Best Encryption Software?

[rookcifer]

I understood that "on-the-fly-encryption" (OFTE) meant data was encrypted first, then written to your system. So basically it's encrypting everything in real time while it's being written to your system, so that nothing is ever temporarily unencrypted. Whereas other methods decrypt your drive when you input the password or key file, and then system is unencrypted until you power-down your computer? Am I wrong?

If you encrypt your whole disk, everything will either be encrypted or unencrypted at the same time.* That is, after you enter your LUKS password at boot, your system is no longer protected. Likewise when you shut your machine off, the drive is encrypted and the files cannot be retrieved.

*And before someone objects, it is true that technically, LUKS is encrypting/decrypting on-the-fly while the machine is running, but it's completely transparent to the user since the key is in memory and unlocks/locks everything as needed. I just figured if someone was asking the question OP is that they didn't need to know these details. Unless you are a crypto developer, it's easier to think of it as a binary proposition -- that is, the drive is either encrypted or not. On or off. Technically it's not that simple, but it's good enough of an explanation for the curious end-user, especially considering that there is zero security for the files while the drive is booted. It doesn't matter that most files are technically encrypted until they are accessed -- they can still be easily accessed by anyone behind the keyboard.

[GrantStoner]

-- that is, the drive is either encrypted or not. On or off.

This brings up another question I had. Say, for some reason, I booted and unencrypted my laptop and was using it like normal, but for whatever reason I needed to cut power to it immediately and instead of going through the normal shut-down option, I just popped out the battery? Would my drive still be encrypted if someone else turned it on? Or would it be unencrypted still from my last use?

[FuturePilot]

This brings up another question I had. Say, for some reason, I booted and unencrypted my laptop and was using it like normal, but for whatever reason I needed to cut power to it immediately and instead of going through the normal shut-down option, I just popped out the battery? Would my drive still be encrypted if someone else turned it on? Or would it be unencrypted still from my last use?

It would still be encrypted.

[GrantStoner]

Awesome. Does anyone here know what encryption algorithm Ubuntu/LUKS will use then I'm setting up my new system? Do I have a choice? Or is there only one?

[FuturePilot]

Awesome. Does anyone here know what encryption algorithm Ubuntu/LUKS will use then I'm setting up my new system? Do I have a choice? Or is there only one?

AES is the default but there are others to choose from.

[GrantStoner]

Thanks everyone, looks like I'm pretty set now.

[GrantStoner]

Alright everyone, crypt setup was successful. Thanks for the help. If possible, I was wondering where/how I could get a program or if there was a way to test the encryption now, just to make sure there's no holes or anything. And also, I was not presented with an option to change the encryption algorithm (or cascade), so I was hoping to be able to test the default now and make sure it's golden.

[rookcifer]

Alright everyone, crypt setup was successful. Thanks for the help. If possible, I was wondering where/how I could get a program or if there was a way to test the encryption now, just to make sure there's no holes or anything. And also, I was not presented with an option to change the encryption algorithm (or cascade), so I was hoping to be able to test the default now and make sure it's golden.

You can change the algorithm from within the menu (I can't recall how off my head, but it can be done).

In any case, the default is aes-256-cbc with SHA256. This is extremely strong (probably too strong since your password likely is nowhere near 256 bits in strength).

[GrantStoner]

I'm not sure how many bits it is, but it's either 64 or 65 characters long, and includes capitals, lower case letters, and special characters. How would you tell how many bits your pw is? And you said you can change the algorithm from within the menu? Is this the menu as you're installing Ubuntu? Or is there some kind of menu within Ubuntu I can use to change preferences?

[FuturePilot]

I'm not sure how many bits it is, but it's either 64 or 65 characters long, and includes capitals, lower case letters, and special characters. How would you tell how many bits your pw is? And you said you can change the algorithm from within the menu? Is this the menu as you're installing Ubuntu? Or is there some kind of menu within Ubuntu I can use to change preferences?

During the install there is a menu where you can choose what algorithm to use. I don't remember exactly where it is, but it's definitely there because I've used it before.