Safest Way To Store Information

[bobbyb1980]

Hey guys. I was cleaning up around the office today and started asking myself why I don't encrypt all the data I have stored. If someone were to break in all they'd have to do is plug in a hdd and they'd have my life's work.

I currently have my home folder encrypted, but something tells me that isn't enough. I keep my sensitive info stored offline on a usd hdd, but I'd like to double up and put some type of password or encryption that will make it difficult if not impossible for someone who isn't me to read.

Any advice for encrypting info on a linux machine? What's your setup? Thanks.

[Mr-Protocol]

TrueCrypt volumes are pretty popular.

[arcane]

The most critical things to encrypt is your home folder and the swap partition. Whole disk encryption with truecrypt on the Linux platform would be perfect, but it is not supported. You might be able to move /boot to a separate partition and encrypt everything else. It may work but I have not tried it. I would also make sure the computer locks out automatically.

[Jason Cooper]

Truecrypt is great for this sort of thing. I have a couple of SDHC cards holding truecrypt volumes that I back up my eeePC to, it works great and I don't have to worry about loosing the SD card (easily done with the size of them).

Given the bandwidth of USB2.0 you probably won't even notice a loss in performance from the encryption.

The one bit of advice that I think should be given for this method is to seriously think about the filesystem you use in the truecrypt volume. if you are only going to be accessing it though Linux then one of the ext filesystems will be fine, but if you are wanting to reliably access it through Windows as well as Linux then you may prefer to use FAT32 or NTFS.

If you do want to move to full disk encryption on your Linux machine then check out http://tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/ which should help you get started. Just remember to backup before hand.

[Infiltrator]

If you have a lot of private/confidential information, I'd use a combination of the IronKey with TrueCrypt, don't forget to set a very complex and long password, so it hard for the bad guys to crack it.

[PaulyD]

If you have a lot of private/confidential information, I'd use a combination of the IronKey with TrueCrypt, don't forget to set a very complex and long password, so it hard for the bad guys to crack it.

If you're going to stick to a removable drive, TrueCrypt is the most popular solution. If you want to do your Linux install, a dm-crypt/LUKS LVM install, with /boot on a USB or SD Card is what I do. If you want two factor authentication, get a Yubikey and set one of the slots to 'Static Password' mode (slot 1 is easiest to use). Memorize a 32 character pass phrase and put a 32 character random string (generated with KeePass, for example) into the Yubikey. Right now in the US, the courts are 50/50 with compelling a user to reveal a pass phrase, so splitting it up between your brain and the Yubikey is a good practice...the Yubikey Nano is easily 'lost' :D

PD

[Infiltrator]

Right now in the US, the courts are 50/50 with compelling a user to reveal a pass phrase, so splitting it up between your brain and the Yubikey is a good practice...the Yubikey Nano is easily 'lost' :D

PD

And what happens if you don't give up the password/passphrase for the encryption. What right will the course have against you?

[Sitwon]

And what happens if you don't give up the password/passphrase for the encryption. What right will the course have against you?

The judge can hold you in contempt of court (keep you in jail indefinitely) until you agree to cooperate or impose other sanctions, or decide that your refusal constitutes a crime (eg, obstruction of justice) and convict you of that.

Personally, I use dm-crypt/luks for full disk (including swap) encryption, and then additionally I have an EncFS encrypted folder in my home directory where I keep my most sensitive files. I also keep a back-up of those files on an IronKey in case of hard drive failure. When I make backups to external hard drives that I want to keep private I have been using EncFS, however TrueCrypt would probably be the more portable solution.