Author Topic: Encrypting your hard drive (for noobs) (Read 940 times)

zahc · « **on:** June 04, 2010, 09:30:42 PM »

I installed a virtualbox linux at work, because while I can use Windows if forced, I can't be WITHOUT linux. I mean, what if I want to do something? Anyway, the latest Ubuntu (which I have never successfully installed before) asked me if I wanted to encrypt my home partition, and since I had nothing to lose, I said yes. And that was it. Nothing else happened. I just logged in as normal when I rebooted after the install. So I am quite confused about what actually happened.

After I logged in, the system helpfully told me that I could view my encryption passcode now, or do it later by running $somelongcommand and entering my password. I ran $somelongcommand, entered my password and got this giant thing like this: 8872f92xas2238457oh48 or something. I didn't write it down.

I assume this giant passcode is key-generated from the system password. But, if that's the case, I see several problems. First of all, the encryption can only be as strong as your system password, and could be cracked by brute-forcing it. Second, then can I never change my password again, or what? What if my password is compromised and I have to change it? I can't just instantly switch the encryption to use a different passcode, right?

Perd Hapley · « **Reply #1 on:** June 04, 2010, 10:29:54 PM »

I also got tired of those kinds of problems with Ubuntu. Try Windows. http://store.microsoft.com/microsoft/Windows/category/1

tyme · « **Reply #2 on:** June 04, 2010, 11:02:30 PM »

Quote from: zahc on June 04, 2010, 09:30:42 PM

After I logged in, the system helpfully told me that I could view my encryption passcode now, or do it later by running $somelongcommand and entering my password. I ran $somelongcommand, entered my password and got this giant thing like this: 8872f92xas2238457oh48 or something. I didn't write it down.

I assume this giant passcode is key-generated from the system password. But, if that's the case, I see several problems. First of all, the encryption can only be as strong as your system password, and could be cracked by brute-forcing it. Second, then can I never change my password again, or what? What if my password is compromised and I have to change it? I can't just instantly switch the encryption to use a different passcode, right?

Ubuntu uses eCryptfs.

It works by randomly generating a key, encrypting your home directory with the key, and then encrypting that key with your user password (I use "password" loosely... there's no reason it shouldn't be a passphrase on any modern system that can handle >>8 character passwords). Thus, it can re-encrypt the key if you ever change your user password.

edit... while the above is roughly correct, apparently eCryptfs is a bit more complicated than that... the randomly generated bit isn't a key used directly for encryption/decryption, but instead is a passphrase that gets hashed to generate two keys that are used internally by eCryptfs for different purposes: one to encrypt/decrypt file metadata, the other to encrypt/decrypt file-specific encryption keys.

Quote from: fistful

I also got tired of those kinds of problems with Ubuntu. Try Windows.

Nitrogen · « **Reply #3 on:** June 04, 2010, 11:28:10 PM »

http://www.linux-mag.com/cache/7568/1.html

Armed Polite Society

News:

Author Topic: Encrypting your hard drive (for noobs) (Read 940 times)

zahc

Encrypting your hard drive (for noobs)

Perd Hapley

Re: Encrypting your hard drive (for noobs)

tyme

Re: Encrypting your hard drive (for noobs)

Nitrogen

Re: Encrypting your hard drive (for noobs)