PDA

View Full Version : [all variants] Hardy encryption details



update_manager
May 25th, 2008, 12:44 AM
Can anyone point me to a site that has the details of the install time encryption used in Hardy?

I'd like to know:

Is the swap partition encrypted?


How can the password be changed after the installation?

Soldierboy
May 25th, 2008, 03:02 AM
Not sure on your password question, however, yes, the swap partition is encrypted, the only thing that isn't is the /boot partition which must remain unencrypted to be bootable.

michaelzap
May 25th, 2008, 03:06 AM
For those of you who are using Hardy with encryption, how's it working for you? Is there any noticeable speed difference? I have a perfectly good unencrypted Hardy system (upgraded from Gutsy), but I think I'm going to start fresh with encrypted Hardy on a new drive.

Steve413z
May 25th, 2008, 03:23 AM
For those of you who are using Hardy with encryption, how's it working for you? Is there any noticeable speed difference? I have a perfectly good unencrypted Hardy system (upgraded from Gutsy), but I think I'm going to start fresh with encrypted Hardy on a new drive.

no, not much speed difforence, (on my core duo laptop), if it's an older machine, there might be a problem.

make sure you get the Text Installer "Alternative" CD or the DVD to install using full disk encryption

hyper_ch
May 25th, 2008, 07:41 AM
Is the swap partition encrypted?
yes

How can the password be changed after the installation?
Yes, it can

sunbird
May 25th, 2008, 09:26 AM
I wrote this how-to (http://ubuntuforums.org/showthread.php?p=4604645), which is focused on intel Macbook Pros dual-booting ubuntu, but the instructions for the encryption should be the same.

I've noticed zero speed difference.

hyper_ch
May 25th, 2008, 09:55 AM
How can the password be changed after the installation?


sudo cryptsetup luksAddKey /dev/sdX


You can have up to 10 slots of passwords or keyfiles and with luksAddKey you add new ones.... and with luksDeleteKey you remove existing ones.

Have a look at the cryptsetup man pages how to use those commands at fully extend.

update_manager
May 25th, 2008, 11:51 AM
sudo cryptsetup luksAddKey /dev/sdX


You can have up to 10 slots of passwords or keyfiles and with luksAddKey you add new ones.... and with luksDeleteKey you remove existing ones.

Have a look at the cryptsetup man pages how to use those commands at fully extend.

Thanks!

If I wanted to take an existing mapping, I could boot into my current setup, then use:
cryptsetup reload luksAddKey

Does this sound right?

hyper_ch
May 25th, 2008, 11:57 AM
not sure what you mean

update_manager
May 26th, 2008, 10:47 PM
not sure what you mean

Its not clear to me from the man page if cryptsetup can be used on mounted drives.

In other words - can I do a default install, boot into encrypted partition then make changes.

hyper_ch
May 27th, 2008, 05:56 AM
yes

michaelzap
May 27th, 2008, 06:36 AM
no, not much speed difforence, (on my core duo laptop), if it's an older machine, there might be a problem.

Decided to give it a try tonight, and indeed it seems just as fast as my previous unencrypted system. I still have to install and configure all of the apps and whatnot that I use, but it's nice to have a clean slate to scribble on. I'll be right back to work tomorrow morning with a brand new system under the hood.

hyper_ch
May 27th, 2008, 06:55 AM
you'll notice a difference when you start big read/write operations... but on a "normal" use, you hardly notice anything...

michaelzap
May 27th, 2008, 07:39 AM
you'll notice a difference when you start big read/write operations... but on a "normal" use, you hardly notice anything...

I mostly use an unencrypted scratch disk and network shares for big files anyway, so I think that other than the occasional video work I may never notice.

michaelzap
May 28th, 2008, 07:58 PM
Just reporting back for posterity:

The encrypted installation went swimmingly (it only took me a couple of hours to set up everything just the way I wanted after the installation finished). I've been using the new system for a few days now, and if anything it seems faster than my previous one (which was an upgrade from Gutsy to Hardy, with some additional random software that I no longer use like Tracker). Everything works perfectly and I've had zero complications.

Kudos to the Ubuntu dev team!

hyper_ch
May 29th, 2008, 07:15 AM
just remember to have an (encrypted) backup of that data somewhere.

If the harddisk fails at a critical point you cannot recover the encrypted files anymore.