Ubuntu Security :: Encryption, Luks, "auto"-mount, But Ask For Password?
Feb 14, 2010
I know how to mount it manually. I've seen a howto on how to mount it automatically by loging in with the user, you type your username and password and it mounts your encrypted partition. But that's not what I want. My idea is to call cryptsetup and mount on boot, AND ask me for passphrase like when its loading the system, then if I don't type the right password it shouldn't mount /home, even though i type the correct USER password later when the system is loaded(and then I'd have an empty /home since my home partition wasn't mounted due to wrong passphrase).
This is what I tried: I added the commands to rc.local and I don't even feel like it was executed, no passphrase was asked. As a test if commands there were being executed, I tried simple commands lile mkdir /test and it worked. So commands there are executed, yet, no passphrase was asked to me, I looked on dmesg for crypt and found nothing, I pressed alt+ctrl+F1 desiring to find a passprhase-ask and again, nothing.
View 2 Replies
ADVERTISEMENT
Jan 8, 2010
When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.
View 2 Replies
View Related
Jun 17, 2010
1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?
View 2 Replies
View Related
Mar 20, 2011
Is LUKS the best data/system encryption? Or is there one that is even better and stronger?
View 1 Replies
View Related
Jul 19, 2010
I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?
my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II
4GB DDR3
View 3 Replies
View Related
Jun 20, 2010
I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
View 1 Replies
View Related
May 27, 2010
I'm having a problem auto-mounting a new luks partition. I have crypttab and fstab entries. I already have my primary encrypted partition (root) mounting at boot (from the install), but after creating this one manually, it does not open on boot. It auto-mounts when I run the following command manually after boot: sudo luksOpen /dev/disk/by-uuid/<uuid> mycrypt
/etc/crypttab entry:
personalcrypt /dev/disk/by-uuid/a1af5b7b-db58-4690-b586-b74407795e2c none luks
/etc/fstab entry:
[code]...
View 1 Replies
View Related
Oct 22, 2010
I know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird
View 7 Replies
View Related
Apr 26, 2010
I would like to known whether I can configure the server to input the password for the encryption disk automatically during boot up.Is it possible
View 3 Replies
View Related
Apr 4, 2011
I have a perfectly OK 2.5 inch disk drive from a dead laptop (graphics card failed).
The hard drive is fine. I know the passphrase.
I had installed Ubuntu 10.04 with full fisk encryption using dm-crypt/luks using the alternate install cd.
I'm not exactly sure of the configuration I selected. Just that its full disk encryption with a pre-boot passphrase prompt.
Now my issue is, I have put the drive into a usb drive docking station, and I simply want to mount the partition on my new laptop, so I can copy the files over.
I've tried googling for various things like "mount dm-crypt drive linux" and "how to mount a luks encrypted partition linux", but I get no results.
View 4 Replies
View Related
May 22, 2011
I've encrypted my root partition with LUKS and cannot remember my password. My main question is this: is it possible to extract the hash (or key; not sure on the correct terminology here) from the LUKS header and run it through a cracker? The hash type is SHA1 and I can remember the characters I used for the password, just not in the correct order (lots of special characters). That being said, given such a small charset, it should be crackable within a reasonable time, correct? Especially if I used a GPU accelerated cracker. What I don't know how to do is go about getting the hash from the LUKS header. Is any of this possible, or am I SOL? Of course, I have physical access to the system so I can boot it into any utilities I may need to.
View 3 Replies
View Related
Dec 22, 2009
When I upgraded from FC11 to FC12 of the encrypted raid partitions started to request password on boot (in FC11 not having references to encrypted md1 in fstab and crypttab, was enough for FC11 not to ask for passwords on boot) despite the fact that I removed /etc/crypttab and there is nothing in /etc/fstab relating to encrypted md1 (raid array). I want my machine to boot w/o asking me passwords for encrypted devices, and I will open and mount them myself manually after boot.
View 11 Replies
View Related
Aug 8, 2010
Is there a way to change the password for the whole disk encryption?
View 2 Replies
View Related
Oct 19, 2009
When I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?
View 3 Replies
View Related
Jan 18, 2011
am fiddling around using an AES encrypted password which is stored in passwd.txt:cat ../passwd/passwd.txt
{AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=Yet I like to interpret this password on the command line using svn checkout, so I do not have to type in my password ( which is visible on the command line):Exporting the variable SVNPASS reading it from the passwd.txt ( export SVNPASS=`cat <../passwd/passwd.txt`) won't work obviously as it interprets it as "text", so my question is, if there is a proper way to interpret this stored AES password so I can read it from the file?The alternative is to type in the password on the command line, but this needs to be invisible eitehr showing #, * or "hidden".
the last option is described: http://www.tech-recipes.com/rx/278/h...-shell-script/
View 5 Replies
View Related
Nov 20, 2010
I have two cryptsetup volumes with the same password that I want to open in a bash script, and I want to avoid writing the passphrase twice. I was thinking of using read -s. Is there any security problems with this?The other alternative would be to have a password file on a small partition encrypted with a passphrase. Then only give the passphrase and let the script open up all encrypted volumes using the password file. However this seems overly complicated. But is it more secure?
View 3 Replies
View Related
Mar 20, 2010
When installing the latest Distro of Mint (I believe this is not much different, if at all, from Ubuntu as far as this goes) I chose to have my Home folder encrypted using the login password. This was a function of the installation. What I was wondering about was how secure this was and if I should maybe use something to do a better encryption or not.
View 1 Replies
View Related
May 9, 2011
first i make one partiton ten format it add mount point and fire luksopen command and create secert file and enter this in crypttab but when i rebbot it showes scert file not found and partion remain unlocked
View 1 Replies
View Related
Aug 5, 2010
I've got some old drives using pre-LUKS loopback encryption, and I'm having problems mounting them on OpenSUSE 11.3. What I expected to work, based on past experiences with other distributions, is something along the lines of:
mount -t ext3 /dev/sdc11 tmp -o loop=/dev/loop1,encryption=AES256. When I try this I'm asked for the password, but then get the message "ioctl: LOOP_SET_STATUS: Invalid argument". Anyone have a clue what could be going wrong, or how I can best access these drives from OpenSUSE?
View 5 Replies
View Related
Aug 14, 2011
I recently installed ubuntu on an old dell. I have the OS installed on an 80GB HD and I have a 500GB drive in the computer as a storage drive. I can see the drive and read and write to it just fine. But before I can I have to mount it and provide my password. Is there a way to set it so that it's already mounted and ready when I start up the computer? The drive is formatted to FAT32 I'm using Ubuntu 9.10
View 9 Replies
View Related
Oct 21, 2015
I would like to configure my Debian Jessie system in this way.
Two partitions:
1) /boot on /dev/sda1
2) everything else on /dev/sda2
I want to encrypt the second partition with LUKS. And then install over it a LVM volume. Inside the LVM volume i will create the / (root), /var, /opt and /home virtual partitions. In this way, i'll get asked only once for the password to decrypt all partitions. Because if i don't use LVM, then i'll get asked for the password for each encrypted partition.
I can follow and understand almost everything of this HOW-TO for Archlinux: [URL] ....
Only two passages are unclear to me:
1) Configuring mkinitcpio
I don't understand what i should do here in order to complete this. What should i do in Debian to configure "mkinitcpio"? what is the equivalent thing to do here?
I thought that the kernel would automatically recompile itself with all installed modules on the Debian system, once cryptosetup/LUKS or LVM2 get installed.
2) Configuring the boot loader
I don't understand what should i write in /etc/default/grub. Will GRUB automatically load the LUKS and LVM2 modules? Also, I don't think that i could boot the system in this way:
cryptdevice=/dev/sda2:LVM root=/dev/mapper/LVM-????
Actually the "root=" volume is the whole volume to mount as LVM. It isn't the final root partition.
View 5 Replies
View Related
Mar 26, 2010
I'm moving over to Linux when the new SSD arrives. SSD gives increased performance, so I thought that I could encrypt everything.
But then I came to think about TRIM, and garbage collection on the drive. Will a LUKS encrypted drive affect the garbage collection system? (TRIM).
View 3 Replies
View Related
Jul 3, 2011
I have set up a Linux software RAID5 on three hard drives and want to encrypt it with cryptsetup/LUKS. My tests showed that the encryption leads to a massive performance decrease that I cannot explain. The RAID5 is able to write 187 MB/s [1] without encryption. With encryption on top of it, write speed is down to about 40 MB/s.
The RAID has a chunk size of 512K and a write intent bitmap. I used -c aes-xts-plain -s 512 --align-payload=2048 as the parameters for cryptsetup luksFormat, so the payload should be aligned to 2048 blocks of 512 bytes (i.e., 1MB). cryptsetup luksDump shows a payload offset of 4096. So I think the alignment is correct and fits to the RAID chunk size.
The CPU is not the bottleneck, as it has hardware support for AES (aesni_intel). If I write on another drive (an SSD with LVM) that is also encrypted, I do have a write speed of 150 MB/s. top shows that the CPU usage is indeed very low, only the RAID5 xor takes 14%.
I also tried putting a filesystem (ext4) directly on the unencrypted RAID so see if the layering is problem. The filesystem decreases the performance a little bit as expected, but by far not that much (write speed varying, but > 100 MB/s).
Summary:
Disks + RAID5: good
Disks + RAID5 + ext4: good
Disks + RAID5 + encryption: bad
SSD + encryption + LVM + ext4: good
The read performance is not affected by the encryption, it is 207 MB/s without and 205 MB/s with encryption (also showing that CPU power is not the problem). What can I do to improve the write performance of the encrypted RAID?
[1] All speed measurements were done with several runs of dd if=/dev/zero of=DEV bs=100M count=100 (i.e., writing 10G in blocks of 100M).
Edit: If this helps: I'm using Ubuntu 11.04 64bit with Linux 2.6.38. Edit2: The performance stays approximately the same if I pass a block size of 4KB, 1MB or 10MB to dd.
View 1 Replies
View Related
Jan 30, 2010
I decided to stop using my password to enter Ubuntu (recently installed) and switch to automatic start up. Hit the relevant key, then restart. Received three notices, closed two, entered pass to get encryption code at third, then nothing but a blank, Ubuntu-colour screen. Unable to open Ubuntu. How the heck to I get myself out of this trap?
View 1 Replies
View Related
Mar 12, 2011
I'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?
View 2 Replies
View Related
Feb 9, 2010
I have a 2nd hard drive that I have encrypted using true crypt. Is it possible to set this up with key files (or some other way) to auto mount when linux boots. I need it in true crypt because there are some work programs I dual boot to use in windows, and need to have access to the drive in XP from time to time, and true crypt can mount there as well. But 90+% of my time is in linux and I would like to have it auto mount through fstab (or whatever way it needs to be). My entire linux setup has been set up with encryption through dm crypt and LUKS (except for /boot). So I would think having a key file stored on the computer and an auto mount fstab would be just as secure as however secure my LUKS setup is. So any way to auto mount a true crypt 2nd drive volume?
View 3 Replies
View Related
Feb 2, 2011
i have a triple boot of windows XP,7 and ubuntu10.10 netbook remixis it possible to require a password to mount the windows drivesthere is no log on password on the ubuntu but i dont want people to access the other drives unless they have my password
View 3 Replies
View Related
Sep 1, 2010
Is there a way in Lucid to require a sudo password to mount all external drives (e.g. thumb drives, USB CD/DVD drives, USB hard drives)
View 1 Replies
View Related
May 17, 2010
I found a way some times ago to mount a truecrypt volume when opening the session by insertion of the login password in the mounting script instead of putting it in clear in the script. I don't remember to command to read/transfer the password.
View 2 Replies
View Related
Mar 16, 2010
I have recently installed CentOS 5.4. I went ahead and enabled encryption for the root partition. everything was fine for the first few days, but today it started refusing my password on boot. The weird thing is after refusing the password several times it accepted it once, then when I rebooted to test refused the password it had accepted moments earlier. I guessed the password file got corrupt or something so I did a clean install. During the install it asked for the password to access the partition and accepted (!) the password. I went ahead and deleted the old partition and reinstalled from scratch just to be sure. And I made extra certain I put in the correct password with no fumble fingers. Sure enough the blasted thing refuses the password I just created during boot. However, if I input the password into the setup it accepts it. What the hell is going on here?
View 2 Replies
View Related
