Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Prepare to the disk encryption
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
stephan-t
Tux's lil' helper
Tux's lil' helper


Joined: 12 May 2014
Posts: 118

PostPosted: Sat Dec 06, 2014 8:00 pm    Post subject: Prepare to the disk encryption Reply with quote

What encryption type prefered in forum members?

I heard loop-aes and luks type, what are the pro or con arguments?

If i choose luks, re-partition whole disk and generate the initramfs. I think correct?
I read somewhere the loop-aes crypto key not storage on disk, and on boot again and again retype my password, while could'nt boot automaticly and thus set in fstab.

I am not paranoid, only want safe from anyone my precious personal files.


gz, Stephan
Back to top
View user's profile Send private message
jonathan183
Guru
Guru


Joined: 13 Dec 2011
Posts: 309

PostPosted: Sun Dec 07, 2014 12:50 am    Post subject: Re: Prepare to the disk encryption Reply with quote

At some point you need to unlock encypted storage ... a key is needed. You either need to provide a pass phrase or store the key on something like a pen drive. I do not think it makes sense to have the key as a file on an unencrypted partition without a pass phrase.
Once you unlock the encrypted storage your data is available for read/write/copy as if it was not on encrypted storage.
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2586

PostPosted: Sun Dec 07, 2014 1:20 am    Post subject: Re: Prepare to the disk encryption Reply with quote

stephan-t wrote:
I am not paranoid, only want safe from anyone my precious personal files.
So, it isn't that you are paranoid, is just... you are paranoid. :lol:

(that isn't necessarily a bad thing.)

Anyway, I have used LUKS and it isn't too difficult to set up. I believe Serpent is the most secure cipher (therefore the slowest to preform disk operations.) Encryption only protects against people stealing your computer or disks when they are off, not while they are running.

A custom init is simple enough to write. There are several examples available via google.

As for the two standards, loop-aes is obsolete as far as I know.


Quote:
I read somewhere the loop-aes crypto key not storage on disk, and on boot again and again retype my password, while could'nt boot automaticly and thus set in fstab.
You have to do something to prove you are who you claim to the computer otherwise it would be useless to encrypt your disk.

What LUKS does that loop-aes does not do is store the master key on the disk. When you authenticate you decrepit that key which decrepit the volume. This has the advantage that you can have multiple passwords/keys for multiple users and are not hosed if you have to decommission one.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
stephan-t
Tux's lil' helper
Tux's lil' helper


Joined: 12 May 2014
Posts: 118

PostPosted: Sun Dec 07, 2014 12:36 pm    Post subject: Reply with quote

thanks the answers :)
Back to top
View user's profile Send private message
stephan-t
Tux's lil' helper
Tux's lil' helper


Joined: 12 May 2014
Posts: 118

PostPosted: Fri Dec 12, 2014 1:29 pm    Post subject: Re: Prepare to the disk encryption Reply with quote

The Doctor wrote:
stephan-t wrote:
I am not paranoid, only want safe from anyone my precious personal files.
So, it isn't that you are paranoid, is just... you are paranoid. :lol:

(that isn't necessarily a bad thing.)

Anyway, I have used LUKS and it isn't too difficult to set up. I believe Serpent is the most secure cipher (therefore the slowest to preform disk operations.) Encryption only protects against people stealing your computer or disks when they are off, not while they are running.

A custom init is simple enough to write. There are several examples available via google.

As for the two standards, loop-aes is obsolete as far as I know.


Quote:
I read somewhere the loop-aes crypto key not storage on disk, and on boot again and again retype my password, while could'nt boot automaticly and thus set in fstab.
You have to do something to prove you are who you claim to the computer otherwise it would be useless to encrypt your disk.

What LUKS does that loop-aes does not do is store the master key on the disk. When you authenticate you decrepit that key which decrepit the volume. This has the advantage that you can have multiple passwords/keys for multiple users and are not hosed if you have to decommission one.



I'm not have any time to preparing my system for encrpytion, but tried in virtualbox and doesnt successful. I find a relative old setup description, and also try archlinux wiki steps, both solution not work.

Here is the description
Back to top
View user's profile Send private message
jonathan183
Guru
Guru


Joined: 13 Dec 2011
Posts: 309

PostPosted: Sat Dec 13, 2014 12:34 pm    Post subject: Reply with quote

I suggest you pick the disc encryption parts you want out of this https://wiki.gentoo.org/wiki/EFI_Gentoo_End_to_End_Install
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum