Security :: Is LUKS The Best Data/system Encryption

Mar 20, 2011

Is LUKS the best data/system encryption? Or is there one that is even better and stronger?

View 1 Replies


ADVERTISEMENT

Fedora Security :: How To Enable Encryption With Luks

Jun 17, 2010

1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.

2.) How secure is the default fedora version of luks? Is truecrypt better?

View 2 Replies View Related

Ubuntu Security :: Recommendations For Luks Encryption?

Jan 8, 2010

When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.

View 2 Replies View Related

Fedora Security :: LUKS Encryption At Partition Level Or LVM?

Jul 19, 2010

I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?

my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II
4GB DDR3

View 3 Replies View Related

Security :: Create A LUKS Encryption Drive With Different Passwords?

Jun 20, 2010

I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?

View 1 Replies View Related

General :: LUKS Encryption Affect TRIM? (SSD And System)

Mar 26, 2010

I'm moving over to Linux when the new SSD arrives. SSD gives increased performance, so I thought that I could encrypt everything.

But then I came to think about TRIM, and garbage collection on the drive. Will a LUKS encrypted drive affect the garbage collection system? (TRIM).

View 3 Replies View Related

Ubuntu :: Install A Luks Enabled Grub For Full System Encryption?

Mar 12, 2011

I'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?

View 2 Replies View Related

Ubuntu Security :: Encryption, Luks, "auto"-mount, But Ask For Password?

Feb 14, 2010

I know how to mount it manually. I've seen a howto on how to mount it automatically by loging in with the user, you type your username and password and it mounts your encrypted partition. But that's not what I want. My idea is to call cryptsetup and mount on boot, AND ask me for passphrase like when its loading the system, then if I don't type the right password it shouldn't mount /home, even though i type the correct USER password later when the system is loaded(and then I'd have an empty /home since my home partition wasn't mounted due to wrong passphrase).

This is what I tried: I added the commands to rc.local and I don't even feel like it was executed, no passphrase was asked. As a test if commands there were being executed, I tried simple commands lile mkdir /test and it worked. So commands there are executed, yet, no passphrase was asked to me, I looked on dmesg for crypt and found nothing, I pressed alt+ctrl+F1 desiring to find a passprhase-ask and again, nothing.

View 2 Replies View Related

Security :: Traces Of Deleted Data On LUKS Filesystem ?

Apr 25, 2010

Recently, I started protecting all user-accessible filesystems on my Sidux desktop machine with LUKS. Before that, I would regularly erase traces of deleted data, and I wonder if this is still necessary.

It would be most valuable to me to be pointed towards a good introductory article on the underlying mechanics of LUKS and cryptsetup, as there are a few more minor questions to be answered. Unfortunately, I lack the necessary mathematic and cryptographic background to understand scientific papers.

View 2 Replies View Related

Programming :: C++ GUI Signalling - Encryption System Should Encrypt The Data In The Clipboard

May 30, 2011

I'm trying to write a GUI text encryption application. I wrote the encryption system in a No GUI application like this::

[Code]...

Now I'm trying to write a GUI version, using the same algorithm. Here goes a rough image of my main window code. If you scroll down you'll observe a coloured part. As you see, the text in the first textbox gets copied into clipboard. That is the part where my encryption system should encrypt the data in the clipboard, and copy it again, and later on the new data will be pasted. How am I supposed to write that? If I have to use another signal, what is the receiver of that signal?

[Code]...

View 5 Replies View Related

Red Hat :: Encryption In Rhel6 Using Luks But Not Worked?

May 9, 2011

first i make one partiton ten format it add mount point and fire luksopen command and create secert file and enter this in crypttab but when i rebbot it showes scert file not found and partion remain unlocked

View 1 Replies View Related

OpenSUSE Install :: Using Non-LUKS Loopback Encryption In 11.3?

Aug 5, 2010

I've got some old drives using pre-LUKS loopback encryption, and I'm having problems mounting them on OpenSUSE 11.3. What I expected to work, based on past experiences with other distributions, is something along the lines of:

mount -t ext3 /dev/sdc11 tmp -o loop=/dev/loop1,encryption=AES256. When I try this I'm asked for the password, but then get the message "ioctl: LOOP_SET_STATUS: Invalid argument". Anyone have a clue what could be going wrong, or how I can best access these drives from OpenSUSE?

View 5 Replies View Related

Debian Installation :: Full Disk Encryption (LUKS) LVM

Oct 21, 2015

I would like to configure my Debian Jessie system in this way.

Two partitions:

1) /boot on /dev/sda1
2) everything else on /dev/sda2

I want to encrypt the second partition with LUKS. And then install over it a LVM volume. Inside the LVM volume i will create the / (root), /var, /opt and /home virtual partitions. In this way, i'll get asked only once for the password to decrypt all partitions. Because if i don't use LVM, then i'll get asked for the password for each encrypted partition.

I can follow and understand almost everything of this HOW-TO for Archlinux: [URL] ....

Only two passages are unclear to me:

1) Configuring mkinitcpio

I don't understand what i should do here in order to complete this. What should i do in Debian to configure "mkinitcpio"? what is the equivalent thing to do here?

I thought that the kernel would automatically recompile itself with all installed modules on the Debian system, once cryptosetup/LUKS or LVM2 get installed.

2) Configuring the boot loader

I don't understand what should i write in /etc/default/grub. Will GRUB automatically load the LUKS and LVM2 modules? Also, I don't think that i could boot the system in this way:

cryptdevice=/dev/sda2:LVM root=/dev/mapper/LVM-????

Actually the "root=" volume is the whole volume to mount as LVM. It isn't the final root partition.

View 5 Replies View Related

General :: Performance With Software RAID5 And LUKS Encryption?

Jul 3, 2011

I have set up a Linux software RAID5 on three hard drives and want to encrypt it with cryptsetup/LUKS. My tests showed that the encryption leads to a massive performance decrease that I cannot explain. The RAID5 is able to write 187 MB/s [1] without encryption. With encryption on top of it, write speed is down to about 40 MB/s.

The RAID has a chunk size of 512K and a write intent bitmap. I used -c aes-xts-plain -s 512 --align-payload=2048 as the parameters for cryptsetup luksFormat, so the payload should be aligned to 2048 blocks of 512 bytes (i.e., 1MB). cryptsetup luksDump shows a payload offset of 4096. So I think the alignment is correct and fits to the RAID chunk size.

The CPU is not the bottleneck, as it has hardware support for AES (aesni_intel). If I write on another drive (an SSD with LVM) that is also encrypted, I do have a write speed of 150 MB/s. top shows that the CPU usage is indeed very low, only the RAID5 xor takes 14%.

I also tried putting a filesystem (ext4) directly on the unencrypted RAID so see if the layering is problem. The filesystem decreases the performance a little bit as expected, but by far not that much (write speed varying, but > 100 MB/s).

Summary:
Disks + RAID5: good
Disks + RAID5 + ext4: good
Disks + RAID5 + encryption: bad
SSD + encryption + LVM + ext4: good

The read performance is not affected by the encryption, it is 207 MB/s without and 205 MB/s with encryption (also showing that CPU power is not the problem). What can I do to improve the write performance of the encrypted RAID?

[1] All speed measurements were done with several runs of dd if=/dev/zero of=DEV bs=100M count=100 (i.e., writing 10G in blocks of 100M).

Edit: If this helps: I'm using Ubuntu 11.04 64bit with Linux 2.6.38. Edit2: The performance stays approximately the same if I pass a block size of 4KB, 1MB or 10MB to dd.

View 1 Replies View Related

Fedora Security :: Image An Entire Luks System Encrypted Volume And The Rest Of The Used HDD, The MBR And /boot Partition?

Jan 21, 2009

I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.

I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?

View 8 Replies View Related

General :: Text Config File Encryption On System For Security?

Aug 16, 2011

I plan to use newsbeuter for console RSS reading.This program has a config text file where I need to store my Google account password,in order to access my Google reader.I don't feel easy at making my password readable to everyone.Is there anyway I can somehow encrypt this information ?

View 1 Replies View Related

Ubuntu Security :: Security, Passwords & Encryption Keys?

Jun 7, 2011

I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:

1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?

2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.

3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?

4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?

5)give me links to fairly current documentation on this stuff?

6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.

View 9 Replies View Related

Security :: LUKS For Servers Pro And Cons?

Jul 29, 2010

I am trying to decide whether or not to use LUKS with LVM install for NAS Box, mysql, postfix, ddns, bind, NFS, sshd, Appletalk, maybe samba. I have decided to give LVMs a try but not sure how LUKS will affect access to services. LAN includes Standalone headless web server(not on LVM, no LUKS). Aren't permissions,iptables and firewalls sufficient? Not sure how services are supose to interract if everything is encrypted especially root?

So far what I have read recommends vgOS /, swap, /var, /tmp encription and vgdata /home encryption but no one tells how they did it. The 2 servers I'm working on only have small /home for admin stuff and considering making NAS headless, except i read somewhere that some gui would make it easier to manage mysql which brings me to the question if I don't install X on NAS can I ssh in with my desktop using its gui? I am experimenting with minimal server tagfiles. LUKS and LVMs are new to me. Decided to use LVMs to seperate OS from data, different data types and resizing flexibility. I have read some material on LUKS just wonder if its more complicated than my needs require. Certainly i don't want to leave myself open to someone just distroying my setup for kicks.

View 6 Replies View Related

Security :: Secure Solution To Transfer Data Using Rsync Over Internet Between 2 System Server?

Jan 2, 2010

I'm looking for a most possible, secure solution to transfer data using rsync over Internet between 2 linux server.
I have 3 option: SSH, IPSEC and Kerberos.
Which one in your opinion should be most secure solution?

View 3 Replies View Related

Ubuntu Security :: LUKS On LVM And Resizing Partition

May 10, 2010

I have a LVM logical volume, that contains a LUKS encrypted volume, on which is an ext4 filesystem. I shrank the partition to the minimum size. Next step is to luksClose the device, and then to resize the LVM logical volume. I suspect that LUKS has overhead. So if the ext4 filesystem was resized from, say 1TB to 500G, I have the idea that resizing the LVM LV to 500G does not take LUKS overhead into account and this might corrupt data on the end of the FS. So, what's the smart move to take? How do I calculate the safe minimum LV size? Or should I just give the 500G disk a few gigabytes extra to be sure?

View 4 Replies View Related

Security :: Luks Root Partition On Laptop

May 9, 2011

if encrypt my root partition with Luksformat on my laptop and the battery suddenly goes out without a proper shutdown, I stand a big chance on corrupting the luks header or key slot?

View 1 Replies View Related

Security :: Acceptable Kerberos Encryption - Error "ktutil: AES256/SHA1*: Encryption Type AES256/SHA1* Not Supported"

Dec 23, 2010

I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.

I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.

View 1 Replies View Related

Fedora Security :: LUKS Encrypted Partion And Start Up

Aug 18, 2010

I run fedora 13 on my laptop (dual boot with Windows 7) and I just created a new partion to hold sensible data, encrypted with LUKS. I followed this tutorial for creating it.Now, everything went well and the new partition works well. But I needed something a little different from what the tutorial suggested, because I don't want the partition to be mounted on the system each time it boots, but I would (unlock and) mount it manually when I need it.

To do so I just didn't follow the Tutorial steps from 7 to 13, thinking that without the changes to crypttab and fstab the partition wouldn't be even touched by the start up process. And that's partially true: the partition isn't mapped nor mounted in the system when I boot, but the problem is that it however keeps asking for the passphrase to unlock it even if it doesn't get mounted or mapped.It just asks for it before the system loads all it's parts (udev, filesystems, etc) and I can't understand why, what it uses it for if it doesn't unlock it.So my question is: why does it ask for the passphrase to unlock luks if I haven't set crypttab and fstab to mount the partition on start up?

View 2 Replies View Related

Ubuntu Security :: Aes-xts - Aes-lrw - Aes-cbc - Set Up Encrypted Volumes With Dm_crypt And LUKS?

Jan 3, 2010

I'm just wondering - what is the best way to set up your encrypted volumes with dm_crypt and LUKS?

My understanding was that aes-lrw ws better than aes-cbc - and then I stumble upon [url] which says that LRW has some problems, and XTS is better? I dont know enough about encryption theory to be able to say anything, so i'm hoping some folks more enlightened will be able to say something here.

I was previously using aes-lrw-benbi to set up a volume. If xts is truly better - should i be using '-c aes-xts-benbi' then?

View 4 Replies View Related

Ubuntu Security :: Difference Between Dm-crypt/LUKS And TrueCrypt

Oct 4, 2010

I'm simply interested in a more basic discussion of why one would choose one of these methods over the other. What do they offer that the other does not? I'll start with what I know:

- dm-crypt/LUKS
--- included in a lot of install images already; in other words, perhaps easier to implement on a fresh install
- TrueCrypt
--- multiple encryption algorithms possible

[code]....

For me... I have no need for Windows compatibility, though I do use OS X on a dual booting MacBook. I believe TrueCrypt woks with OS X, so that could be a bonus, though I can simply encrypt my home folder on OS X with it's own FireVault and be fine.My setup (after wiping and starting over) will probably be like so:

- /boot on it's own primary partition
- / on it's own primary partition with logical partitions within
--- /usr, /var, /etc, /opt, and the like on a logical partition
--- /home on a logical partition

/home will surely be encrypted and I'm leaning toward encrypting the rest as well, though perhaps it's not necessary. I'm open to input there as well -- is there anything the leaks from normal application use into /var or /tmp that would make one lean toward just encrypting the whole thing?

I opened up TrueCrypt just to look at it and since I can't encrypt a whole partition without losing data... I pretty much have to encrypt from what? A live CD? This could be a drawback -- I think since TrueCrypt isn't coming on install disks, I'd have to go with an unencrypted (or dm-crypt/LUKS) root partition and then use TrueCrypt to make a container (or partition) for /home only. I can't think of another way to do this since I can't encrypt the whole disk as one entity with my dual booting situation...

View 9 Replies View Related

Ubuntu Security :: How To Mount A Dm-crypt/luks Drive

Apr 4, 2011

I have a perfectly OK 2.5 inch disk drive from a dead laptop (graphics card failed).

The hard drive is fine. I know the passphrase.

I had installed Ubuntu 10.04 with full fisk encryption using dm-crypt/luks using the alternate install cd.

I'm not exactly sure of the configuration I selected. Just that its full disk encryption with a pre-boot passphrase prompt.

Now my issue is, I have put the drive into a usb drive docking station, and I simply want to mount the partition on my new laptop, so I can copy the files over.

I've tried googling for various things like "mount dm-crypt drive linux" and "how to mount a luks encrypted partition linux", but I get no results.

View 4 Replies View Related

Fedora Security :: Remove Boot Mount Of Dm-crypt LUKS Md1?

Dec 22, 2009

When I upgraded from FC11 to FC12 of the encrypted raid partitions started to request password on boot (in FC11 not having references to encrypted md1 in fstab and crypttab, was enough for FC11 not to ask for passwords on boot) despite the fact that I removed /etc/crypttab and there is nothing in /etc/fstab relating to encrypted md1 (raid array). I want my machine to boot w/o asking me passwords for encrypted devices, and I will open and mount them myself manually after boot.

View 11 Replies View Related

Fedora Security :: Unlock A LUKS Encrypted Root Partition Via Ssh?

May 20, 2010

Anyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.

There are a few pages from google with the debians variants, archived by putting dropbear into initrd.

I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?

View 2 Replies View Related

Ubuntu Security :: LUKS - Dm-crypt And Encrypted Partition At Boot

Feb 22, 2010

I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.

View 9 Replies View Related

Security :: Forgot LUKS Password - Possible To Crack With Limited Charset?

May 22, 2011

I've encrypted my root partition with LUKS and cannot remember my password. My main question is this: is it possible to extract the hash (or key; not sure on the correct terminology here) from the LUKS header and run it through a cracker? The hash type is SHA1 and I can remember the characters I used for the password, just not in the correct order (lots of special characters). That being said, given such a small charset, it should be crackable within a reasonable time, correct? Especially if I used a GPU accelerated cracker. What I don't know how to do is go about getting the hash from the LUKS header. Is any of this possible, or am I SOL? Of course, I have physical access to the system so I can boot it into any utilities I may need to.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved