Ubuntu Security :: Difference Between Dm-crypt/LUKS And TrueCrypt

Oct 4, 2010

I'm simply interested in a more basic discussion of why one would choose one of these methods over the other. What do they offer that the other does not? I'll start with what I know:

- dm-crypt/LUKS
--- included in a lot of install images already; in other words, perhaps easier to implement on a fresh install
- TrueCrypt
--- multiple encryption algorithms possible


For me... I have no need for Windows compatibility, though I do use OS X on a dual booting MacBook. I believe TrueCrypt woks with OS X, so that could be a bonus, though I can simply encrypt my home folder on OS X with it's own FireVault and be fine.My setup (after wiping and starting over) will probably be like so:

- /boot on it's own primary partition
- / on it's own primary partition with logical partitions within
--- /usr, /var, /etc, /opt, and the like on a logical partition
--- /home on a logical partition

/home will surely be encrypted and I'm leaning toward encrypting the rest as well, though perhaps it's not necessary. I'm open to input there as well -- is there anything the leaks from normal application use into /var or /tmp that would make one lean toward just encrypting the whole thing?

I opened up TrueCrypt just to look at it and since I can't encrypt a whole partition without losing data... I pretty much have to encrypt from what? A live CD? This could be a drawback -- I think since TrueCrypt isn't coming on install disks, I'd have to go with an unencrypted (or dm-crypt/LUKS) root partition and then use TrueCrypt to make a container (or partition) for /home only. I can't think of another way to do this since I can't encrypt the whole disk as one entity with my dual booting situation...

View 9 Replies


Ubuntu Security :: How To Mount A Dm-crypt/luks Drive

Apr 4, 2011

I have a perfectly OK 2.5 inch disk drive from a dead laptop (graphics card failed).

The hard drive is fine. I know the passphrase.

I had installed Ubuntu 10.04 with full fisk encryption using dm-crypt/luks using the alternate install cd.

I'm not exactly sure of the configuration I selected. Just that its full disk encryption with a pre-boot passphrase prompt.

Now my issue is, I have put the drive into a usb drive docking station, and I simply want to mount the partition on my new laptop, so I can copy the files over.

I've tried googling for various things like "mount dm-crypt drive linux" and "how to mount a luks encrypted partition linux", but I get no results.

View 4 Replies View Related

Ubuntu Security :: LUKS - Dm-crypt And Encrypted Partition At Boot

Feb 22, 2010

I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.

View 9 Replies View Related

Fedora Security :: Remove Boot Mount Of Dm-crypt LUKS Md1?

Dec 22, 2009

When I upgraded from FC11 to FC12 of the encrypted raid partitions started to request password on boot (in FC11 not having references to encrypted md1 in fstab and crypttab, was enough for FC11 not to ask for passwords on boot) despite the fact that I removed /etc/crypttab and there is nothing in /etc/fstab relating to encrypted md1 (raid array). I want my machine to boot w/o asking me passwords for encrypted devices, and I will open and mount them myself manually after boot.

View 11 Replies View Related

Ubuntu Installation :: Two-Factor Authentication On Dm-crypt/LUKS?

May 15, 2010

Since i'm on-the-road a lot encryption is crucial, with windows i've always used TrueCrypt and DiskCryptor, this is very easy to setup and allows me to create usb/cd devices that i can boot off and contain a keyfile, on boot it also requires a passphrase. Currently all i need to do is boot from harddisk and enter my passphrase. I would like to be able to boot from external device (in this case USB) that contains the bootloader and an integrated keyfile, also it should requist the passphrase. I found a guide on how to achieve two-factor authentication with dm-crypt on feisty but it's quite an old guide and is realy realy complicated for a newbie

View 1 Replies View Related

Ubuntu Installation :: Lockup On Mount Of Luks Crypt Fs At Boot?

Aug 10, 2010

It seems I've run into a bit of a problem. I recently upgraded to the latest kernel 2.6.32-24-generic (x86) but when I reboot into the new kernel and type in my password the system hangs, same when using a keyfile on the root file system.to give an outline of how the disks are setup.3 hard drives

sda1 / = unencrypted
sdb1 /home = encrypted w/ luks
sdc1 /backup = encrypted w/ luks

When i boot to the original kernel 2.6.32-21 I'm able to successfully get into the system.

View 1 Replies View Related

General :: How To Write As A Normal User To A Mounted Dm-crypt/LUKS Partition

Jul 17, 2011

I managed to setup an encrypted partition that's mounted on boot using dm-crypt/LUKS.

The relevant entry from my /etc/fstab:

/dev/mapper/st_crypt /media/st ext4 defaults 0 2

The partition is mounted at boot, and I can write to it as root just fine, but I have no idea how to make it writable by a normal user (i.e the users group).

View 1 Replies View Related

Security :: Dm-crypt Aes-xts-plain64 Vs Aes-cbc-essiv For Volumes > 2TiB?

Sep 12, 2010

I'm not a mathematician or cryptographer, only an end user of the technology trying to determine the "best" or safest future proof option to go with for long term archival while also maintaining reasonable performance with dual opteron ~2GHz or similar setup. I've noticed aes-cbc-essiv seems to be the default choice in various installers for reasons of backwards compatibility while others are moving towards XTS since the standardization.

View 1 Replies View Related

Ubuntu Security :: How To Setup The Truecrypt

Apr 8, 2010

I've been looking at setting up truecrypt on my laptop, but the guides on the truecrypt site and the ubuntu documentation seems to be incomplete or not address what i want to do.

What I have:

dual boot windows 7 / Ubuntu (lucid)

What I want is to dual boot with the hidden OS system:

Windows 7 (plausable)
Ubuntu (plausable)
Ubuntu (hidden install)

Is this possible? or is it better to make a hidden /home partition?

View 1 Replies View Related

Ubuntu Security :: Truecrypt With Multiboot I10.10/7?

Mar 21, 2011

I work for a all-in-one IT company, basically businesses hire us and we will fix all their problems from servers to pencil sharpenersI want to get some background with UNIX so i wanted to multiboot linux on my laptop and use it for a few weeks. After a few hours of trial and error i managed to install it! So to the point: i used Truecrypt to encrypt my laptop and it used a special boot loader that made me input the password just after the post.My question is, can i use Truecrypt with a multiboot 7/ubuntu? After it took me hours to install this , running into and trouble shooting various problems that were probably just my ignorance, but Linux feels very fragile and i do not want to screw it up.

View 4 Replies View Related

Ubuntu Security :: Truecrypt & Easycrypt Do Nothing

Jun 15, 2011

I have repeatedly installed Truecrypt and Easy Crypt but they do not "See" each other nor do they Encrypt Any Folder or File.

Easycrypt keeps telling me that I do not have Truecrypt installed!?

View 9 Replies View Related

Ubuntu Security :: Which Hash To Use For TrueCrypt

Jun 22, 2011

TrueCrypt offers 3 hashes for use: RIPEMD-160, SHA-512, WHIRLPOOL.What do most people use? How does one go about deciding which one is appropriate for them? Do they differ in security or performance?

View 9 Replies View Related

Ubuntu Security :: Recommendations For Luks Encryption?

Jan 8, 2010

When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.

View 2 Replies View Related

Ubuntu Security :: LUKS On LVM And Resizing Partition

May 10, 2010

I have a LVM logical volume, that contains a LUKS encrypted volume, on which is an ext4 filesystem. I shrank the partition to the minimum size. Next step is to luksClose the device, and then to resize the LVM logical volume. I suspect that LUKS has overhead. So if the ext4 filesystem was resized from, say 1TB to 500G, I have the idea that resizing the LVM LV to 500G does not take LUKS overhead into account and this might corrupt data on the end of the FS. So, what's the smart move to take? How do I calculate the safe minimum LV size? Or should I just give the 500G disk a few gigabytes extra to be sure?

View 4 Replies View Related

Ubuntu Security :: Use TrueCrypt With Non-ext3 Partitions?

Mar 23, 2010

When you are creating a TrueCrypt partition it asks what filesystem you will be using:


This is fine if you decide to create your partition on Linux but I am wondering what you would do if you wanted to create it on your XP partition and access it through the mounted drive. My XP is NTFS and that option does not appear.

View 4 Replies View Related

Ubuntu Security :: How To Launch Downloaded TrueCrypt

Mar 7, 2011

I downloaded TruCrypt but can't get it to launch.

View 2 Replies View Related

Security :: LUKS For Servers Pro And Cons?

Jul 29, 2010

I am trying to decide whether or not to use LUKS with LVM install for NAS Box, mysql, postfix, ddns, bind, NFS, sshd, Appletalk, maybe samba. I have decided to give LVMs a try but not sure how LUKS will affect access to services. LAN includes Standalone headless web server(not on LVM, no LUKS). Aren't permissions,iptables and firewalls sufficient? Not sure how services are supose to interract if everything is encrypted especially root?

So far what I have read recommends vgOS /, swap, /var, /tmp encription and vgdata /home encryption but no one tells how they did it. The 2 servers I'm working on only have small /home for admin stuff and considering making NAS headless, except i read somewhere that some gui would make it easier to manage mysql which brings me to the question if I don't install X on NAS can I ssh in with my desktop using its gui? I am experimenting with minimal server tagfiles. LUKS and LVMs are new to me. Decided to use LVMs to seperate OS from data, different data types and resizing flexibility. I have read some material on LUKS just wonder if its more complicated than my needs require. Certainly i don't want to leave myself open to someone just distroying my setup for kicks.

View 6 Replies View Related

Ubuntu Security :: Aes-xts - Aes-lrw - Aes-cbc - Set Up Encrypted Volumes With Dm_crypt And LUKS?

Jan 3, 2010

I'm just wondering - what is the best way to set up your encrypted volumes with dm_crypt and LUKS?

My understanding was that aes-lrw ws better than aes-cbc - and then I stumble upon [url] which says that LRW has some problems, and XTS is better? I dont know enough about encryption theory to be able to say anything, so i'm hoping some folks more enlightened will be able to say something here.

I was previously using aes-lrw-benbi to set up a volume. If xts is truly better - should i be using '-c aes-xts-benbi' then?

View 4 Replies View Related

Ubuntu Security :: TrueCrypt - Hidden Volume Protection ?

Jan 22, 2010

I installed TrueCrype 6.3a on my 8.1 Ubuntu. Everything went fine until I got to the part where I need to protect my hidden volume from damaged caused by writing to the outer volume (these instructions: [url] ). I can't find the checkbox to "Protect hidden volume from damaged caused by writing to outer volume". The closest thing I can find is an option to "Protect hidden volume when mounting outer volume". Intuitively these don't sound the same to me. There are 2 difference between my setup and the instructions; 1) the instructions appear to be written for Windows and not Linux. 2) I am using a file volume and not a partition volume.

Does anyone know where the option is to protect the hidden volume when writing to the outer volume?

View 2 Replies View Related

Ubuntu Security :: Auto Mount The Truecrypt Volume?

Feb 9, 2010

I have a 2nd hard drive that I have encrypted using true crypt. Is it possible to set this up with key files (or some other way) to auto mount when linux boots. I need it in true crypt because there are some work programs I dual boot to use in windows, and need to have access to the drive in XP from time to time, and true crypt can mount there as well. But 90+% of my time is in linux and I would like to have it auto mount through fstab (or whatever way it needs to be). My entire linux setup has been set up with encryption through dm crypt and LUKS (except for /boot). So I would think having a key file stored on the computer and an auto mount fstab would be just as secure as however secure my LUKS setup is. So any way to auto mount a true crypt 2nd drive volume?

View 3 Replies View Related

Ubuntu Security :: TrueCrypt Volume Is No Longer Bootable

Jul 16, 2010

I installed TrueCrypt in Microsoft Windows XP SP3 (no Linux installations present) and I stopped the TrueCrypt service in the Windows enviroment, and then, I restarted, and all the sudden it seemed the PC can not see the Hard Disk at all at startup, nada... I believe I dismounted it by stopping the TrueCrypt service... So the PC no longer understands there is a TrueCrypt volume in place, and I inserted the TrueCrypt recovery disk, and it can not do any thing, I restored the bootloaders, the true crypt loader, and once I finished this, I press ESC, and it says there are no bootable devices, so nothing. I even decrypted the disk, and it seemed that nothing happened with the restore disk...

Is there any way I can make this partition bootable again? because I have every thing in that partition, every single bit of life... I have used TestDisk under Linux right now, but I am unsure of this, and I also further complicated the boot proccess, and now the PC states at startup about missing partition tables. When I start truecrypt from this Kubuntu live CD, I am unable to see the encrypted hard disk even with root, there is no way to see this hard disk, only can be seen in the TestDisk app. I really I am desperate, at least, if I can not make Windows Boot again, maybe just suck all the files out of the hard disk and put them some where for now, I really need to get back to work, and I cant seem to find a solution...

I know here at Ubuntu forums, some one may have the solution. And I do know for sure all the files on this volume are there because of the TestDisk app, so they are there, they are just not reachable.... (I have posted this problem on a Linux forums instead of a Windows forum because the only way to try to recover the volume is with Linux Kubuntu Live CD

View 2 Replies View Related

Ubuntu Security :: Truecrypt Container And Clearing Swap?

Sep 27, 2010

my current plan is to create a truecrypt container with the whirlpool hash. This container will be located on a hdd that is not where my OS will be located (so a separate physical sata drive).My concern is when this container is accessed, that some of the password information could be stored in my swap partition (which is on the main drive where the OS "/" is located)

I would like to have a script or command I could run that after I unmount those drives (or just halt the system) that my swap (and ram too if possible) could be wiped (or like overwritten with the shred command). Also, am I going about this the right way, or should I just use truecrypts FDE on the entire drive? In addition, when Ubuntu does it's default install, does it create a swap file in addition to a swap partition? If it does, would that be another vulnerability? If it is, how do I prevent this from happening?

I welcome any input you have on this. I am aware that once the drive is mounted, it is vulnerable, but I want the data to be secure as possible once my computer is turned off. Also, I have read that there are ram exploits where it holds your passwords for up to a few minutes after you turn the machine off, does anyone know how long that it and is there a way to clear it, or will only time let it fade?

View 1 Replies View Related

Ubuntu Security :: Using TrueCrypt To Encrypt Whole Hard Drive?

Nov 5, 2010

So what I want to do is encrypt my entire hard drive, but heres the thing.

I dual boot Ubuntu and windows 7, but I am afraid that if I use truecrypt to do the encrypting that it will wipe GRUB and not allow me to boot into any OS, is that a possibility and is there a way around it?

View 7 Replies View Related

Ubuntu Security :: Create An AutoMount Truecrypt Volume?

Dec 29, 2010

How do I create a Truecrypt volume that will automount on bootup?

View 3 Replies View Related

Fedora Security :: How To Enable Encryption With Luks

Jun 17, 2010

1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.

2.) How secure is the default fedora version of luks? Is truecrypt better?

View 2 Replies View Related

Security :: Is LUKS The Best Data/system Encryption

Mar 20, 2011

Is LUKS the best data/system encryption? Or is there one that is even better and stronger?

View 1 Replies View Related

Security :: Luks Root Partition On Laptop

May 9, 2011

if encrypt my root partition with Luksformat on my laptop and the battery suddenly goes out without a proper shutdown, I stand a big chance on corrupting the luks header or key slot?

View 1 Replies View Related

Ubuntu Security :: Dual Booting With Truecrypt 6.3a Chainloading Grub2

Jan 4, 2010

I'm having problems getting TC to load grub2 1.97b4. When I hit ESC from the TC boot prompt, I get "no bootable partitions found".

I also booted into Ubuntu Live cd, mounted my LVM dm-crypted volume and tried to reinstall grub2 to my nonencrypted /boot under /dev/sda3 and TC still wont boot. Then I set the boot flag on /dev/sda3 and it still won't boot.

These are the commands I used to install grub2 to my /boot partition. Atleast that's what I think it did.

grub-install /dev/sda3
grub-install --recheck /dev/sda3

View 3 Replies View Related

Ubuntu Security :: Securely Delete File In TrueCrypt Volume

Jan 4, 2011

This one being Ubuntu 9.10 (yes, I know I really should upgrade). I keep a number of confidential files in a TrueCrypt container which is a standalone file in my Documents folder. I'd like to delete some of these, but I want to do it as securely as I can, but I believe if I simply hit 'Delete' with the file selected it'll move the file to the Deleted Items folder. This, I assume, means that the file is taken out of the encrypted volume and stored unencrypted in the Deleted folder.

I've been reading a little about the Shred command, and there seems to be some question about whether it works effectively with a journalled file system; and since I have no idea whether I'm using a journalled file system, or how to find out, I'm treating Shred and other over-writing secure deletion tools as ineffective for now.

With this in mind, can anyone advise me how I can protect the file stored in the TrueCrypt volume, and delete it in place, without taking it out of the encrypted area? And, further to that, can anyone tell me whether in fact the file is actually secured while it's in the encrypted volume? For all I know, just opening the volume may result in copies being made somewhere (apart from RAM).

View 5 Replies View Related

Fedora Security :: LUKS Encryption At Partition Level Or LVM?

Jul 19, 2010

I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?

my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II

View 3 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved