Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: Best Encryption Software?

  1. #11
    Join Date
    Jun 2010
    Location
    Sacramento, CA
    Beans
    196
    Distro
    Xubuntu 11.04 Natty Narwhal

    Re: Best Encryption Software?

    You say it is possible to encrypt /boot? Karmic uses Grub2 correct? How would I go about encrypting /boot this way? Is it an obvious choice when I'm encrypting? Or is there some sneaky method to it?

  2. #12
    Join Date
    Oct 2006
    Beans
    4,624
    Distro
    Kubuntu 15.10 Wily Werewolf

    Re: Best Encryption Software?

    Quote Originally Posted by GrantStoner View Post
    You say it is possible to encrypt /boot? Karmic uses Grub2 correct? How would I go about encrypting /boot this way? Is it an obvious choice when I'm encrypting? Or is there some sneaky method to it?
    The patches have not made it into a Grub2 release yet and I'm really not sure of their status at this point. So as of now, it's not possible unless you're willing to do some Grub2 hacking.
    Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
    AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 2 X 1TB, 1 X 3TB HDD
    Please don't request support via PM


  3. #13
    Join Date
    Jun 2010
    Location
    Sacramento, CA
    Beans
    196
    Distro
    Xubuntu 11.04 Natty Narwhal

    Re: Best Encryption Software?

    Oh, haha, I'm only on my 6th month using Ubuntu, no Grub hacking for me yet. So to make sure I have things right, 1) download-->burn-->boot Alternate CD, 2) install as normal use encryption option (which will encrypt everything except /boot)? And then just finish the installation process as I normally would if I was using the Desktop CD?

  4. #14
    Join Date
    Oct 2006
    Beans
    4,624
    Distro
    Kubuntu 15.10 Wily Werewolf

    Re: Best Encryption Software?

    Quote Originally Posted by GrantStoner View Post
    Oh, haha, I'm only on my 6th month using Ubuntu, no Grub hacking for me yet. So to make sure I have things right, 1) download-->burn-->boot Alternate CD, 2) install as normal use encryption option (which will encrypt everything except /boot)? And then just finish the installation process as I normally would if I was using the Desktop CD?
    No you have to do the whole thing from the alternate CD. I forget what the option says exactly but it should be something like "Set up encrypted LVM". It may still ask you if you want to encrypt your home directory later in the process but that's not necessary since you've encrypted the entire disk already.
    Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
    AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 2 X 1TB, 1 X 3TB HDD
    Please don't request support via PM


  5. #15
    Join Date
    Jun 2010
    Location
    Sacramento, CA
    Beans
    196
    Distro
    Xubuntu 11.04 Natty Narwhal

    Re: Best Encryption Software?

    Alright, thanks. I'll post if I have problems with it.

  6. #16
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Best Encryption Software?

    Quote Originally Posted by FuturePilot View Post
    Yes you will have to reinstall.


    There was some patches to Grub2 to give it support for booting a LUKS encrypted system that included /boot in the encrypted area. So it is possible.
    Interesting. I wasn't aware of these patches but I guess it is logical that GRUB could be hacked to do this.


    No, LUKS is a form of on-the-fly encryption.


    http://en.wikipedia.org/wiki/On-the-fly_encryption

    Basically anything that presents the data to the end user transparently is on-the-fly. This would include things like TrueCrypt, Ecryptfs, and Encfs in addition to LUKS. GPG would be an example of the opposite of on-the-fly encryption.
    I suppose it depends on what the OP meant when he said on-the-fly. I think he was referring to having an encrypted container (not a whole partition) that one is able to unlock after the machine has booted. This is sort of like many people do with Truecrypt; instead of encrypting the whole drive, they encrypt a large container on the drive that can remain locked even after boot. Once they open the container, data can be removed to and from the container and encrypted/decrypted "on-the-fly." Very similar to encryptfs, except without having to encrypt the entire /home parition.

    So, if the OP is asking whether LUKS can create an encrypted container on a drive (that is, a container that can be a single directory and not a whole partition), the answer is no (if it can be done, I am not aware of it). If he simply meant does LUKS use an on-the-fly method of operation in general, then the answer is obviously yes. As you pointed out, technically, WDE constitutes "on-the-fly" encryption.

    OP, here is a nice guide for accomplishing WDE with the alternate CD. The guide is for 8.04 but it works the same for 10.04.
    Last edited by rookcifer; June 11th, 2010 at 04:34 AM.

  7. #17
    Join Date
    Oct 2006
    Beans
    4,624
    Distro
    Kubuntu 15.10 Wily Werewolf

    Re: Best Encryption Software?

    Quote Originally Posted by rookcifer View Post
    So, if the OP is asking whether LUKS can create an encrypted container on a drive (that is, a container that can be a single directory and not a whole partition), the answer is no (if it can be done, I am not aware of it).
    It can be done . Basically you create a pre-defined size file for your container using dd, set it up with the loop device (/dev/loop0), set it up with cryptsetup, put a filesystem on it and mount it.
    Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
    AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 2 X 1TB, 1 X 3TB HDD
    Please don't request support via PM


  8. #18
    Join Date
    Jun 2010
    Location
    Sacramento, CA
    Beans
    196
    Distro
    Xubuntu 11.04 Natty Narwhal

    Re: Best Encryption Software?

    Actually, rookcifer, I was talking about the encrypting the entire drive, including everything I can, not just encrypting a specific directory. Will encryptfs allow me to do that without having to reinstall Ubuntu? I don't want just a directory or container encrypted, I want everything except /boot encrypted.

  9. #19
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Best Encryption Software?

    Quote Originally Posted by GrantStoner View Post
    Actually, rookcifer, I was talking about the encrypting the entire drive, including everything I can, not just encrypting a specific directory. Will encryptfs allow me to do that without having to reinstall Ubuntu? I don't want just a directory or container encrypted, I want everything except /boot encrypted.
    I guess the confusion came after I explained that LUKS encrypts your whole drive (except /boot) and then you asked whether it also did "on-the-fly." From that I assumed you must have a different definition of "on-the-fly" than that of WDE.

    At any rate, if you want everything encrypted you will have to reinstall with the alternate CD using the directions I posted in one of my previous posts.

  10. #20
    Join Date
    Jun 2010
    Location
    Sacramento, CA
    Beans
    196
    Distro
    Xubuntu 11.04 Natty Narwhal

    Re: Best Encryption Software?

    I understood that "on-the-fly-encryption" (OFTE) meant data was encrypted first, then written to your system. So basically it's encrypting everything in real time while it's being written to your system, so that nothing is ever temporarily unencrypted. Whereas other methods decrypt your drive when you input the password or key file, and then system is unencrypted until you power-down your computer? Am I wrong?

Page 2 of 4 FirstFirst 1234 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •