[SGVLUG] disk encryption

[Eric Hammond]

Claude:

The Ubuntu "alternate installer CD" lets you encrypt the entire disk
including swap with a single install choice.  I use this on my laptop
and desktop systems.

It does require you to enter a pass phrase when you boot, and I'm pretty
sure it has a somewhat severe performance impact, but the added peace of
mind is worth it, especially with a laptop.

Before this was available, I used cryptsetup and LUKS with a custom
recipe that took a lot of research to develop.

--
Eric Hammond



Claude Felizardo wrote:
> Is anyone familiar with encrypting hard disks or at least partitions? 
> 
> I've encrypted data partitions that contain say some of my personal
> music collection and don't want to risk unintentionally sharing music
> with other people at work.  My desktop is pretty well locked down but if
> someone where to reboot the machine, I don't want the stuff
> automatically available from the console.  I've used both mountloop and
> as well as using encryption=AES2048 in my /etc/fstab file.
> 
> Now I just heard about a program called truecrypt which sounds
> interesting.  Apparently even the partition table is encrypted so it
> appears to be a disk with random data.  Has anyone used it before? 
> There's a brief description on wikipedia.
> 
> For my backups at home, I now have a couple of bare drives that I rotate
> at work or at a relatives house so it's stored off site.  I'm wondering
> if I should be encrypting the data as it may contain personal data like
> old expense reports, etc.
> 
> Do people encrypt some of their partitions or do you encrypt the entire
> disk or what?  I'm getting ready to rebuild my file server at home and
> wondering which partitions I should partition or just the backups disks
> that get rotated off site.
> 
> And I'm not talking about what you should be doing, I'm asking what
> people actually do.
> 
> claude
>