bobbyb1980 Posted April 15, 2012 Share Posted April 15, 2012 Hey guys. I was cleaning up around the office today and started asking myself why I don't encrypt all the data I have stored. If someone were to break in all they'd have to do is plug in a hdd and they'd have my life's work. I currently have my home folder encrypted, but something tells me that isn't enough. I keep my sensitive info stored offline on a usd hdd, but I'd like to double up and put some type of password or encryption that will make it difficult if not impossible for someone who isn't me to read. Any advice for encrypting info on a linux machine? What's your setup? Thanks. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 15, 2012 Share Posted April 15, 2012 TrueCrypt volumes are pretty popular. Quote Link to comment Share on other sites More sharing options...
arcane Posted April 15, 2012 Share Posted April 15, 2012 The most critical things to encrypt is your home folder and the swap partition. Whole disk encryption with truecrypt on the Linux platform would be perfect, but it is not supported. You might be able to move /boot to a separate partition and encrypt everything else. It may work but I have not tried it. I would also make sure the computer locks out automatically. Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted April 17, 2012 Share Posted April 17, 2012 Truecrypt is great for this sort of thing. I have a couple of SDHC cards holding truecrypt volumes that I back up my eeePC to, it works great and I don't have to worry about loosing the SD card (easily done with the size of them). Given the bandwidth of USB2.0 you probably won't even notice a loss in performance from the encryption. The one bit of advice that I think should be given for this method is to seriously think about the filesystem you use in the truecrypt volume. if you are only going to be accessing it though Linux then one of the ext filesystems will be fine, but if you are wanting to reliably access it through Windows as well as Linux then you may prefer to use FAT32 or NTFS. If you do want to move to full disk encryption on your Linux machine then check out http://tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/ which should help you get started. Just remember to backup before hand. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 17, 2012 Share Posted April 17, 2012 If you have a lot of private/confidential information, I'd use a combination of the IronKey with TrueCrypt, don't forget to set a very complex and long password, so it hard for the bad guys to crack it. Quote Link to comment Share on other sites More sharing options...
PaulyD Posted April 17, 2012 Share Posted April 17, 2012 If you have a lot of private/confidential information, I'd use a combination of the IronKey with TrueCrypt, don't forget to set a very complex and long password, so it hard for the bad guys to crack it. If you're going to stick to a removable drive, TrueCrypt is the most popular solution. If you want to do your Linux install, a dm-crypt/LUKS LVM install, with /boot on a USB or SD Card is what I do. If you want two factor authentication, get a Yubikey and set one of the slots to 'Static Password' mode (slot 1 is easiest to use). Memorize a 32 character pass phrase and put a 32 character random string (generated with KeePass, for example) into the Yubikey. Right now in the US, the courts are 50/50 with compelling a user to reveal a pass phrase, so splitting it up between your brain and the Yubikey is a good practice...the Yubikey Nano is easily 'lost' :D PD Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 22, 2012 Share Posted April 22, 2012 Right now in the US, the courts are 50/50 with compelling a user to reveal a pass phrase, so splitting it up between your brain and the Yubikey is a good practice...the Yubikey Nano is easily 'lost' :D PD And what happens if you don't give up the password/passphrase for the encryption. What right will the course have against you? Quote Link to comment Share on other sites More sharing options...
Sitwon Posted April 22, 2012 Share Posted April 22, 2012 And what happens if you don't give up the password/passphrase for the encryption. What right will the course have against you? The judge can hold you in contempt of court (keep you in jail indefinitely) until you agree to cooperate or impose other sanctions, or decide that your refusal constitutes a crime (eg, obstruction of justice) and convict you of that. Personally, I use dm-crypt/luks for full disk (including swap) encryption, and then additionally I have an EncFS encrypted folder in my home directory where I keep my most sensitive files. I also keep a back-up of those files on an IronKey in case of hard drive failure. When I make backups to external hard drives that I want to keep private I have been using EncFS, however TrueCrypt would probably be the more portable solution. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.