Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47

Thread: Encryption recommendation for external drive with data

  1. #1
    Join Date
    Jan 2014
    Beans
    141

    Encryption recommendation for external drive with data

    I want to encrypt an old external hard drive with a lot of data on it. Is there a way, using my current OS, to do the external drive encryption without formatting over or erasing the existing data? ...or having to copy and move it back? If so what is the best way recommendation. I am using Ubuntu 20.10. Thank-you

    BTW, I looked at the prior posts on this topic but they are quite a few years back in a fast moving field. I am hoping better, much more user friendly, solutions are available today. Ideally, I'd like to plug any external USB drive or USB stick and then "click on something" that leads me down a path that simply results asking me for an encryption phrase/key (I can choose the strength of the key I need) and then results in an encrypted drive that at a minimum is portable/recognizable between Ubuntu systems. My needs are meager ...I just want a protected drive/stick in case it gets lost.
    Last edited by jgwphd; March 9th, 2021 at 11:40 PM.

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Encryption recommendation for external drive with data

    I want to encrypt an old external hard drive with a lot of data on it.
    Backup the data. Lay down the encrypted container, then move the data back. There are other methods, but they all have flaws in the encryption so they have been deprecated. OTOH, if you just want to keep cat videos save from a 10 yr old, then use ZIP files with encrypted passwords and call it "done."

    encfs, encryptfs, and other similar solutions all have failures. Achivers with encryption all have failures too. But that may not matter to you.

    The recommended storage encryption is performed at the partition or logical volume level using dm-crypt with LUKS. You'll want the OS and swap to be encrypted as well, to prevent any accidental leaks of the encryption used. And you'll probably want to use 2FA for unlocking the encrypted container(s). A challenge-response method would be best, not a static passphrase.

    Which attack vectors are you trying to protect the data against?

  3. #3
    Join Date
    Jan 2014
    Beans
    141

    Re: Encryption recommendation for external drive with data

    Which attack vectors are you trying to protect the data against? --- just protection against a lost or stolen drive and a determined hacker trying to get access to read the data. Specifically what Ubuntu command or tool should I use? I have VeraCrypt installed but never used it. Is there something better?

    I am also interested in convenience. If it is too complicated then I'll be worrying if I did it correctly and the data is not safe when lost. You seem to indicate that I should encrypt the OS too. I am thinking that I need to reinstall Unbuntu with encryption and start from there. Wow, I thought the state of the art would be further along....
    Last edited by jgwphd; March 10th, 2021 at 04:30 AM. Reason: add additional information

  4. #4
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Encryption recommendation for external drive with data

    Quote Originally Posted by jgwphd View Post
    Which attack vectors are you trying to protect the data against? --- just protection against a lost or stolen drive and a determined hacker trying to get access to read the data.
    A determined cracker (cracker is a criminal) - let's use correct terms please - will spend months trying to gain access to encrypted storage. If you don't setup 2FA or massively long passphrases, they will get in, eventually. In theory, a 13 character, random, passphrase should be sufficient to secure any storage, but humans are notoriously bad at random anything, so it is best not to try. The old idea that choosing 3 random words and putting those together was good, until the crackers built tools to brute force those as well. If you mix in Unicode characters and alternate languages, that could be good enough.
    https://security.stackexchange.com/q...sword-cracking has links for more background.

    We know that professional password cracking competitions generally crack about 80% of all the passwords within a few days thanks to humans being bad at "random". The solution just needs to make it hard enough that they give up, right? We want to be in the last 10% that they never crack AND we need to use the best, proven, encrypted storage solution possible on our hardware.

    My systems don't have a TPM chip, so that limits some of the stuff that is possible to tie the data to a single system.
    I know I'm bad at random, so I use 2FA with LUKS encryption.
    I also know not to trust the hardware encryption that some HDDs have included in their firmware. I want software to perform the encryption and use some hardware for performance, but I don't want an all-in-one solution. Too each for that single organization to be ... er ... encouraged to break our trust, should we say.

  5. #5
    Join Date
    Jan 2014
    Beans
    141

    Re: Encryption recommendation for external drive with data

    One last question. Is there an Ubuntu app similar to (I think) bitlocker. A few weeks ago had to decrypt a windows hard drive on a new machine to make a partition for a dual boot with Ubuntu. It did everything in place, there was no moving or copying. I just did a few clicks and was able to make space on the hard drive for my Ubuntu install. Been living happily ever after. Is there anything that simple in Ubuntu?

  6. #6
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Encryption recommendation for external drive with data

    Nothing secure, unless you are protecting cat videos from 10 yr olds.

    It comes down to the difference of having 1 corporate overlord vs 10,000 distinct projects.
    With an overlord, the file system and encryption are under the same dictator.
    With F/LOSS projects, the different parts work off APIs, so encryption isn't tied to any file system. They are completely separate. It is a layered approach and part of the Unix Philosophy which is a key reason why every popular OS in the world today, except 1, is built on Unix. Interchangeable parts are very nice. That's what Unix provides.
    Plus, everyone knows they should have backups. Right?

    Linux doesn't have a "restore point" either. Why not?
    Ans: Everyone knows they should have backups. Right?

    By having replaceable parts, there are all sorts of kewl things we can accomplish that don't need to be blessed by the overlord.
    You can ignore these links, but they are related to this idea:
    * http://linux.oneandoneis2.org/LNW.htm
    * https://blog.jdpfu.com/2012/02/15/be...t-shift-needed

  7. #7
    Join Date
    Nov 2009
    Beans
    Hidden!
    Distro
    Kubuntu 18.04 Bionic Beaver

    Re: Encryption recommendation for external drive with data

    Quote Originally Posted by jgwphd View Post
    One last question. Is there an Ubuntu app similar to (I think) bitlocker. A few weeks ago had to decrypt a windows hard drive on a new machine to make a partition for a dual boot with Ubuntu. It did everything in place, there was no moving or copying. I just did a few clicks and was able to make space on the hard drive for my Ubuntu install. Been living happily ever after. Is there anything that simple in Ubuntu?
    LUKS (dm-crypt)

    but you also have veracrypt or similar containers.
    veracrypt vs bitlocker: https://lifehacker.com/windows-encry...ker-1777855025

    here is an overall list and comparison:
    https://en.wikipedia.org/wiki/Compar...ption_software
    Read the easy to understand, lots of pics Ubuntu manual.
    Do i need antivirus/firewall in linux?
    Full disk backup (newer kernel -> suitable for newer PC): Clonezilla
    User friendly full disk backup: Rescuezilla

  8. #8
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,470

    Re: Encryption recommendation for external drive with data

    BTW, the regular Gnome disk utility does LUKS encryption.

  9. #9
    Join Date
    Jan 2014
    Beans
    141

    Re: Encryption recommendation for external drive with data

    Thanks for everyone's assistance in answering my questions. I took an old USB 2 TB hard drive and formatted it fresh with Ubuntu "Disks" (no data on it). I am using VeraCrypt and installing a 1800 GB NTFS container on it. The encryption of the container is still running. "Volume format" window started with 4 hours left ...and after 2 hours the drive is getting quite warm ...Yikes!!!! Am I doing something wrong? I hope when I mount it to use it it won't take hours to recognize and become usable?
    Last edited by jgwphd; March 11th, 2021 at 11:09 PM.

  10. #10
    Join Date
    Nov 2009
    Beans
    Hidden!
    Distro
    Kubuntu 18.04 Bionic Beaver

    Re: Encryption recommendation for external drive with data

    if you are using NTFS, then do it from windows.

    if you are using the drive for linux then use opensource linux formats instead (e.g. ext4)
    Read the easy to understand, lots of pics Ubuntu manual.
    Do i need antivirus/firewall in linux?
    Full disk backup (newer kernel -> suitable for newer PC): Clonezilla
    User friendly full disk backup: Rescuezilla

Page 1 of 5 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •