Personal computing discussed

Moderators: renee, SecretSquirrel, notfred

 
Dirge
Gerbil Jedi
Topic Author
Posts: 1620
Joined: Thu Feb 19, 2004 3:08 am

Full disk encryption

Sun Aug 05, 2012 3:41 am

I am running Debian Squeeze and wondering if dm-crypt with LUKS is the way to go for full disk encryption?

I also have a couple of portable HDDs and USB keys that I would like to encrypt. Can anyone suggest an OS agnostic method to do this? I see TrueCrypt gets allot of love, but I cant see it working in situations where I don't have administrator rights such as schools etc.

Has anybody had a similar dilemma? Basically I want to start encrypting my HDDs in case of theft or the need to RMA them in the future.
FDISK /MBR
 
SecretSquirrel
Minister of Gerbil Affairs
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Full disk encryption

Sun Aug 05, 2012 8:28 am

If the requirement is that you can mount encrypted disks without having administrative access to the system, I think you are pretty well out of luck. For full disk encryption to work, you must have the ability to install the encryption package on the system with "system" level credentials. This would be true for any package that is using an encrypted container file on a non-encrypted disk as well. Assuming you want to be able to mount that container as a file system. There will be configuration of the system that requires administrative rights.

As far as cross platform solutions go, TrueCrypt would be my suggestion.

--SS
 
Madman
Minister of Gerbil Affairs
Posts: 2317
Joined: Tue Apr 01, 2003 4:55 am
Location: Latvia

Re: Full disk encryption

Sun Aug 05, 2012 8:37 am

I like the dm-crypt + luks system, works like a charm on Linux, but it's not a cross platform solution AFAIK.

For Windows, bitlocker is very nice too.
Core 2 Duo E6300, MSI P45 NEO-F, Club 3D GTX 260, 4Gb DDR2-800Mhz, Audigy X-Fi Fatal1ty Champ1on ed., 0.5Tb+1Tb Seagate Barracuda 7200.12, 630W AXP, Samsung SyncMaster BX2450, ViewSonic VP171b
 
bthylafh
Maximum Gerbil
Posts: 4320
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Full disk encryption

Sun Aug 05, 2012 1:27 pm

Supposedly you can use this:
http://www.ext2fsd.com/

plus this:
http://www.freeotfe.org/

and use ext2-formatted dm-crypt/luks disks in Windows, no admin privs required. It claims ext3 and ext4 support as well but with caveats: no journaling and no extents, nor extended attributes or ACLs.
Last edited by bthylafh on Sun Aug 05, 2012 3:48 pm, edited 1 time in total.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
EsotericLord
Gerbil First Class
Posts: 136
Joined: Mon Jan 11, 2010 1:23 pm

Re: Full disk encryption

Sun Aug 05, 2012 2:23 pm

I vote for TrueCrypt as well. Works on Mac, Linux, and Windows, and is very flexible. I don't use it for full disk encryption, but rather make several virtual encrypted disks. It's a very powerful and flexible tool.
 
bthylafh
Maximum Gerbil
Posts: 4320
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Full disk encryption

Sun Aug 05, 2012 3:48 pm

EsotericLord wrote:
I vote for TrueCrypt as well. Works on Mac, Linux, and Windows, and is very flexible. I don't use it for full disk encryption, but rather make several virtual encrypted disks. It's a very powerful and flexible tool.


PROTIP: read the original post before you jump in. He said why Truecrypt doesn't work for him.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
Dirge
Gerbil Jedi
Topic Author
Posts: 1620
Joined: Thu Feb 19, 2004 3:08 am

Re: Full disk encryption

Sun Aug 05, 2012 5:36 pm

Thanks for that info bthylafh, I see the developer (who is a chick by the way) has two programs FreeOTFE and FreeOTFE Explorer. I was quite excited about FreeOTFE Explorer not requiring administrator privileges, until I spotted this caveat.
FreeOTFE Explorer wrote:
Doesn't currently support the use of encrypted partitions (Note: This is currently being implemented).


SecretSquirrel got it right when he said you need system level rights to install the encryption package. That is something I wont necessarily have at internet cafes or universities. In that case, if it were ultra important I would consider buying a cheap USB flash drive with hardware encryption. I have had other people steal my work from me in the past so this is a consideration.

FreeOTFE wrote:
In common with all disk encryption systems however, it uses device drivers which require Administrator privileges to install (after which any user can use it), or to start "portable mode".


As for dm-crypt with LUKS, is this the only system that can support an encrypted swap partition? I am hesitant to use TrueCrypt and would rather something that is supported in the repository.
FDISK /MBR

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On