To: DuncanWaring
Yes.... DM-Crypt for Linux. The default encryption algorithms (AES) are considered "strong", but it's not the algorithm alone which gives the system it's strength.
It's strength is in the way you set it up. The way I prefer is to encrypt the partition in question BUT keep the keys on a USB stick. But the USB stick itself has a DM-Crypt partition... inside of which is contained the clear-text keys for your hard disk's DM-Crypt partition.
In addition, you "could" create multiple partitions on the USB stick and keep trivial documents, and/or photos in them. Make sure that those partitions contain FAT or NTFS file systems so that a Windows system has no trouble reading them. "Most" people who examine such a USB stick never notice that one of the partitions is UNUSEABLE, nor do they pursue trying to discover what's in it.
I actually had it working such for awhile that the DM-Crypt partition was on my Android phone's SD card in a loop filesystem file. The phone wouldn't use it, but the Linux laptop DID when the phone was connected via USB! I ditched it though because I don't trust the Android that much. :-)
With the encryption keys kept separate from the laptop, accessing the laptop becomes nearly impossible without assistance from the owner. Also, concealing a micro-SD card with the "other" DM-Crypt partition on it, is a lot easier than hiding an entire laptop. :-)
Ubuntu Linux, Debian Linux, and MacOX come with partition level encryption capabilities. BUT... keeping your keys on separate media is still a subject which is off the beaten path. There's a LOT of info out there on how to do it with Linux. Just search Google (USE TOR!) using a string such as - "linux dm-crypt howto" and you'll get the answer. :-)
Since somebody is liable to ask... I'm going to tell you right now that keeping data on a fully encrypted partition brings with it other "issues". For starters, be sure to encrypt the swap space. A LOT of very useful information can be gleaned from unencrypted swap space. Encrypting swap space is easy though. :-) Also, backing it up is now an issue. I mean... HOW do you back up encrypted data, and keep the data secure if you simply back it up to other media? Well... you "could" DM-Crypt your media (external hard drive). I opted against this and instead use GNU Privacy Guard (GNUPG) and plain ole "tar". I stream the data to be backed up through gpg and tar, created a gpg encrypted tar archive as an end product. Oh... and the secret key for gnupg is on that USB stick INSIDE the DM-Crypt partition.
Anyway... pretty nerdy stuff... but that's just my preference. :-)
To: hiredhand
Arg... forgive any typos in that posting. It posted before I meant to... got “button happy”. :-)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson