encrypted disc hint
j.schipper at math.uu.nl
Tue May 31 09:39:29 PDT 2005
On Mon, May 30, 2005 at 05:14:49PM -0400, Robert Connolly wrote:
> I think I found a way to use random keys/passwords for swap without
> having a clear partition table.
Would you explain where the benefit is in this? If they can't crack the
encryption, knowing the layout will do them little good, while if they
*can* crack the encryption, it doesn't matter a bit where your partition
table is. Or is there some other benefit?
> # (...) Because the entire drive is
> # encrypted we will have to boot from something else, like two floppies or a
> # compact disc. I prefer two floppies because the 2.6 kernel changes often. To
> # make the initial ramdisk image I use SquashFS with LZMA compression.
See below for some comments about system vs data encryption.
> # And finally enable encrypted swap:
> swapon -a &&
> rm -rf /var/log/ksymoops
Deleting this directory *is* recommended in the loop-AES documentation,
and doesn't really hurt IMHO, but it might be worthwhile to note that
some things are no longer logged, apparently (never had the directory
myself - but then again, my kernel doesn't use a lot of modules...)
> # After creating a key we can divide up the drive.
> # You will need to remember all the offsets you used for later.. but luckily its
> # all found from 'losetup -a', so save the output from losetup.
LVM might be relevant here. It would certainly be the first thing I'd
look into if I decided to extend encrypted disks to more than swap and
perhaps /home. Not that this hint should be extended to cover LVM - but
a one-line pointer to the relevant Linux Documentation Project howto
might be useful. (Disclaimer: I never tried this, but it should be
possible and looks like a good idea.)
Aside from all this, I concur with Archaic, with the added notion that
most data doesn't require crypting either. A crypted system has benefits
- mostly that it becomes almost impossible to boot into Knoppix or
somesuch and install a Trojan - but since it does not protect against
runtime attacks, this is not as big an advantage as it seems (and there
are more effective ways to stop this - Tripwire is one of the more
common ones; a fairly trivial but more thorough solution could be
md5summing partitions at shutdown and boot, which is of course only
feasible if you don't turn the machine off too often and a little delay
in coming back up is acceptable)
More information about the hlfs-dev