encryption?

I'm using luks on my /home, with pam_mount, so the partition will be mounted and unmounted upon login/logout.

I'll change to crypttab + key on usb soon, though :-)

Offline

#14 2009-02-15 22:22:54

1LordAnubis
Member
Registered: 2008-10-10
Posts: 253
Website

Re: Hard Drive Encryption?

Hmm, I've also been considering encryption since I have a laptop, and I'm going to reformat to ext4 soon. Right now I keep all sensitive data on an external hard drive, so my laptop doesn't really have anything I would care about being compromised. Wouldn't the performance hit of encrypting it outweigh the slight chance that someone steals/apprehends my hard drive and investigates my generic hard disk data? There may have been something there at one time that I wouldn't want recovered, but what could someone get from my hard drive? Also... what kind of performance hit are we talking here... I've heard some say it really taxes your cpu and degrades performance, and others say it isn't bad at all.


Any society that would give up a little liberty to gain a little security will deserve neither and lose both.
-Benjamin Franklin
The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.
-George Bernard Shaw

Offline

#15 2009-02-15 22:38:42

moljac024
Member
From: Serbia
Registered: 2008-01-29
Posts: 2,676

Re: Hard Drive Encryption?

Well, I for one, don't need to go and encrypt all the 120GB of my data partition.
Oh no, someone can see my music, movies, wallpapers, funny pictures and clips collections etc. in the open! My my!
Seriously, who has that much sensitive data ?

Maybe making a smaller encrypted partition or an encrypted container file to keep your sensitive stuff there is more reasonable. Maybe encrypting /tmp and swap too.

So, why would you want to encrypt a whole drive (unless every bit of your data is sensitive, but I guess that is rare) ?


The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
--------------------------------------------------------------------------------------------------------------
But if they tell you that I've lost my mind, maybe it's not gone just a little hard to find...

Offline

#16 2009-02-15 23:49:12

Arm-the-Homeless
Member
Registered: 2008-12-22
Posts: 273

Re: Hard Drive Encryption?

I'd suggest encfs.

Also, cryptkeeper is a good manager for it.

Offline

#17 2009-02-16 01:41:30

seenxu
Member
Registered: 2008-08-25
Posts: 111

Re: Hard Drive Encryption?

moljac024 wrote:

Well, I for one, don't need to go and encrypt all the 120GB of my data partition.
Oh no, someone can see my music, movies, wallpapers, funny pictures and clips collections etc. in the open! My my!
Seriously, who has that much sensitive data ?

Maybe making a smaller encrypted partition or an encrypted container file to keep your sensitive stuff there is more reasonable. Maybe encrypting /tmp and swap too.

So, why would you want to encrypt a whole drive (unless every bit of your data is sensitive, but I guess that is rare) ?

I can't agree more! wink

Last edited by seenxu (2009-02-16 01:42:32)

Offline

#18 2009-02-16 02:14:46

Ranguvar
Member
Registered: 2008-08-12
Posts: 2,544

Re: Hard Drive Encryption?

moljac024 wrote:

Well, I for one, don't need to go and encrypt all the 120GB of my data partition.
Oh no, someone can see my music, movies, wallpapers, funny pictures and clips collections etc. in the open! My my!
Seriously, who has that much sensitive data ?

Maybe making a smaller encrypted partition or an encrypted container file to keep your sensitive stuff there is more reasonable. Maybe encrypting /tmp and swap too.

So, why would you want to encrypt a whole drive (unless every bit of your data is sensitive, but I guess that is rare) ?

I have a ton of sensitive data. Of course, it being sensitive, I cannot give examples tongue
I might go with encrypting the whole drive, mostly for simplicity. See http://bbs.archlinux.org/viewtopic.php?id=65419

I do agree though that a lot of people encrypt for no reason, though.

Offline

#19 2009-02-16 07:43:35

Berticus
Member
Registered: 2008-06-11
Posts: 731

Re: Hard Drive Encryption?

I currently encrypt only /home, where the sensitive data is, and keep everything else open. However,I have recently thought about encrypting the entire hard drive. There really is only one reason to encrypt an entire hard drive, and that's to provide operating system and volume stenography. There isn't going to be sensitive data throughout a hard drive.

I wouldn't necessarily say that encrypting an entire hard drive is more simple than encrypting a particular partition, especially if you're encrypting only a single partition.

initbox wrote:

But, if you want to be paranoid, you would have to use a long password.

Not really. Long passwords can only take you so far. If someone was really paranoid, they could do a lot more than just long passwords. They could put the computer, monitor, keyboard, and all the cables in a cage, or some sort of electromagnetic shielding, in a room without windows. They could probably add an encoder and decoder of some sort on the keyboard and computer while using fonts with a low pass filter and changing least significant bit of video data to perform image scrambling. They would also use a separate computer to access the computer, and keep another isolated computer to keep sensitive data. Now that's true paranoia.

Long(-ish) passwords are just smart. As you pointed out, there's a point when a long password provides a disadvantage.

Offline

#20 2009-02-16 14:06:49

moljac024
Member
From: Serbia
Registered: 2008-01-29
Posts: 2,676

Re: Hard Drive Encryption?

Ranguvar wrote:
moljac024 wrote:

Well, I for one, don't need to go and encrypt all the 120GB of my data partition.
Oh no, someone can see my music, movies, wallpapers, funny pictures and clips collections etc. in the open! My my!
Seriously, who has that much sensitive data ?

Maybe making a smaller encrypted partition or an encrypted container file to keep your sensitive stuff there is more reasonable. Maybe encrypting /tmp and swap too.

So, why would you want to encrypt a whole drive (unless every bit of your data is sensitive, but I guess that is rare) ?

I have a ton of sensitive data. Of course, it being sensitive, I cannot give examples tongue
I might go with encrypting the whole drive, mostly for simplicity. See http://bbs.archlinux.org/viewtopic.php?id=65419

I do agree though that a lot of people encrypt for no reason, though.

Haha, I get it big_smile No need to give examples...


The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
--------------------------------------------------------------------------------------------------------------
But if they tell you that I've lost my mind, maybe it's not gone just a little hard to find...

Offline

#21 2009-02-16 19:54:23

raf_kig
Member
Registered: 2008-11-28
Posts: 143

Re: Hard Drive Encryption?

I do encrypt /home on my laptop and make sure no traces are left behind on /var, /tmp etc.
I do have sensitive data on it so it would be a real mess if i lost it/it got stolen.

But I agree, for a gaming/web/... machines encrypting everything is pointless.

Offline

#22 2009-02-16 22:59:09

anrxc
Member
From: Croatia
Registered: 2008-03-22
Posts: 834
Website

Re: Hard Drive Encryption?

moljac024 wrote:

Seriously, who has that much sensitive data?

From your post and then those below I get a feeling that you are talking about it only from the aspect of security. But it's not only about security, it's also about privacy. If a laptop gets stolen I don't want some stranger to know who I'm dating, what are my political views, how much did I earn and how I cheated the government for taxes... or whatever. More interesting is the situation in the US, where entering the country you could be denied entry if (once asked) you don't provide your passphrase. Think about that one from the security standpoint - would you give them yours? Things will only get worse and we should protect our privacy. So at least /home complete and without exceptions should be protected.

Recommended material: Why I wrote PGP?, and I will mention a great book I read a few days ago Little Brother by Cory Doctorow (released under a CC license).


You need to install an RTFM interface.

Offline

#23 2009-02-17 00:00:41

Ranguvar
Member
Registered: 2008-08-12
Posts: 2,544

Re: Hard Drive Encryption?

raf_kig wrote:

I do encrypt /home on my laptop and make sure no traces are left behind on /var, /tmp etc.

As in you check them to make sure nothing's there?

Not a good solution. If something gets written and then deleted, it can still be recovered off the drive (not too hard, either). I would either encrypt everything, or make sure that /tmp and /var/tmp are either encrypted or (for the former, the latter must be persistent) a tmpfs (ramdisk). Make sure your swap is encrypted, too.

It's either that or just don't encrypt, IMO - if there's a person interested in getting into your data and has the Linux skills, etc. to, most likely they will know how to pull data marked as free space off the disk.

Last edited by Ranguvar (2009-02-17 00:01:46)

Offline

#24 2009-02-17 01:56:45

moljac024
Member
From: Serbia
Registered: 2008-01-29
Posts: 2,676

Re: Hard Drive Encryption?

anrxc wrote:
moljac024 wrote:

Seriously, who has that much sensitive data?

From your post and then those below I get a feeling that you are talking about it only from the aspect of security. But it's not only about security, it's also about privacy. If a laptop gets stolen I don't want some stranger to know who I'm dating, what are my political views, how much did I earn and how I cheated the government for taxes... or whatever. More interesting is the situation in the US, where entering the country you could be denied entry if (once asked) you don't provide your passphrase. Think about that one from the security standpoint - would you give them yours? Things will only get worse and we should protect our privacy. So at least /home complete and without exceptions should be protected.

Recommended material: Why I wrote PGP?, and I will mention a great book I read a few days ago Little Brother by Cory Doctorow (released under a CC license).

Of course I was also thinking about privacy, but how much space do pictures of your girlfriend and some documents showing your political views take ?
Surely not every single file on your computer relates to your personal life somehow... who cares if someone finds my snes roms, Iron Maiden mp3s or Star Wars avis ? I don't want to encrypt that, it's not that personal.

If I didn't back those things up to my hard drive I would really be bummed if/when I lose the original discs/cartridges (those are lost already) wink


The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
--------------------------------------------------------------------------------------------------------------
But if they tell you that I've lost my mind, maybe it's not gone just a little hard to find...

Offline

#25 2009-02-21 03:06:00

kr0n05931
Member
From: U.S.A.
Registered: 2008-10-17
Posts: 7
Website

Re: Hard Drive Encryption?

security.png


http://img19.imageshack.us/img19/5572/disclaimert.png

By sending me private messages and e-mails, then you automatically agree to the terms and conditions laid out in the image linked to in my signature.

Offline

Board footer

Powered by FluxBB