[Gllug] To encrypt or not to encrypt . . . at install time?

Dan danthegeekman at googlemail.com
Tue Dec 1 09:32:01 UTC 2009


On Tue, Dec 1, 2009 at 12:04 AM, Tethys <sta296 at astradyne.co.uk> wrote:

>  Yes, but there's still an argument for multiple levels of encryption.
> Is that even still supported? In the old days, there was a filesystem
> called rubberhose that was explicitly designed to give plausible
> deniability. Does an equivalent exist today? Only the first level
> would be decrypted under normal use. Then if you want to access your
> more confidential information, you decrypt and mount that, do your
> work and then umount it again, so the attacker would need to get in
> during the (hopefully short) period of time where that filesystem
> was decrypted and mounted.
>
> Tet
>

Truecrypt will allow hidden volumes.  Works very well.
http://www.truecrypt.org/docs/plausible-deniability

On Monday 30 November 2009, Justin Perreault wrote:
> It's much easier to do it at install time, but remember that you'll need
to
> enter the key for each encrypted partition each time the machine boots - I
> have the /home partition on my laptop encrypted, but not the system itself
(I
> used to, but entering two keys was a PITA and then there were troubles
when
> it came time to use a boot disk for maintenance ...)

There are ways of using just one password.  With keyfiles stored on the
first decrypted partition.
http://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile
http://ubuntuforums.org/archive/index.php/t-837416.html

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20091201/c8ee6e6e/attachment.html>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list