Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Linux Encryption HOWTO 60

Posted by CmdrTaco from the why-not-learn-something-new dept.
lazyecho writes: "How to set up a Linux 2.2 system to use encryption in both disk and network accesses. This document describes how you can use the International Kernel Patch and other packages to make hard disk contents and network traffic inaccessible to others by encrypting them." Hey, your box is stable, why not mix it up a bit? I'm not a security nut, but this strikes me as a fun one anyway.
This discussion has been archived. No new comments can be posted.

Linux Encryption HOWTO More

Linux Encryption HOWTO

Comments Filter:
  • As long as you damage a small part of the data that tracks the contents of the hard disk it's rendered pritty much unreadable...
    Don't need to eliminate 100% of the disk... just a well selected 1% will do...
  • Perhaps you should read the article again. The whole point of the loopback device is to mount files as partitions.

    Scramdisk is a very good program for windows (although it has one of the ugliest user interfaces I have seen), but it serves essentially the same purpose as using an encrypted loopback device.

    Scramdisk will be a welcome addition to linux (though hopefully they will pretty it up a bit), especially if they make it easier for novices to use encrypted filesystems. It also has the ability to use steganography like StegFS, which is as added bonus.

  • That HOWTO is good, but severely out of date. To quote Cha pte r 10 - Encrypting files and drives in Linux, BSD, and other Unices" [securityportal.com]

    Chapter 10 - Encrypting files and drives in Linux, BSD, and other Unices

    By: Kurt Seifried, seifried@securityportal.com [mailto], for http://www.securityportal.com/ [securityportal.com]

    ; Overview

    Do you have files on your computer that you wouldn't want your spouse to read, or perhaps your main competitor. Chances are if you use your computer for work or general usage the answer is yes. Also what happens if you want to send a file to someone, or let them download it from you, but you only have access to a public site (like a free web hosting company). The answer is to encrypt the file, and fire it off. For UNIX you have several choices, PGP, and GnuPG, as well as Guardbot for web based file transfers. If you work with files that are sensitive (such as spreadsheets containing sensitive financial data) the constant hassle of encrypting and decrypting the file (as well as the fact a decrypted copy will be stored on the filesystem, leaving a window of opportunity for an attacker) can get tedious. If this is the case you will want to use software such as, BestCrypt (commercially licensed but free for Linux with source code), or PPDD (Private and Top Secret, GPL licensed) which are both very similar in execution and general usage.

    Encrypting files and drives PGP

    Pretty Good Privacy is available as a command line driven program for most UNIX platforms, and there are a variety of front end GUI programs for it. I would not recommend using PGP on a UNIX platform since a completely OpenSource, and compatible replacement is now available, in the form of GnuPG.

    GnuPG

    GnuPG is a GPL licensed (a.k.a. completely free in every respect), written in Germany (a very pro-crypto and pro-privacy country). Since it is available in full source code chances are it has been ported to your UNIX platform (and if not try compiling it, it might work). You can download GnuPG [slashdot.org] as a compressed tarball of source code, and there are links to a number of source and binary packages for various UNIX platforms. Once installed GnuPG behaves very similarly to PGP. The first thing you'll probably want to do is generate a new keypair, simply use the command "gpg --gen-key", it will create a ".gnupg" directory in which to store your keys, option files and so on and exit, you then run it again and it will lead you through the key creation process. Choosing the defaults during key generation is a pretty safe bet, although you may want to use a 2048 bit keysize (realistically if someone manages to crack 1024 bit keys, chances are they can get at your 2048 bit key, however if they are only trying to brute force it a longer key is a good way to reduce the chances of that). For personal keys the expiry is typically set to "0" (that is to say they do not expire), however if these keys are for corporate use, or for really sensitive information it is a good idea to expire keys and rotate them (every month, year, decade, whatever your security policy dictates). The most important thing when generating a key (in my opinion) is the passphrase. This is a string of characters which should consist of letters (upper and lower case) numbers and punctuation marks, the longer the better (I'd say the bare minimum is 10 characters). This controls access to the private key, which is used to sign items (and if compromised means an attacker could easily impersonate you), and to decrypt data (meaning an attacker could access all your data). Keep your private key secure! If an attacker gains access to this key they only have to brute force the passphrase, which is typically a lot weaker then a random 1024 bit (or longer) key. Worse yet they may steal your passphrase, with a keyboard sniffer or similar attack, resulting in a compromise of your key. If the attacker does not have access to your private key they will be forced to guess it, which takes a brutally long time (on average however, there is a chance they may guess the key correctly on their first try).

    Signing files is useful if you want to distribute a file to someone, and be able to prove that you sent it, and it was not tampered with. Internally GnuPG takes a hash sum (such as MD5 or SHA1) of the file (basically it reduces the file to a shorter, unique string of data) which it then encrypts with your private key, generating a signature. This signature can then be decrypted with your public key, resulting in possession of the hash sum of the file, simply take the hash sum of the file in question, and if the they match, then obviously the file is what it claims to be. This signature file can be a binary file, or converted into text (for example signing email, or distributing file signatures via email). To sign a file with gpg simply use :

    $ gpg -b file

    which will create a detached signature of the file.

    To verify the signature use "gpg --verify file.sig file". If all is well you should see something like:

    $ gpg --verify file.sig file gpg: Signature made Sat 15 Jan 2000 05:23:31 AM MST using DSA key ID 47D0D9A8 gpg: Good signature from "Kurt Seifried <seifried@securityportal.com>"

    If someone has fiddled with the file or signature you will see something like:

    $ gpg --verify file.sig file gpg: Signature made Sat 15 Jan 2000 05:23:31 AM MST using DSA key ID 47D0D9A8 gpg: BAD signature from "Kurt Seifried <seifried@securityportal.com>"

    Encrypting files is also relatively simple, a person uses your public key to run the data through a one way algorithm which results in a seemingly random mishmash of data, you can then use your private key to recover what the original data was, thus decrypting it. To encrypt a file to someone you first need their public key, you can download it from their homepage (if they have it online of course), or you can go to a public key server, of which there are many:

    http://pgp.ai.mit.edu/ [mit.edu] - PGP key server
    http://www.keyserver.net/ [keyserver.net] - OpenPGP key server

    Once you have their key it is simply a matter of signing and encrypting the file (just encrypting the file is rare as there is no proof of who the data is from, unless you use some other method, like physically handing them a floppy disk with the encrypted file). The following is an example of me signing a file and encrypting it with my public key:

    $ gpg -s -e file You need a passphrase to unlock the secret key for user: "Kurt Seifried <seifried@securityportal.com>" 1024-bit DSA key, ID 47D0D9A8, created 2000-01-15 You did not specify a user ID. (you may use "-r") Enter the user ID: seifried@securityportal.com

    The user ID can either be the key ID (such as: 47D0D9A8), the email address associated with the key (seifried@securityportal.com [mailto])or the name (not recommended as these are not unique, there are many John Smith's). You will end up with a "file.gpg" that is binary, if you wish to send the file via email it is advisable to use the "-a" ("--armor") option which will result in "file.asc" and is ASCII text, so you can read it straight into an email, or print it out, mail it, and let them OCR and decrypt it at their end. To decrypt a file sent to you simply:

    $ gpg --decrypt file.asc You need a passphrase to unlock the secret key for user: "Kurt Seifried <seifried@securityportal.com>" 1024-bit ELG-E key, ID 47D0D9A8, created 2000-01-15 (main key ID 39B0D9A8)

    and it will display the file (hopefully a text file) to your screen, followed by the veracity of the signature (if you have the persons public key):

    gpg: Signature made Sat 15 Jan 2000 06:06:19 AM MST using DSA key ID 47D0D9A8 gpg: Good signature from "Kurt Seifried <seifried@securityportal.com>"

    if you want to save the decrypted file simply use "--output filename" and it will dump the content to "filename". You can also use shell commands such as "|" or ">" to further mangle the output (this is useful if you have automated systems such as a reporting mechanism which sends encrypted emails to a central repository).

    BestCrypt

    BestCrypt is a disk encryption program available for Windows and Linux. The nice thing is you can create an encrypted container (a file that is then mounted as a filesystem), and use it in Windows or in Linux (as long as it resides on a partition accessible to both, so putting it on your Windows partition is fine since Linux reads almost all Windows partition types). BestCrypt consists of some kernel modules (so your kernel will need to support loadable kernel modules obviously, and it helps if you are using tools like depmod, modprobe and the kernel module loader), and a userspace utility called "bctool". This program is however officially in "beta testing" for Linux, and probably should not be used for critical data (if it is, make sure you have backups). After testing BestCrypt for Linux I am satisfied that even though the software is officially beta, it is probably stable enough for most users, however your mileage may vary, all sales final, and don't blame me for any lost data. The only real problem with BestCrypt is a severe lack of documentation, while there is a man page that explains basic options, there is not a single example of how to create and mount a container (I suspect the release will have documentation, their Windows version documentation is quite good, a half meg helpfile). You need to download the software first, available as a source tarball, and source rpm (very easy to install on an RPM based system). Simply download either one, I would recommend the source rpm if you can.

    # rpm -Uvh BestCrypt-0.3b-1.src.rpm BestCrypt ################################################## # cd /usr/src/redhat/SPECS # rpm -ba bcrypt.spec

    followed by a lot of text while it unpacks, compiles and assembles the source RPM and binary RPM. You should then have a:

    /usr/src/redhat/RPMS/i386/BestCrypt-0.3b-1.i386.rp m /usr/src/redhat/SRPMS/BestCrypt-0.3b-1.src.rpm

    Simply install the binary RPM with a:

    #rpm -Uvh /usr/src/redhat/RPMS/i386/BestCrypt-0.3b-1.i386.rp m BestCrypt ##################################################

    If you do not have an RPM based system, or the source RPM doesn't work for you, compiling the source code directly from it's tarball should be possible. Simply download the file, unpack it to an appropriate place (such as /usr/local/src) and issue the commands:

    #make #make install

    And you should be up and running. The first step is to create a container (a file that is encrypted and mounted as a partition):

    # bctool new -a blowfish -s 10M file Enter password: Verify password:

    You can of course use the "gost" or "des" algorithms, I would not recommend them as gost is less tested then the "twofish" and "blowfish" algorithms that BestCrypt supports, and single des is to easy to brute force. The next step is to format the container, you'll probably want to use msdos if sharing with Windows (i.e. a dualboot Linux and Windows machine), or if just Linux then ext2 is a good bet. You can also specify the size, if you make it so small this can be a problem, but because it is a file and not a true partition you can easily create a new, larger file, move all the data to it and use it instead of the older smaller one.

    # bctool format -t ext2 file Enter password: mke2fs 1.15, 18-Jul-1999 for EXT2 FS 0.5b, 95/08/09 Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 2560 inodes, 10238 blocks 511 blocks (4.99%) reserved for the super user First data block=1 2 block groups 8192 blocks per group, 8192 fragments per group 1280 inodes per group Superblock backups stored on blocks: 8193 Writing inode tables: done Writing superblocks and filesystem accounting information: done

    Once the file is formatted you should be able to mount it:

    # bctool mount file /root/crypt/ Enter password: # df Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda1 3122956 70596 2893720 2% / /dev/hda2 2917360 24224 2744940 1% /crypto /root/file 9909 13 9385 0% /root/crypt

    As you can see it is mounted as a part of the filesystem, just like a floppy disk would be for example. Remember to control access to the directory hosting the encrypted files carefully, no matter how good the encryption, if you have it set world readable you won't have gained any security. Also remember that as a user, root owns the / and can take ownership of any file or directory and see what's in it. Alternatively if an attacker gains root access they can log your keystrokes (or terminal traffic) and gain your password (and access to your files). As always your security is only as good as the weakest link.

    PPDD

    PPDD [slashdot.org] is similar to BestCrypt, but instead of creating a file, encrypting that and mounting it, it actually uses a partition which is encrypted and mounted using the PPDD driver, because of this it can do a few additional things BestCrypt can't. If you only want to encrypt a few directories then I advise compiling PPDD as a kernel module, but if you want to encrypt the entire file system (including what you boot from) you will need to compile PPDD directly into the kernel (although as of 1.0 it's not to hard). Unless you have a GPL only policy I would recommend using BestCrypt if you are new to this (it is easier to install and use, and you can buy support). PPDD does have one enormous advantage over BestCrypt however, you can encrypt all of the system, including the boot drive and swap partition, making it ideal for situations such as laptops with sensitive data and minimizing the risk (to zero if need be) of accidentally leaving sensitive data in an unencrypted location (such as the swap file, /tmp, and so on) so if you need a higher security level I would recommend PPDD over BestCrypt (simply because you can encrypt everything). Another advantage of PPDD is that is uses two passwords instead of just one for each encrypted filesystem, so you can give one administrator one password, and another administrator the other password, meaning no single person can gain access to the data. Unfortunately as of the writing of this chapter PPDD is not available for kernel 2.2.13 or 2.2.14, so you will have to run the older 2.2.12 kernel (which is the stock kernel on many distributions in any case).

    Download PPDD, and unpack it in a suitable location, such as /usr/local/src/, there are several files you should read, most notable the README file, and once done install I would recommend reading the PPDDHow.txt file. Installation is rather simply with:

    #make check_linux #make trial_patch #make apply_patch #make devices

    This will first test the kernel source to make sure it's the right version and so on, then it will test the patches, then apply the patches proper, and then create the devices needed (similar to what BestCrypt does). At this point you need to recompile your kernel, first make sure you go into the configuration (via make config or make menuconfig or make xconfig), and enable the PPDD driver (in the Block devices section). Then save the config file and recompile the kernel as your normally would. Once that is done you will have to install the new kernel (copy it to /boot typically, edit lilo.conf and rerun lilo). Once you have rebooted you will want to build the tools for PPDD and install them with:

    #make #make install

    At this point you should be ready to use it, however I would recommend running the tests with:

    #make test

    They take a while to run, but it will save frustration later on if something is broken. Using PPDD is relatively simple, there are a number of utilities for creating, managing, encrypting file systems, and so on. You will also want to set the permissions and ownership on the /dev/xxxx that contains your encrypted data so that only root has access to it, PPDD will complain otherwise

    #chown root:root /dev/hda3 #chmod ugo-a /dev/hda3 #ppddinit /dev/ppdd0 /dev/hda3 #ppddsetup -s /dev/ppdd0 /dev/hda3 #mke2fs -b 1024 /dev/ppdd0 #mount /dev/ppdd0 /crypt

    At this point you should have a directory called /crypt which is /dev/hda3 (although on df and the like it will show up as /dev/ppddx). I will cover how to encrypt you entire filesystem with PPDD, at a later date however (it is extensively documented though).

    Guardbot

    Another new possibility is Guardbot [slashdot.org], which password protects www pages. Essentially there are two components, an applet that encrypts the data, using DES (56 bit keyspace), and an applet that will decrypt the data with the password you provide. The advantage of this over traditional server based methods of control (such as htaccess in Apache) is that the user manages it fully, and can protect each file individually without much setup. To fully take advantage of the keyspace available your password must contain upper and lower case letters, numbers (and punctuation marks, but this can confuse users) of around 10 letters, however since people tend to choose less then random passwords a longer password then this is advisable. This program would be useful for getting files to other people cheaply (simply sign up for some free web space, post the file up, and get the password to the other person securely).

    Hiding files and data on your computer

    It is no longer enough in some countries to encrypt your data to prevent access to it. Recently in Britain a law was created making it a criminal offence to refuse to give up encryption keys or plain text versions of encrypted data.

    StegHide

    StegHide hides data in files such as sound and picture files where not all of the bits in a byte are used. Since the data is encrypted it will appear random, and proving that the data is actually there is difficult. The only downside is to store a one megabyte file you need a sound/picture file of several megabytes, which can be cumbersome (but hard drives and high speed access are becoming cheap so it's a moot point). You can get StegHide at: http://www.stego.com/ [stego.com].

    StegFS

    Steganographic File System actually hides data on your harddrive, making it difficult to prove that it even exists. This can be very useful as the attacker first has to find the data, let alone break the strong encryption used to protect it. You can get StegFS from: http://ban.joh.cam.ac.uk/~adm36/StegFS/& lt;/a> . [cam.ac.uk]

    OutGuess

    OutGuess hides data in image files, meaning you can send files in a way that won't attract to much attention (and can't really be prooved either). You can get it from: http://www.outguess.org/ [outguess.org].

  • [USA question] If Feds sieze all my hardware and demand the password to mount that 1GB encrypted file system, do I have any legal protections? Does the 5th amendment prohibiting me from being forced to testify against myself prevent be from being legally required to give up the password? What about simply claiming to have "forgotten" it? And if, as a result, Feds can get no incriminating evidence, can they prosecute me based on what "might" be in that file?
  • Oh no, they have ways of making you talk! (Or in this case, of making your hard drive talk)
  • Wow. The HOWTO contained a link to a summary of crypto law thruout the world. Quite a resource, and definitely something that anyone contemplating this technique ought to be aware of. Here's the link [cwis.kub.nl].
  • encrypting everything is useful.. but remember anyone can gain access to your machine with a large caliber handgun and easy access to your head.

    That's not the point. I'm looking into filesystem crypto for my laptop, not for fear of them (insert your favorite governmental boogeyman here) but because the thing holds my private key, access info for a bunch of remote systems, private information, email that can be potentially sensitive for my clients, etc.

    So if I loose the thing, I don't want that data to be accessible to whoever stumbles upon it.

    Now for encrypting your home box, unless you live with the hacker from outer space or work for Echelon, there isn't much point...

  • Full sorce code is available on the website
  • Are you telling me that law enforcement needs to get a search warrent for every box in the world? That sounds nuts. If there's a search warrent for someone's house, you can bet that everything in the house can be searched. Ledgers, PC's and mayonaise jars can all be searched. If not, something should be changed.

    Yes, everyone is innocent until proven guilty. That's why search warrents should only be given out for good cause even though this helps criminals hide. The key word is reasonable. The protection is more than one branch deciding what reasonable is and a public proof that can be questioned. Once convicted, however, you have no rights. You will be fined, imprisoned or even killed, oh my.

    In any case my main point was that the use of encryption to hide criminal activity is not something we should be happy about or advocate anymore than we advocate criminal activity.

  • There are no electromagnets strong enough existing today to completely erase a harddrive. Moron!

    Oh, that must be why my hard disks keep filling up. The write head is unable to overwrite the contents of a sector, so instead it has to find one that has never been used before.


    ---
  • The other is that for many public-key systems (if not all?), you'd need one version of each file for *every* private key meant to decrypt it, which in some settings might be a bit much if one runs into problems assigning groups.

    Actually, the message is encrypted with a session key, and the session key and a message hash is encrypted to a public key and tacked onto the message.. You can tack as many encrypted session keys and hashes to the message as you want, they aren't big at all... The bulk of the message is encrypted with a single session key.
  • I don't know about you, but this guy definitely wasn't too bright. He needs to take a tip from OC'ers, and learn to dump the heat.

    Where, you might ask?

    Well, if I was growing MJ, and wanting to dump the heat in the least expensive, but most innocent looking way, I would build myself a large swimming pool, preferably with one end for diving (>10 feet deep). After digging the hole (but prior to the cement pouring), I would lay copper tubing coils all over the bottom, bringing the taps up near the pumps. I would set up an extra pump, and a heat exchanger to wherever my growing area was at, insulate the hell out of everything (to make sure heat doesn't escape through the walls or ceiling), install some nice air circulators to circulate the air through the heat exchanger, then pump a brine/antifreeze mixture through the whole thing. I might even go so far as to build a "spa" to monitor ambient vs. cooling pond (for that is what the pool would be) temperatures.

    Heh, who'd of thought there would be a need to put a heatsink on your MJ growing op?

    I support the EFF [eff.org] - do you?
  • The two cases are not as related as you think. One method of search is broad and the other is specific. The hot roof search sounds reasonable. A person standing on a hill could see all the hot roofs in town at once. The interferometer, or modified helioscope, is just as invasive as a phone tap. It is specific and a judgement has already been made. Why did the police decide to stop at that house? We can expect that our conversations will not be heard through our walls on the street. We can not expect to hide our roof from the sky.

  • QOTD:
    Hey, your box is stable, why not mix it up a bit?

    HAHAHA! Famous last words, Taco!!
  • "That's not the real key, that's the duress key! Give me the real key!" *thwack*

    "But Boris, that *was* the real, final key! I swear there aren't any other keys for that drive, I swear!"

    You can't have it both ways...
    --
  • You got caught with evidence of criminal activity in plain sight, and I'd be glad. Unreasonable search and seizure laws are designed to protect people against government meddling and other abuses
    Speaking of unreasonable searches, the US Supreme Court [supremecourtus.gov] is now considering Ky llo v. U.S., 99-8508 [cnn.com], which will decide whether police helicopters hovering over your house pointing an infrared sensors at your roof constitutes a search or if they can just do it for the hell of it.

    I'm just mentioning this because it's amazing how many technological innovations become the tools used to invade privacy. I mean, if it's okay for them to point an infrared sensor at your roof, is it okay for them to point a laser interferometer at your window to see if anyone inside is talking about drugs? It's non-invasive, right? They didn't actually enter your premises, right?

    All this ties in so well with the EU/US anti-privacy treaty [slashdot.org] in the works.

    --

  • Re:StegFS sounds awesome... But... (Score:3)

    by jeti+ ( 135357 ) on Wednesday September 27, 2000 @09:48AM (#751693)
    Isn't there a way to have some combination of encryption and compression so that a file has two keys, one returns benign data and the other returns the real contents?
    Using two different steganographic algorythms (or at least keys) in a same file? You would only need to choose the bits to hide the information so that they won't overlap.

    An oversimplified example would be that if you hide information in an (uncompressed) .wav file, you store information A to the lowest bit of the left channel and information B to the lowest bit of the right channel.

    For this kind of operation you should propably choose a big file with plenty of 'insignificant' bits to choose (like MPEG video) so it would be easy to explain why you didn't use every possible bit to store data.

  • Unfortuantly the way I understand it your supposed to hand over ALL keys and if they suspect you haven't (note: suspect not prove) then go to jail rules apply. Oh the bit about not telling anyone - what about your lawyer?
  • If you're the target of a Federal investigation and they really want you, they have all the flops in the world to devote to cracking your data. If it's a local bust, don't expect them to know what a hard drive IS, but they may hire a consulting company to do the work for them...
  • Comment removed based on user account deletion

  • Great for Laptops / Handhelds (Score:5)

    by Xunker ( 6905 ) on Tuesday September 26, 2000 @07:16PM (#751697) Homepage Journal
    This is a great thing for those of use that use laptops on a daily basis and hope to use use *nix-based handhelds soon... at least here in the USA... to keep over-zealous law-enforcment officials at bay;

    Now, IAMAL[?] [everything2.com], but here is how I got it explained to me: Items on your person fall under the dictates of law governing search and siezure. If you have a cabinet in your home, the police are allowed to search is if they have probable cause; but if you have a safe in you your home, you are not required to volunteer the combination to it without a subpeona. Goes the same for passwords and crypto, too, AFAIK. They can put me in the squad car, but until they get a court order, I don't have to tell them the password to my PDA or my GPG/PGP secret key passphrase.

    This is a good thing, because an over-zealous officer could start dinking around on you laptop and find some incrimitation evidence (violating S&C Law), but tell the judge that he found 'by accident'. Who is the judge going to believe? But if you have it all locked up tight, nothing short of a circuit court judge can force you to unlock it.

    And please not my gratuitous use of the phrase 'over-zealous'. The VAST majority of law officers are decent human beings - its just those choice few emmy-award winners that makes everyones life hell.

    At the very least put a pasword on your PDA, laptop, and modified-laptop-car-MP3-Player. Especially the MP3 player -- Ms. Spears would be so pissed if she found out I downloaded all 50 remixes of "I'm a closet dyke" off Napster :)
  • One comment on the personal search and seizure laws: It all depends on your jurisdiction, and what the cops can convince the judge of. Again, like with most cops, most judges are pretty cool about such things, but some judges, especially the technologically inept ones, really frown on some of this stuff, and are just looking for ways to broaden the scope of the law.

    While that kind of thing can be overturned on appeal, by that point it may be too late, especially reputation-wise. A simple, but not always easy to follow rule is "Never put anything on the laptop (or PDA) that you're not ready to have read by anyone." If it means that you have to store your secure files or porn pics somewhere else, so be it, but PDAs and laptops are a lot more accessible and much more easily stolen.

    Kierthos

  • Crypto Progs (Score:3)

    by digitaltraveller ( 167469 ) on Tuesday September 26, 2000 @08:33PM (#751699) Homepage
    There is an excellent open source Winblows encryption program called scramdisk. (www.scramdisk.clara.net) I believe they are porting it to linux. The nice thing about it is it mounts a file as a partition, and it's simple enough to back up that file so you don't have to worry about data integrity issues preventing you from decryption. I haven't read the howto yet but I hope it works the same way.....Rather then actually partitioning off part of the disk geometry.

  • The Ultimate in Hard Drive Encryption (Score:3)

    by nihilogos ( 87025 ) on Tuesday September 26, 2000 @09:09PM (#751700)
    Even the purpose of this software is cunningly disguised.

    Masquerading as a set of utilities for mounting an ext2 partition from MS-DOS, Ltools [fht-esslingen.de] is guaranteed to make your linux filesystems completely inaccessible to anybody.

    One of the most glaring insecurities in most disk encryption systems is the user themselves. They may simply be threatened with hot lubricating jelly and will reveal the all important encryption keys. Not so with Ltools - even the user is unable to retrieve the information once it is encrypted.

    Simply install the Ltools package on your windows partition and then type 'lmkdir etc'. I did this yesterday and believe me, there's no way anybody's accessing my root filesystem!

  • Pr0n (Score:1)

    by crovax ( 98121 )
    This will be good for keeping other family members outa my pron
    windoze: Error reading drive. Format? yes no
    -----
    If my facts are wrong then tell me. I don't mind.
  • In such cases, you'd probably end up dead anyways.

    - Steeltoe

  • Re:The Ultimate in Hard Drive Encryption (Score:1)

    by Anonymous Coward
    I realize this is a joke, but StegFS for Linux will give you plausible deniabliity, i.e. youcan give them some of the passwords, just not all ofthe passwords, they will never know there are more passwords.
  • What about a de-crypt/delete option? i.e. you encrypt the drive. There are 2 different commands (or command arguments). One just decrypts the data. The second, decrypts the data, but while doing so, deletes/rewrites a bunch of times the drive/data. That way, if you have to give your key to someone, or they ask you to decrypt it, you can without worrying about exposing sensitive data, because it is effectively gone. Is there a reason that wouldnt work?
  • OK. The Regulation of Investigatory Powers act is the law in question. Under it:
    • If you don't hand over your private keys, you face two years in jail.
    • If you tell anyone about the insident, you go to jail for FIVE years.
    • ISP's are responsible for buying the gear to perform the monitoring.
    • And ALL net traffic either coming from or going to a British site go through MI-5. (That's like the NSA with FBI-like police powers for an American analogy.)
    So, for example, if I worked as a sysadmin for a company with encrypted hard drives, and MI-5 drops by and demands the hard drives be opened, and I say, "I can't do that. The information on our encrypted systems are classified.", I get to go to a British jail for 24 months. If I have the audacity to report the incident to the CTO (or whoever is in charge of our IT), I could go to jail for 5 years, and be so far behind the SOTA (State Of The Art) I would need at least a year to recover to be employable! So, I say that we push to screw Britain for screwing us.
    • If you have a email box in a .uk domain, inform the owners that you wish your account terminated and your files wiped.
    • If you check out the BBC, ITN News, or the Financial Times, you should stop visiting their websites.
    • Scrap arrangements to visit the UK.
    • Inform companies that are contemplating European expansion that the UK is anti-business because of the RIP act.
    • And most importantly, actually tell people why the UK should be given the Internet Death Penalty.If the Home Office can't trust its citizens with their own affairs, then we shouldn't help them.
  • One problem with carrying out this form of encryption in the UK is RIP. (Rsomething of Investigatory Powers Act). Under RIP you can be forced to handover your private keys to the Police if they demand you do so. If you don't go directly to jail - do not pass go - lose all your hardware. The one problem with this the Police don't need to prove you have illegal content, just suspicison - and the encryption itself can be taken as reasonable grounds.
  • Offhand, I'd have to wonder how the keys themselves would be stored/accessed, as that might be the weakest point -- perhaps a magstripe card reader? Or -- is rice paper scannable? (Heh.)

    The other is that for many public-key systems (if not all?), you'd need one version of each file for *every* private key meant to decrypt it, which in some settings might be a bit much if one runs into problems assigning groups.

    Root could easily be given access under such a system by always having one copy encrypted using the root key, or alternately, key escrow, if it were critical that root have such (Not necessarily, say, for an ISP admin, but perhaps for a system with classified material...).
  • I>This is a good thing, because an over-zealous officer could start dinking around on you laptop and find some incrimitation evidence (violating S&C Law), but tell the judge that he found 'by accident'. Who is the judge going to believe?

    I'm going to believe the officer. You got caught with evidence of criminal activity in plain sight, and I'd be glad.

    Unreasonable search and seizure laws are designed to protect people against government meddling and other abuses. As a side effect, criminal investigations can be more difficult. You forfeit those rights, however, when you engage in criminal activity also known as violating the rights of others for your own benefit. Once a good reason to search you is publicly established, you will be searched and there is nothing unreasonable about it. I hope the police crack your PDA, just like detectives used to figure out the secret code in a pimp's little black book.

    That encryption might shield criminals is a downside that we will all just have to live with. It's not something that should be celebrated.

    This whole thread is off topic.

  • *shrug*

    Couldn't they just image the disk first?

    The other is that they'd probably *ask* you for the passphrase and record it. Why should, say, Feds, let you use the computer (and if they DID, they're well aware of things like TEMPEST ELINT and whatnot)? They'd do the study of it...

    Then they nail you for destruction of evidence / obstruction of justice, make another copy, and ask again. You'd have the option of increasing your sentence as much as you like.
  • Make a plausible (legal) replacement for what was encrypted, use chaffing to place both items in the same file along with a bunch of other random garbage, and when they ask for the passphrase, give them the one that decodes the file to the birdwatching tapes you've been recording.

    If you do it properly they won't be able to prove there's any other data there. There's not much to tell them it's 32x chaff instead of 64x chaff.

  • One of the nicer things with CFS is that it doesn't require a dedicated, pre-allocated chunk of space ahead of time. I use it all the time for personal stuff (like GnuPG keys, documents etc.), and don't need to worry about using up some pre-set size limit or wasting tons of space.

    It's nice too to be able to burn a CD of the encrypted files, along with a plain-text directory containing the crypto software, and not have to worry about who finds it. :-)
  • Why isn't this moderated up???
  • Not unless you are trying to make money by distributing coppies of your had disk. Sorry.
  • Methinks Neal got ahold of the HOWTO a while back, since everybody @ Ephryite (sp?) had their lappys encrypted.

    .siglost
  • From experience, this can be fun, but it annoys other people who want to use your hard drive. Also, if you use the method I used (single files acting as partitions on local loopback) you can only have 2 gigs per pseudo-partition, and if you want more loopback devices you need to modify your kernel. Also, having to type in passwords when you boot can be a pain. But, overall, its still pretty nifty to be able to say that your mp3s are encrypted with 128 bit blowfish encryption ;) - Rei
  • "The other is that for many public-key systems (if not all?), you'd need one version of each file for *every* private key meant to decrypt it, which in some settings might be a bit much if one runs into problems assigning groups"

    This isn't how public-key crypto is usually done, and nor is it at all how Leknor suggested it. You generate a random key with which you encrypt the file. One key for the file! Then you take that key and encrypt it with the public key of the file's owner and the file's group (each group would have a public/private key pair). For each group on the system, you encrypt the group's private key in each of its member's public keys.

    Then, when a user logs in, s/he can decrypt the decryption keys for files s/he owns, and the private keys for the his/her groups. With the group private keys, s/he can decrypt the decryption keys for files that s/he has group access to.

    So the overhead is in storing a public key for every user and group, the private key for each group encrypted with the public key of each of its members, and for each file, two copies of the decryption key for that file, one encrypted in the owner's public key, one in the group's public key.

    So you lose a couple kb per file, and (very generously) a meg for the user/group database if you have a system with several users. A system like sourceforge which has zillions of users would have several megs of overhead, but such a large system isn't likely to notice that with it's many many gigs of disk space.
    -Matt
  • This really isn't too new, but it is cool for smaller scale uses. You can just encript one partition, and of course, it's nice to have that partition be your own personal /home/myusername ;-)

  • Never gonna be as good as thermite. (Score:3)

    by bnolan ( 117649 ) on Tuesday September 26, 2000 @06:04PM (#751719)
    When the NSA take my machine away - I'm not gonna be puttin' no trusting in no Blowfish / RSA1024 / whathaveyou.

    Nope - never gonna feel truly safe until I got a big block of thermite tied to my hard drive and the dead-mans trigger in my left hand. :)

    Win32 Napster Client. [geocities.com]

  • WOW! (Score:4)

    by clinko ( 232501 ) on Tuesday September 26, 2000 @06:09PM (#751720) Journal
    This is great Now I can spend hours encrypting everything I own. First I'll Start with all my disks then i'll do my network and then i'll realize that my life is an empty shell.

    1 year later:
    Why god do i have to encrypt everything? WHY!?
    I remember when it all started. It started with the disks, then i lost my job, then i lost my girlfriend, and i lost what life i had.

    DAMN YOU Linux Encryption HOWTO! DAMN YOU STRAIT TO HELL!!!

  • No need thanks to the DMCA (Score:2)

    by Anonymous Coward
    Why bother? Isn't any linux box password protected by a salted DES-based crypt function? Accessing the hard-drive contents -- even by physically transfering the hard-drive to another machine -- would be a clear circumvention of the access control measures which, as you well know by now, is illegal under the DMCA.

  • Re:WOW! (Score:1)

    by pb ( 1020 )
    *ROFL*

    I couldn't have said it better...
    ---
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
  • Woohoo. Totally agree. Now I have something to do next Friday night! :)


    __

  • Data Integrity (Score:4)

    by Th3 D0t ( 204045 ) on Tuesday September 26, 2000 @06:43PM (#751724)
    I would install an encrypting filesystem but for concerns of data integrity, performance, and validity.

    What if my filesystem were to go down? I could never recover my data. In addition performance would be hindered severly by the blocking overhead of the encryption and decryption (which is essentially the same exponential operation backwards and forwards).

    Until someone develops a hardware solution, I have to say, "no thank you."
    ---

  • I know this has been aroud for an increadibly long time...

    ftp://research.att.com/dist/mab/cfs.ps

    and I think they have also built a kernel module to do it at the kernel level (cfs looks like an NFS file mount, to get around all that nast kernal stuff), but I don't have the time to go hunting for it...

    Yet another 'feature' that is Brand New(tm) now that Slashdot has 'discovered' it.

  • StegFS sounds awesome... (Score:4)

    by Booker ( 6173 ) on Tuesday September 26, 2000 @06:47PM (#751726) Homepage
    I love the idea of StegFS -

    StegFS is a Steganographic File System for Linux. Not only does it encrypt data, it also hides it such that it cannot be proved to be there.

    You know it's hard core when the docs refer vaguely to the ability to keep data secret in the face of torture. 1024-bit public-key encryption is all well and good, but threaten me with a glass rod, and I'll hand that key right over. Plausible deniability is where it's at! :)

    ---

  • Sorry the blowfish encrypted swap filesystem is in OPENBSD...

    Also check out TCFS http://tcfs.dia.unisa.it/group-sharing.html

  • encrypting everything is useful.. but remember anyone can gain access to your machine with a large caliber handgun and easy access to your head.

    Still fun enough to give it a look though...

  • What I think I'd like to see... (Score:3)

    by Leknor ( 224175 ) on Tuesday September 26, 2000 @07:37PM (#751729)
    I'm not a crypto person but why not something like this:

    Each file is encrypted with a key that is then encrypted with the public keys for the user and group and maybe unencrypted if everybody has privilages.

    Then when a user logs in his private key is decrypted and the private keys for the groups he belongs to is decrypted with his private user key.

    Then with all the private keys the user can decrypt the keys that decrypt the files.

    I'm sure there are holes in this, so please tell me. All I know is what i've learned from reading about PGP, SSH, and CSS (hope I don't get sued for learning) and that isn't much. The only drawback I see is maybe a file could be out of the reach of root, but that isn't a drawback IMO.

    Leknor

  • Now I can keep the "wifey" videos on the harddrive!
  • For those that never experienced the heyday of disk compression utilities (e.g., M$'s doubledisk and the other tool that it ripped off) and had it crash I say: watch out.

  • To take this inverse (Score:3)

    by Felinoid ( 16872 ) on Wednesday September 27, 2000 @12:20AM (#751732) Homepage Journal
    One day my Boss takes a look at my computers hard disk.
    Yeah sure it's secure but the disk isn't encrypted and I'm really lucky to have a boss who knows Unix.
    Oh and I keep a Linux CD handy in case I need to restore my computer from a nasty crash.. how smart of me...

    Apparently my Boss dosn't share my intrests in techno advocacy.. the DVD DeCSS directory means.. I'm out of work...
    Oh well...
    So I get home.. my girl friend isn't quite so tech savy as I am but I'm allways teaching her stuff...
    Hay she learned a new trick on her own today..
    I mean now that I'm out of work my computers at home.. so she started tinkering around..
    I never did give her much access so she picks up the cd..
    the dam porn directory...

    Now I have no girlfriend...

    Mom wants to use the computer.. she's pritty tech savy... learnned CP/M way back and had access to a PDP11/70 when I was still a kid...

    But sadly all her equipment is obsolete... Commodore Pets.. Apple IIs.. She wants to use my Linux box while I'm out looking for work...
    Thats ok.... hmmmm

    Encryption HowTo... yeah Mom would he happy to have her network connection encrypted.. (I'll just encrypt all my personal files while I'm at it)

    Please note.. the above is fiction.. my boss dosn't look at my computer and I can't get my GF to even consider Linux...
    I don't have a porn directory and I keep DVD DeCSS on a ZipDisk...

  • Re:Data Integrity (Score:4)

    by avorpa ( 115504 ) on Tuesday September 26, 2000 @07:44PM (#751733)
    A few objections:

    1: The encryption works at a different level from the filesystem. If the filesystem gets corrupted, you can still decrypt the data, and you will be in the same position you would be if you didn't use encryption at all. Of course if you forget your password you'll never get the data back, but thats the point.

    2: And the blocking overhead? All the algorithms in the patch have 64 or 128 bit block size. This is far less than the size of a disk block, so i wouldn't be worried.

    3: There is no exponential operation. You are thinking of RSA, which is a public key algorithm. Public key algorithms have longer blocks and are slower than private key ones. They are necessary when you want anyone to be able to encrypt, but only you to be able to decrypt. Seeing you don't need this for disk encryption, private key algorithms are more appropriate.

    4: There are many hardware solutions, but they are generally designed for network encryption. Presumably you could write drivers to get them to do the computation for the disk encryption. Anyway, the processing isn't the main thing killing performance: twofish runs in 17 cycles per byte. The performace killer is that it works through a loopback device, which makes readahead and caching less efficient (i think thats the problem, but i'm not entirely sure about this).
  • For obveous reasons I have an antiCoke sheald around my computer...
  • I am leaving my local encryption until the imminent release of Scramdisk [clara.net] for linux - that way I will be able to open the *same* encrypted data under Win9x too. Currently, I can only really do that with PGP....
    --
  • Why thermite?
    C4
    a very strong electromagnete
    a bottle of coke

Slashdot Top Deals

A complex system that works is invariably found to have evolved from a simple system that works.

Close