Author Topic: Encrypting your hard drive (for noobs)  (Read 940 times)

zahc

  • friend
  • Senior Member
  • ***
  • Posts: 5,813
Encrypting your hard drive (for noobs)
« on: June 04, 2010, 09:30:42 PM »
I installed a virtualbox linux at work, because while I can use Windows if forced, I can't be WITHOUT linux. I mean, what if I want to do something? Anyway, the latest Ubuntu (which I have never successfully installed before) asked me if I wanted to encrypt my home partition, and since I had nothing to lose, I said yes. And that was it. Nothing else happened. I just logged in as normal when I rebooted after the install. So I am quite confused about what actually happened.

After I logged in, the system helpfully told me that I could view my encryption passcode now, or do it later by running $somelongcommand and entering my password. I ran $somelongcommand, entered my password and got this giant thing like this: 8872f92xas2238457oh48 or something. I didn't write it down.

I assume this giant passcode is key-generated from the system password. But, if that's the case, I see several problems. First of all, the encryption can only be as strong as your system password, and could be cracked by brute-forcing it. Second,  then can I never change my password again, or what? What if my password is compromised and I have to change it? I can't just instantly switch the encryption to use a different passcode, right?
Maybe a rare occurence, but then you only have to get murdered once to ruin your whole day.
--Tallpine

Perd Hapley

  • Superstar of the Internet
  • friend
  • Senior Member
  • ***
  • Posts: 61,539
  • My prepositions are on/in
Re: Encrypting your hard drive (for noobs)
« Reply #1 on: June 04, 2010, 10:29:54 PM »
I also got tired of those kinds of problems with Ubuntu.  Try Windows. http://store.microsoft.com/microsoft/Windows/category/1
"Doggies are angel babies!" -- my wife

tyme

  • expat
  • friend
  • Senior Member
  • ***
  • Posts: 1,056
  • Did you know that dolphins are just gay sharks?
    • TFL Library
Re: Encrypting your hard drive (for noobs)
« Reply #2 on: June 04, 2010, 11:02:30 PM »
After I logged in, the system helpfully told me that I could view my encryption passcode now, or do it later by running $somelongcommand and entering my password. I ran $somelongcommand, entered my password and got this giant thing like this: 8872f92xas2238457oh48 or something. I didn't write it down.

I assume this giant passcode is key-generated from the system password. But, if that's the case, I see several problems. First of all, the encryption can only be as strong as your system password, and could be cracked by brute-forcing it. Second,  then can I never change my password again, or what? What if my password is compromised and I have to change it? I can't just instantly switch the encryption to use a different passcode, right?

Ubuntu uses eCryptfs.

It works by randomly generating a key, encrypting your home directory with the key, and then encrypting that key with your user password (I use "password" loosely... there's no reason it shouldn't be a passphrase on any modern system that can handle >>8 character passwords).  Thus, it can re-encrypt the key if you ever change your user password.

edit... while the above is roughly correct, apparently eCryptfs is a bit more complicated than that... the randomly generated bit isn't a key used directly for encryption/decryption, but instead is a passphrase that gets hashed to generate two keys that are used internally by eCryptfs for different purposes: one to encrypt/decrypt file metadata, the other to encrypt/decrypt file-specific encryption keys.

Quote from: fistful
I also got tired of those kinds of problems with Ubuntu.  Try Windows.

« Last Edit: June 04, 2010, 11:15:20 PM by tyme »
Support Range Voting.
End Software Patents

"Four people are dead.  There isn't time to talk to the police."  --Sherlock (BBC)

Nitrogen

  • friends
  • Senior Member
  • ***
  • Posts: 1,755
  • Who could it be?
    • @c0t0d0s2 / Twitter.
יזכר לא עד פעם
Remember. Never Again.
What does it mean to be an American?  Have you forgotten? | http://youtu.be/0w03tJ3IkrM