Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Encryption HOWTO

Posted by CmdrTaco on from the why-not-learn-something-new dept.

lazyecho writes: "How to set up a Linux 2.2 system to use encryption in both disk and network accesses. This document describes how you can use the International Kernel Patch and other packages to make hard disk contents and network traffic inaccessible to others by encrypting them." Hey, your box is stable, why not mix it up a bit? I'm not a security nut, but this strikes me as a fun one anyway.

11 of 60 comments (clear)

  1. Re:StegFS sounds awesome... But... by jeti+ · · Score: 3
    Isn't there a way to have some combination of encryption and compression so that a file has two keys, one returns benign data and the other returns the real contents?
    Using two different steganographic algorythms (or at least keys) in a same file? You would only need to choose the bits to hide the information so that they won't overlap.

    An oversimplified example would be that if you hide information in an (uncompressed) .wav file, you store information A to the lowest bit of the left channel and information B to the lowest bit of the right channel.

    For this kind of operation you should propably choose a big file with plenty of 'insignificant' bits to choose (like MPEG video) so it would be easy to explain why you didn't use every possible bit to store data.

    --

    // /

  2. Great for Laptops / Handhelds by Xunker · · Score: 5

    This is a great thing for those of use that use laptops on a daily basis and hope to use use *nix-based handhelds soon... at least here in the USA... to keep over-zealous law-enforcment officials at bay;

    Now, IAMAL[?], but here is how I got it explained to me: Items on your person fall under the dictates of law governing search and siezure. If you have a cabinet in your home, the police are allowed to search is if they have probable cause; but if you have a safe in you your home, you are not required to volunteer the combination to it without a subpeona. Goes the same for passwords and crypto, too, AFAIK. They can put me in the squad car, but until they get a court order, I don't have to tell them the password to my PDA or my GPG/PGP secret key passphrase.

    This is a good thing, because an over-zealous officer could start dinking around on you laptop and find some incrimitation evidence (violating S&C Law), but tell the judge that he found 'by accident'. Who is the judge going to believe? But if you have it all locked up tight, nothing short of a circuit court judge can force you to unlock it.

    And please not my gratuitous use of the phrase 'over-zealous'. The VAST majority of law officers are decent human beings - its just those choice few emmy-award winners that makes everyones life hell.

    At the very least put a pasword on your PDA, laptop, and modified-laptop-car-MP3-Player. Especially the MP3 player -- Ms. Spears would be so pissed if she found out I downloaded all 50 remixes of "I'm a closet dyke" off Napster :)

    --
    Hilary Rosen's speech was about her love of money and her desire to roll around naked in a pile of money.
  3. Crypto Progs by digitaltraveller · · Score: 3

    There is an excellent open source Winblows encryption program called scramdisk. (www.scramdisk.clara.net) I believe they are porting it to linux. The nice thing about it is it mounts a file as a partition, and it's simple enough to back up that file so you don't have to worry about data integrity issues preventing you from decryption. I haven't read the howto yet but I hope it works the same way.....Rather then actually partitioning off part of the disk geometry.

  4. The Ultimate in Hard Drive Encryption by nihilogos · · Score: 3

    Even the purpose of this software is cunningly disguised.

    Masquerading as a set of utilities for mounting an ext2 partition from MS-DOS, Ltools is guaranteed to make your linux filesystems completely inaccessible to anybody.

    One of the most glaring insecurities in most disk encryption systems is the user themselves. They may simply be threatened with hot lubricating jelly and will reveal the all important encryption keys. Not so with Ltools - even the user is unable to retrieve the information once it is encrypted.

    Simply install the Ltools package on your windows partition and then type 'lmkdir etc'. I did this yesterday and believe me, there's no way anybody's accessing my root filesystem!

    --
    :wq
  5. Never gonna be as good as thermite. by bnolan · · Score: 3
    When the NSA take my machine away - I'm not gonna be puttin' no trusting in no Blowfish / RSA1024 / whathaveyou.

    Nope - never gonna feel truly safe until I got a big block of thermite tied to my hard drive and the dead-mans trigger in my left hand. :)

    Win32 Napster Client.

    --

    :wq

  6. WOW! by clinko · · Score: 4

    This is great Now I can spend hours encrypting everything I own. First I'll Start with all my disks then i'll do my network and then i'll realize that my life is an empty shell.

    1 year later:
    Why god do i have to encrypt everything? WHY!?
    I remember when it all started. It started with the disks, then i lost my job, then i lost my girlfriend, and i lost what life i had.

    DAMN YOU Linux Encryption HOWTO! DAMN YOU STRAIT TO HELL!!!

  7. Data Integrity by Th3+D0t · · Score: 4
    I would install an encrypting filesystem but for concerns of data integrity, performance, and validity.

    What if my filesystem were to go down? I could never recover my data. In addition performance would be hindered severly by the blocking overhead of the encryption and decryption (which is essentially the same exponential operation backwards and forwards).

    Until someone develops a hardware solution, I have to say, "no thank you."
    ---

    --
    I am the dot in slashdot.org
    1. Re:Data Integrity by avorpa · · Score: 4

      A few objections:

      1: The encryption works at a different level from the filesystem. If the filesystem gets corrupted, you can still decrypt the data, and you will be in the same position you would be if you didn't use encryption at all. Of course if you forget your password you'll never get the data back, but thats the point.

      2: And the blocking overhead? All the algorithms in the patch have 64 or 128 bit block size. This is far less than the size of a disk block, so i wouldn't be worried.

      3: There is no exponential operation. You are thinking of RSA, which is a public key algorithm. Public key algorithms have longer blocks and are slower than private key ones. They are necessary when you want anyone to be able to encrypt, but only you to be able to decrypt. Seeing you don't need this for disk encryption, private key algorithms are more appropriate.

      4: There are many hardware solutions, but they are generally designed for network encryption. Presumably you could write drivers to get them to do the computation for the disk encryption. Anyway, the processing isn't the main thing killing performance: twofish runs in 17 cycles per byte. The performace killer is that it works through a loopback device, which makes readahead and caching less efficient (i think thats the problem, but i'm not entirely sure about this).

  8. StegFS sounds awesome... by Booker · · Score: 4
    I love the idea of StegFS -

    StegFS is a Steganographic File System for Linux. Not only does it encrypt data, it also hides it such that it cannot be proved to be there.

    You know it's hard core when the docs refer vaguely to the ability to keep data secret in the face of torture. 1024-bit public-key encryption is all well and good, but threaten me with a glass rod, and I'll hand that key right over. Plausible deniability is where it's at! :)

    ---

  9. What I think I'd like to see... by Leknor · · Score: 3
    I'm not a crypto person but why not something like this:

    Each file is encrypted with a key that is then encrypted with the public keys for the user and group and maybe unencrypted if everybody has privilages.

    Then when a user logs in his private key is decrypted and the private keys for the groups he belongs to is decrypted with his private user key.

    Then with all the private keys the user can decrypt the keys that decrypt the files.

    I'm sure there are holes in this, so please tell me. All I know is what i've learned from reading about PGP, SSH, and CSS (hope I don't get sued for learning) and that isn't much. The only drawback I see is maybe a file could be out of the reach of root, but that isn't a drawback IMO.

    Leknor

  10. To take this inverse by Felinoid · · Score: 3

    One day my Boss takes a look at my computers hard disk.
    Yeah sure it's secure but the disk isn't encrypted and I'm really lucky to have a boss who knows Unix.
    Oh and I keep a Linux CD handy in case I need to restore my computer from a nasty crash.. how smart of me...

    Apparently my Boss dosn't share my intrests in techno advocacy.. the DVD DeCSS directory means.. I'm out of work...
    Oh well...
    So I get home.. my girl friend isn't quite so tech savy as I am but I'm allways teaching her stuff...
    Hay she learned a new trick on her own today..
    I mean now that I'm out of work my computers at home.. so she started tinkering around..
    I never did give her much access so she picks up the cd..
    the dam porn directory...

    Now I have no girlfriend...

    Mom wants to use the computer.. she's pritty tech savy... learnned CP/M way back and had access to a PDP11/70 when I was still a kid...

    But sadly all her equipment is obsolete... Commodore Pets.. Apple IIs.. She wants to use my Linux box while I'm out looking for work...
    Thats ok.... hmmmm

    Encryption HowTo... yeah Mom would he happy to have her network connection encrypted.. (I'll just encrypt all my personal files while I'm at it)

    Please note.. the above is fiction.. my boss dosn't look at my computer and I can't get my GF to even consider Linux...
    I don't have a porn directory and I keep DVD DeCSS on a ZipDisk...

    --
    I don't actually exist.