Introduction |
||
| first | 1 of 9 | Step 0: Get the right cryptsetup |
This HOWTO shows you how to take a completely new hard disk and encrypt its entire contents using dm-crypt and LUKS. Actually, it's the partitions that are encrypted, not the disk itself (details below). So if you wish, you can make multiple partitions with different passphrases, or some not encrypted. With a bit of work, you can adapt these instructions to make an encrypted partition on an existing disk, possibly with some unencrypted partitions on the same disk escort service london. dm-crypt asks for a passphrase before you can mount the disk. This provides good protection against your PC getting stolen - once they reboot your PC, the thieves have lost access to your data. Throughout, I will use the 'cryptsetup' interface to dm-crypt. What is LUKS? See http://luks.endorphin.org/about. In simple terms, it's better encryption, but more importantly to the end user, it allows you to change the password for your disk, without requiring a very slow re-encode of the whole disk. You also have the option of having several different passwords for the same data. Note : if you want your encryption to defeat a full cryptoanalytic attack, not just casual snooping, you need to fill the disk with high quality random data. Badblocks below justs uses 'libc' random(), but is fast (your limitation will be disk speed, not CPU speed). /dev/urandom is better (takes about 5 minutes per gigabyte on my system), /dev/random is best (takes about 1 year per gigabyte on my system, much too slow!). | ||
| first | 1 of 9 | Step 0: Get the right cryptsetup |