Full disk encryption

Where Penguins and Daemons chill together in the warmth of the Sun.

Moderators: SecretSquirrel, notfred

Full disk encryption

Postposted on Sun Aug 05, 2012 2:41 am

I am running Debian Squeeze and wondering if dm-crypt with LUKS is the way to go for full disk encryption?

I also have a couple of portable HDDs and USB keys that I would like to encrypt. Can anyone suggest an OS agnostic method to do this? I see TrueCrypt gets allot of love, but I cant see it working in situations where I don't have administrator rights such as schools etc.

Has anybody had a similar dilemma? Basically I want to start encrypting my HDDs in case of theft or the need to RMA them in the future.
FDISK /MBR
Dirge
Gerbil Jedi
 
Posts: 1525
Joined: Thu Feb 19, 2004 2:08 am
Location: New Zealand

Re: Full disk encryption

Postposted on Sun Aug 05, 2012 7:28 am

If the requirement is that you can mount encrypted disks without having administrative access to the system, I think you are pretty well out of luck. For full disk encryption to work, you must have the ability to install the encryption package on the system with "system" level credentials. This would be true for any package that is using an encrypted container file on a non-encrypted disk as well. Assuming you want to be able to mount that container as a file system. There will be configuration of the system that requires administrative rights.

As far as cross platform solutions go, TrueCrypt would be my suggestion.

--SS
SecretSquirrel
Gerbil Jedi
Gold subscriber
 
 
Posts: 1646
Joined: Tue Jan 01, 2002 6:00 pm
Location: The Colony, TX (Dallas suburb)

Re: Full disk encryption

Postposted on Sun Aug 05, 2012 7:37 am

I like the dm-crypt + luks system, works like a charm on Linux, but it's not a cross platform solution AFAIK.

For Windows, bitlocker is very nice too.
Core 2 Duo E6300, MSI P45 NEO-F, Club 3D GTX 260, 4Gb DDR2-800Mhz, Audigy X-Fi Fatal1ty Champ1on ed., 0.5Tb+1Tb Seagate Barracuda 7200.12, 630W AXP, Samsung SyncMaster BX2450, ViewSonic VP171b
Madman
Minister of Gerbil Affairs
 
Posts: 2317
Joined: Tue Apr 01, 2003 3:55 am
Location: Latvia

Re: Full disk encryption

Postposted on Sun Aug 05, 2012 12:27 pm

Supposedly you can use this:
http://www.ext2fsd.com/

plus this:
http://www.freeotfe.org/

and use ext2-formatted dm-crypt/luks disks in Windows, no admin privs required. It claims ext3 and ext4 support as well but with caveats: no journaling and no extents, nor extended attributes or ACLs.
Last edited by bthylafh on Sun Aug 05, 2012 2:48 pm, edited 1 time in total.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3073
Joined: Mon Dec 29, 2003 10:55 pm
Location: Southwest Missouri, USA

Re: Full disk encryption

Postposted on Sun Aug 05, 2012 1:23 pm

I vote for TrueCrypt as well. Works on Mac, Linux, and Windows, and is very flexible. I don't use it for full disk encryption, but rather make several virtual encrypted disks. It's a very powerful and flexible tool.
EsotericLord
Gerbil First Class
 
Posts: 135
Joined: Mon Jan 11, 2010 12:23 pm

Re: Full disk encryption

Postposted on Sun Aug 05, 2012 2:48 pm

EsotericLord wrote:I vote for TrueCrypt as well. Works on Mac, Linux, and Windows, and is very flexible. I don't use it for full disk encryption, but rather make several virtual encrypted disks. It's a very powerful and flexible tool.


PROTIP: read the original post before you jump in. He said why Truecrypt doesn't work for him.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3073
Joined: Mon Dec 29, 2003 10:55 pm
Location: Southwest Missouri, USA

Re: Full disk encryption

Postposted on Sun Aug 05, 2012 4:36 pm

Thanks for that info bthylafh, I see the developer (who is a chick by the way) has two programs FreeOTFE and FreeOTFE Explorer. I was quite excited about FreeOTFE Explorer not requiring administrator privileges, until I spotted this caveat.
FreeOTFE Explorer wrote:Doesn't currently support the use of encrypted partitions (Note: This is currently being implemented).


SecretSquirrel got it right when he said you need system level rights to install the encryption package. That is something I wont necessarily have at internet cafes or universities. In that case, if it were ultra important I would consider buying a cheap USB flash drive with hardware encryption. I have had other people steal my work from me in the past so this is a consideration.

FreeOTFE wrote:In common with all disk encryption systems however, it uses device drivers which require Administrator privileges to install (after which any user can use it), or to start "portable mode".


As for dm-crypt with LUKS, is this the only system that can support an encrypted swap partition? I am hesitant to use TrueCrypt and would rather something that is supported in the repository.
FDISK /MBR
Dirge
Gerbil Jedi
 
Posts: 1525
Joined: Thu Feb 19, 2004 2:08 am
Location: New Zealand


Return to Linux, Unix, and Assorted Madness

Who is online

Users browsing this forum: No registered users and 1 guest