FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 02-22-2012, 05:45 PM
"Christopher A. Lindsey"
 
Default On the road again: Encryption

Hello to list!

Well, I've been trapped behind a desk for awhile and am now going back
on the road.

I'm planning to take my laptop running Ubuntu 11.10.

I've been reading and reading about the available options for encrypting
my system and many of the articles/posts are very instructive. However,
many of them seem very much out of date and even contradicting.

My laptop will contain company information, client information and
personal information. It's critical that this data not fall into
unscrupulous hands due to loss or theft.

I would like to fully encrypt the system to ensure no data can be
salvaged. Especially, client information.

I'd like to use TrueCrypt as I'm some what familiar with it. However,
with the new full disk encryption available for Ubuntu I though it
would be a good idea to ask if anyone has any thoughts on which would be
a better option.

From what I've been reading, it appears I'd have to do a fresh install
to use either one.

Anybody have any thoughts?

Thanks,
Chris
--
Christopher A. Lindsey
Garuda LLC
PGP Key: AFD4E820






--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-22-2012, 07:16 PM
Kaj Haulrich
 
Default On the road again: Encryption

On 02/22/2012 07:45 PM, Christopher A. Lindsey wrote:

Hello to list!

Well, I've been trapped behind a desk for awhile and am now going back
on the road.

I'm planning to take my laptop running Ubuntu 11.10.

I've been reading and reading about the available options for encrypting
my system and many of the articles/posts are very instructive. However,
many of them seem very much out of date and even contradicting.

My laptop will contain company information, client information and
personal information. It's critical that this data not fall into
unscrupulous hands due to loss or theft.

I would like to fully encrypt the system to ensure no data can be
salvaged. Especially, client information.

I'd like to use TrueCrypt as I'm some what familiar with it. However,
with the new full disk encryption available for Ubuntu I though it
would be a good idea to ask if anyone has any thoughts on which would be
a better option.

From what I've been reading, it appears I'd have to do a fresh install
to use either one.

Anybody have any thoughts?


Well, I run my /home partition encrypted with the built-in encryption
tool. It runs absolutely fine, and from what I have read, it should be
impossible to crack without a supercomputer running for years. It does
require a fresh install and formatting - including the swap partition.


I don't know if it's mandatory to partition your disk, but it certainly
will not harm. Why encrypt the whole disk? - If you keep everything
within your /home it seems like overkill to me...


Speaking of overkill: you could furthermore secure your *really*
sensible date - like passwords - in an extra encrypted directory. For
example with ccrypt. Just compress it with tar.gz end then run ccencrypt
on it. It uses the Rijndael cipher, which is the U.S. government's
chosen candidate for the Advanced Encryption Standard (AES).


Regards
Kaj Haulrich.
--
--- Sent from a 100% Microsoft-free computer---
--------- Running Linux Kubuntu 12.04 ---------

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-22-2012, 09:10 PM
Karl Auer
 
Default On the road again: Encryption

On Wed, 2012-02-22 at 11:45 -0700, Christopher A. Lindsey wrote:
> My laptop will contain company information, client information and
> personal information. It's critical that this data not fall into
> unscrupulous hands due to loss or theft.

If you are concerned only about those two issues, and about threats only
from those interested in the hardware, not the data on it, then
encryption will work.

If you are also concerned about Government or corporate interest in your
data, then encryption is not enough.

Reams of stuff have been written about precautions to take when entering
difficult countries such as China and the US; a few minutes searching
should find it easily enough.

The best precaution is not to take the data with you at all.

Regards, K.


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au)
http://www.biplane.com.au/kauer

GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-23-2012, 11:20 PM
NoOp
 
Default On the road again: Encryption

On 02/22/2012 12:16 PM, Kaj Haulrich wrote:
> On 02/22/2012 07:45 PM, Christopher A. Lindsey wrote:
>> Hello to list!
>>
>> Well, I've been trapped behind a desk for awhile and am now going back
>> on the road.
>>
>> I'm planning to take my laptop running Ubuntu 11.10.
>>
>> I've been reading and reading about the available options for encrypting
>> my system and many of the articles/posts are very instructive. However,
>> many of them seem very much out of date and even contradicting.
>>
>> My laptop will contain company information, client information and
>> personal information. It's critical that this data not fall into
>> unscrupulous hands due to loss or theft.
>>
>> I would like to fully encrypt the system to ensure no data can be
>> salvaged. Especially, client information.
>>
>> I'd like to use TrueCrypt as I'm some what familiar with it. However,
>> with the new full disk encryption available for Ubuntu I though it
>> would be a good idea to ask if anyone has any thoughts on which would be
>> a better option.
>>
>> From what I've been reading, it appears I'd have to do a fresh install
>> to use either one.
>>
>> Anybody have any thoughts?
>
> Well, I run my /home partition encrypted with the built-in encryption
> tool. It runs absolutely fine, and from what I have read, it should be
> impossible to crack without a supercomputer running for years. It does
> require a fresh install and formatting - including the swap partition.

Actually that is incorrect. You can easily encrypt your home folder and
swap without doing a fresh install. Simply use ecryptfs-migrate-home and
ecryptfs-setup-swap (the later will require also installing cryptsetup).
I've done this on virtual machines as well as several of my work
systems. See:

<http://blog.dustinkirkland.com/2011/02/long-overdue-introduction-ecryptfs.html>


Note: this is relatively simple, but I *highly* recommend trying it a
few times on a virtual machine or a test machine before using it on your
actual working /home. And of course, backup beforehand. Also, Dustin
fails to mention that you really need to run ecryptfs-migrate-home while
logged in as another user with adminstrative rights. Easyest is to creat
a 'test' user, give it admin rights, log out of your user & log in as
'test'. Then run:

Get the packages:
$ sudo apt-get install ecryptfs cryptsetup
Set up an encrypted swap:
$ ecryptfs-setup-swap
Encrypt the /home directory of the regular user:
$ sudo ecryptfs-migrate-home -u <user>

Do *not* logout, but instead use switch user to your your <user>. Log in
and ensure that the you can read/write to the encrypted home. If so run
ecryptfs to generate a restore passphrase:

$ sudo ecryptfs-unwrap-passphrase

Save the output to a device other than the encrypted device (usb, paper,
other drive etc).

*don't delete anything yet ala the 'and you should remove
/home/<user>.<randomLetterNumbers> - only delete that folder after you
are positive that all is working following a few reboots.

If you cannot login as <user> and read/write, switch back to 'test' and
rename the /home/<user> & then rename /home/<user>.<randomLetterNumbers>
to /home/<user>. Now try switching to/logging in to <user> to make sure
the uncrypted data has been restored.

Also see:
http://ecryptfs.sourceforge.net/ecryptfs-faq.html

>
> I don't know if it's mandatory to partition your disk, but it certainly
> will not harm. Why encrypt the whole disk? - If you keep everything
> within your /home it seems like overkill to me...

Encrypting the entire disk/partition has the advantage of keeping
information that can/could be accessable containing user passwords &
other sensitive information (/var /tmp /etc /swap). You may keep your
primary data in /home/user/, however several programs keep your
passwords for those programs in a / directory. Generally the password is
"root" owned and therefore "protected" as you'd need to know the
root/user password to access/view. However, that is pretty much
non-secure if you have physical access to the machine.

>
> Speaking of overkill: you could furthermore secure your *really*
> sensible date - like passwords - in an extra encrypted directory. For
> example with ccrypt. Just compress it with tar.gz end then run ccencrypt
> on it. It uses the Rijndael cipher, which is the U.S. government's
> chosen candidate for the Advanced Encryption Standard (AES).
>
> Regards
> Kaj Haulrich.

Best advice (IMO) is to encrypt the entire partition/drive if possible,
encrypt at least /home/<user> & swap if not. And then take Karl's
advise: "The best precaution is not to take the data with you at all"...
or at least only take what is necessary & then do that on an encrypted
usb stick or similar.



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-23-2012, 11:28 PM
NoOp
 
Default On the road again: Encryption

On 02/23/2012 04:20 PM, NoOp wrote:
> On 02/22/2012 12:16 PM, Kaj Haulrich wrote:
...
>> Well, I run my /home partition encrypted with the built-in encryption
>> tool. It runs absolutely fine, and from what I have read, it should be
>> impossible to crack without a supercomputer running for years. It does
>> require a fresh install and formatting - including the swap partition.
>
> Actually that is incorrect. You can easily encrypt your home folder and
> swap without doing a fresh install. Simply use ecryptfs-migrate-home and
> ecryptfs-setup-swap (the later will require also installing cryptsetup).
> I've done this on virtual machines as well as several of my work
> systems. See:
>
> <http://blog.dustinkirkland.com/2011/02/long-overdue-introduction-ecryptfs.html>
>
>
> Note: this is relatively simple, but I *highly* recommend trying it a
> few times on a virtual machine or a test machine before using it on your
> actual working /home. And of course, backup beforehand. Also, Dustin
> fails to mention that you really need to run ecryptfs-migrate-home while
> logged in as another user with adminstrative rights. Easyest is to creat
> a 'test' user, give it admin rights, log out of your user & log in as
> 'test'. Then run:
>
> Get the packages:
> $ sudo apt-get install ecryptfs cryptsetup
...
Sorry. Should be:
$ sudo apt-get install ecryptfs-utils cryptsetup


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 01:18 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org