I'm trying to get a fully encrypted system with several linux partitions.I use one big encrypted (luks) partition which I divide into several smaller with LVM but I still need to set the boot folder on a non-encrypted partition.So my question is : is there a way to have only one boot partition instead of one for each system ?
View 6 RepliesI'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?
my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II
4GB DDR3
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies View RelatedI work for a all-in-one IT company, basically businesses hire us and we will fix all their problems from servers to pencil sharpenersI want to get some background with UNIX so i wanted to multiboot linux on my laptop and use it for a few weeks. After a few hours of trial and error i managed to install it! So to the point: i used Truecrypt to encrypt my laptop and it used a special boot loader that made me input the password just after the post.My question is, can i use Truecrypt with a multiboot 7/ubuntu? After it took me hours to install this , running into and trouble shooting various problems that were probably just my ignorance, but Linux feels very fragile and i do not want to screw it up.
View 4 Replies View RelatedI plan to partition my hard drive so I can install fluxubuntu, minimal ubuntu with IceWM, ubuntu, and windows. (This thread is not about windows, that is just incidental) I have heard that I should use a partition for each OS, and a seperate partition for data, and that it is more secure that way. (as long as you apply appropriate security measures) I have also read that one should make partitions for system files(files that one does not want people to have writable access, such as the etc directory) My question is, what size should I make the OS partitions for minimal ubuntu with IceWM, FLUXUBUNTU and ubuntu, and are there system files that could be easily shared between them. finally, it seems obvious that all three OS's can share the same data partition, and swap partition.
View 2 Replies View RelatedI am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
I currently have FC3 Linux which installed itself on the hard disk using LVM partitioning, so it is basically all one big partition. I would like to try some other distributions and upgrade to something newer, but don't want to lose my current capabilities and data files, and I know nothing or less about LVM. Is it possible (and if so an example would be nice) to install a non-LVM-based distribution on the LVM disk and have multi-boot options? Or do I have to start over new and drop the LVM? My guess is that I should save my /home (data files and .rc files) on a backup device first, then somewhere/somehow create a new partition for installing another distribution.
View 1 Replies View RelatedI have a server running Fedora 6, which I wish to upgrade to Centos 5.4. This will be a lengthy switch over because of all of the apps I need to convert etc. As a precaution, I would like to keep my old Fedora running as multiboot. I have a boot partition, a fedora partition (root), and an empty partition for Centos.
Can I run the Centos installer and direct it to install onto the empty partition (I don't care if it formats it)BUT only add to the boot partition (not reformat it).? I don't want to lose the kernels/images on the boot partition, and from what I've seen most installers wipe out the boot partition prior to adding their own files.
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
i have found this xor encryption program
Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX_SIZE 256
[code]....
Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?
I am looking for some software (not Tryecrypt) where I can just right click a file and it will encrypt it for me. It would be nice to unencrypt on Windows but not essential.
View 3 Replies View RelatedIs it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
When you install sshd and run it with no modifications, then any other machine can connect to your machine without specifying a key. How does this work? Some key is being used, correct? how does the client know what private key to use?
View 14 Replies View RelatedJust migrating to linux but I don't want to give up linux just yet so I've stuck in a 2nd hard drive to install linux on which I've done, now I have windows on one hard drive and linux on the other but my computer boots straight onto linux. I need the option to choose which os to boot into on startup which I've heard GRUB is the best option but I have no idea how to go about setting this up.
View 3 Replies View RelatedI have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
When I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?
View 3 Replies View Related1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?
When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.
View 2 Replies View RelatedI want to create an encrypted directory using the cfs package. So far I've only been able to create the top directory. When I want to attach an encrypted directory using
Code:
cattach directory1 directory2
get the following message in command line:
Code:
RPC: unable to receive
When i look into my /crypt directory, nothing was added there. I have no idea what could be the problem. I use Ubuntu 10.04 LTS.
I am currently running 8.10 with full-disk (excluding /boot) encryption. I am going to be installing 10.04 on a new laptop, and I was wondering whether it supports multi-factor authentication. Specifically, I would like to have a keyfile on USB/SD memory that is required, in addition to the password, to decrypt the disk. Anyone know of a guide out there? So far my searches have turned up nil.
View 9 Replies View Relatedi have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies View RelatedI've been using GPG keys for about a year now to send encrypted emails to family. But now I want to try and understand more, mainly on signing keys. I've read a ton of stuff, but not fully grasping the concept. So I thought I'd check my understanding people here. Please let me know if I'm wrong on something.
Signing keys seems to be just signing someone else's public key with my private(public??) key. Does that mean I don't sign my own keys? Or should I? There seem to be lots of keyservers out there, mainly I keep hearing about the MIT one and the ubuntu keyserver. Does it matter where I upload my public key? Somewhere I read that once you upload it once, it will slowly make its way to other servers. How is that possible. If someone signs my key on one server, will that also get pushed to other servers?
I've read that blowfish encryption is much faster and still safe enough to transfer files between hosts.What's the default encryption used by openSSH? (if not already blowfish)
View 2 Replies View RelatedIs there any available Ubuntu encryption stronger than a 4096-bit DSA PGP key that is natively supported or can be supported by Evolution?
View 2 Replies View RelatedI don't care for domain 'authentication' by an "Authority". I don't trust no one, so CA's to me are as trustworthy as the gypsy in the park.
I can use a self-signed certificate, but the problem is most browsers makers are Fn idiots that say the connection is not secure, when it actually it, but because I did not folk out cash, it makes my website look bad.
I can understand the need for a 3rd party to verify the domain host to prevent man in the middle attacks, but I do not care for this.. and browser makers should take more responsibility and introduce different padlocks for types of authentication, rather than saying "this connection is encrypted, but not secure because its self-signed". What a load of horse s***!
How many times does people stop to read certificate authorities? I sure don't. I only care weather or not the connection has been encrypted.. so, I am looking for a way for simply providing encryption for my website.
From what I understand, when you submit a CSR to a CA, it includes the private key, meaning that the CA would be able to see the encrypt data, should they get hold of it. This is not acceptable for me.
Is there anything other way to use encryption other than the SSL model that is used typically amongst HTTPS browsers today?
I have a problem using PGP encryption. I am running Windows 7 operating system. I have PGP working perfectly fine when running manually through DOS mode (cmd.exe): gpg -ase --always-trust --batch --passphrase myphrase --output c: estdir estfile.csv.pgp -r someword c:estdir estfile.csv
Now the problem happens when I am trying to run same script in Perl in the browser (Perl + IIS are installed locally on my PC). The error I am getting is: gpg: no default secret key: No secret key gpg: C:\testdir\testfile.csv: sign+encrypt failed: No secret key
From what I understand, the secret key is created under my user profile. IIS runs under some default user name, so it does not see the secret key. I am not sure how to solve this problem.
Quote: The importance of security should never be underestimated. The consequences of losing data can be disastrous for any organisation. For example, the loss of a single unencrypted laptop may have huge repercussions. This could include breaching data protection legislation with the risk of a significant fine, a loss in the confidence of an organisation, as well as the risk that sensitive data may fall into the hands of a competitor or third party with malicious intent.
View 1 Replies View RelatedI do know about cold boot attacks. But I ran across a couple of posts/websites that had me wonder if it is possible, without the passphrase, to just remove the encryption?
View 4 Replies View RelatedIs LUKS the best data/system encryption? Or is there one that is even better and stronger?
View 1 Replies View Relatedam fiddling around using an AES encrypted password which is stored in passwd.txt:cat ../passwd/passwd.txt
{AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=Yet I like to interpret this password on the command line using svn checkout, so I do not have to type in my password ( which is visible on the command line):Exporting the variable SVNPASS reading it from the passwd.txt ( export SVNPASS=`cat <../passwd/passwd.txt`) won't work obviously as it interprets it as "text", so my question is, if there is a proper way to interpret this stored AES password so I can read it from the file?The alternative is to type in the password on the command line, but this needs to be invisible eitehr showing #, * or "hidden".
the last option is described: http://www.tech-recipes.com/rx/278/h...-shell-script/