Am 23.10.2023 um 12:04:35 Uhr schrieb Michael Kjörling:
> Encrypted /boot has been supported with GRUB 2 for a while. That
> leaves only a minimal portion of GRUB in plaintext on storage.
Although it is not default, so users should be aware that they need to
do additional steps to encrypt /boot.
On 23 Oct 2023 13:59 +0200, from m...@dorfdsl.de (Marco M.):
> Be aware that the boot loader and the /boot aren't encrypted by default
> and they can be attacked (e.g. simply place a tainted kernel inside) by
> anybody who has access to the harddisk.
Encrypted /boot has been supported with GRUB 2
Am 23.10.2023 um 12:53:14 Uhr schrieb lester29:
> 1. Does an encryption key on the USB protect against rubber-hose
> cryptanalysis?
No, the LUKS headers are viewable. You need another layer around that
supports hidden containers.
> 2. Is it true that key on pendrive is more risky than password
On 23 Oct 2023 12:53 +0200, from leste...@gazeta.pl (lester29):
> 1. Does an encryption key on the USB protect against rubber-hose
> cryptanalysis?
I don't see how it would. Presumably you would have access to it;
therefore that access could potentially be exploited through coercion
or torture. ht
Hi
I need to set up full disk encryption of the linux in my laptop.
Questions:
1. Does an encryption key on the USB protect against rubber-hose
cryptanalysis?
2. Is it true that key on pendrive is more risky than password because
someone can steal the usb key and access data without the need
sure (like Dove soap sure) that Symantec full disk
encryption doesn't work this way because I'm just as sure that none
of the Dell models I've ever worked with have this hardware
capability.
I have tested Intel 520 Series SSD's with self-encryption in two Dell
laptop mode
t;
>> I'm 99.99% sure (like Dove soap sure) that Symantec full disk
>> encryption doesn't work this way because I'm just as sure that none
>> of the Dell models I've ever worked with have this hardware
>> capability.
>>
>
> I have tested Intel 52
On 05/26/18 21:16, Paul Johnson wrote:
On Sat, May 26, 2018 at 7:21 PM, David Christensen
Have you considered a self-encrypting drive ...
I'm 99.99% sure (like Dove soap sure) that Symantec full disk
encryption doesn't work this way because I'm just as sure that none
of the D
On Sat, May 26, 2018 at 7:21 PM, David Christensen <
dpchr...@holgerdanske.com> wrote:
> On 05/25/18 11:55, Robert Dodier wrote:
>
>> I'm working with Debian 9. I gather that there is a full-disk
>> encryption option for the standard Debian installer, which, as
On 05/25/18 11:55, Robert Dodier wrote:
I'm working with Debian 9. I gather that there is a full-disk
encryption option for the standard Debian installer, which, as I
understand it, does not include encrypting /boot. ...
On 05/25/18 17:33, Robert Dodier wrote:
> I am workin
On Sat 26 May 2018 at 16:51:56 (+), Curt wrote:
> On 2018-05-26, Robert Dodier wrote:
> > On Sat, May 26, 2018 at 1:16 AM, Pascal Hambourg
> > wrote:
> >
> >> I don't know how Symantec's "full" disk encryption works, but AFAIK a boot
> &g
On 2018-05-26, Robert Dodier wrote:
> On Sat, May 26, 2018 at 1:16 AM, Pascal Hambourg
> wrote:
>
>> I don't know how Symantec's "full" disk encryption works, but AFAIK a boot
>> disk cannot be fully encrypted,
>
> Yes, this is an important quest
On Sat, May 26, 2018 at 1:16 AM, Pascal Hambourg wrote:
> I don't know how Symantec's "full" disk encryption works, but AFAIK a boot
> disk cannot be fully encrypted,
Yes, this is an important question -- what, exactly, is provided by
Symantec here, so that I can lo
ictly comparable to whatever is provided by Symantec full
disk encryption for Windows. If I can achieve that, I'll be in
business.
I don't know how Symantec's "full" disk encryption works, but AFAIK a
boot disk cannot be fully encrypted, unless the platform firmware can
er is provided by Symantec full
disk encryption for Windows. If I can achieve that, I'll be in
business.
It may be true that encrypted /boot is not really relevant, but I
don't want to try to argue with tech support staff that a system with
unencrypted /boot is close enough. I feel like it ne
On Fri, 25 May 2018 11:55:34 -0700
Robert Dodier wrote:
> Hello,
>
> I'm working with Debian 9. I gather that there is a full-disk
> encryption option for the standard Debian installer, which, as I
> understand it, does not include encrypting /boot. (The system I'm
>
Le 25/05/2018 à 20:55, Robert Dodier a écrit :
I'm working with Debian 9. I gather that there is a full-disk
encryption option for the standard Debian installer, which, as I
understand it, does not include encrypting /boot. (The system I'm
working on wasn't encrypted when it wa
Hello,
I'm working with Debian 9. I gather that there is a full-disk
encryption option for the standard Debian installer, which, as I
understand it, does not include encrypting /boot. (The system I'm
working on wasn't encrypted when it was installed, so the system would
have to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, May 31, 2017 at 02:02:37PM +0200, Прокси wrote:
[...]
> I followed instructions from this[1] link and it worked.
>
> https://stackoverflow.com/questions/19713918/how-to-load-luks-passphrase-from-usb-falling-back-to-keyboard
Thanks for the l
On 2017-May-29 21:17, to...@tuxteam.de wrote:
> On Mon, May 29, 2017 at 03:36:44PM +0200, Прокси wrote:
> > Hello,
> >
> > I have laptop where I set up full disk encryption following this
> > tutorial:
> > https://xo.tc/setting-up-full-disk-encryption-on-deb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, May 29, 2017 at 03:36:44PM +0200, Прокси wrote:
> Hello,
>
> I have laptop where I set up full disk encryption following this
> tutorial:
> https://xo.tc/setting-up-full-disk-encryption-on-debian-jessie.html
>
> It w
Hello,
I have laptop where I set up full disk encryption following this
tutorial:
https://xo.tc/setting-up-full-disk-encryption-on-debian-jessie.html
It works great, but since LUKS can have up to 8 key slots, I would like
to add another way to decrypt the laptop: key on a external usb. So, if
this. :)
Also, I have never built on an SSD...But the procedure is sound.
--b
On Sun, May 5, 2013 at 9:07 PM, Bob Proulx wrote:
> John Thoe wrote:
> > I am trying to set up full disk encryption for Debian. There are a
> > lot of options available and I cannot choose which one to us
Trim is disabled peer default for security reasons.
Cheers,
Chris.
green schrieb:
>John Thoe wrote at 2013-05-05 19:45 -0500:
>> For starters, I am using a laptop for SSD so I read that using LUKS
>> is not a good option since it disables TRIM.
>
>I am using cryptsetup, LUKS, and ext4 on a SS
John Thoe wrote at 2013-05-05 19:45 -0500:
> For starters, I am using a laptop for SSD so I read that using LUKS
> is not a good option since it disables TRIM.
I am using cryptsetup, LUKS, and ext4 on a SSD; TRIM seems to work.
At least, fstrim seems to work as expected. Note that this is with
wh
John Thoe wrote:
> I am trying to set up full disk encryption for Debian. There are a
> lot of options available and I cannot choose which one to use..
>
> For starters, I am using a laptop for SSD so I read that using LUKS
> is not a good option since it disables TRIM.
>
Hello debian-user,
I am trying to set up full disk encryption for Debian. There are a lot of
options available and I cannot choose which one to use..
For starters, I am using a laptop for SSD so I read that using LUKS is not a
good option since it disables TRIM.
Anyways, I came across this
On Fri, Nov 25, 2011 at 9:15 PM, J. Bakshi wrote:
> Hello,
>
> I am always interested in Full disk encryption for my laptop ( i5 + 3 GB ),
> but what makes me stop
> is the thinking of performance lag. Recently I have seen an ububtu laptop (
> i5 + 4 GB ) with full
> disk
On Tue, Nov 29, 2011 at 12:23:10AM -0700, Aaron Toponce wrote:
> ECB (electronic code block) out performs the other block ciphers,
> but it suffers from a pattern attack [1].
>
> 1. http://ae7.st/s/i.pr
My apologies on the short URL. It is the wrong one. Rather than copy/paste,
I just looked a
J. Bakshi wrote:
>
> Agreed, I also maintain some servers and the swap is on raid.
> I have faced disk failure on some servers and due to raid, I could
> successfully run the server with the single disk and change the
> bad disk with a 30 min. down time.
I am using RAID for more then 7 years now
Am Samstag, 26. November 2011 schrieb J. Bakshi:
> Hello,
>
> I am always interested in Full disk encryption for my laptop ( i5 + 3
> GB ), but what makes me stop is the thinking of performance lag.
> Recently I have seen an ububtu laptop ( i5 + 4 GB ) with full disk
> en
On Tue, 29 Nov 2011 00:23:10 -0700
Aaron Toponce wrote:
> Because this is a subject near and dear to my heart, I feel the urge to
> chime in.
>
> On Sat, Nov 26, 2011 at 10:45:29AM +0530, J. Bakshi wrote:
> > I am always interested in Full disk encryption for my laptop ( i5
Because this is a subject near and dear to my heart, I feel the urge to
chime in.
On Sat, Nov 26, 2011 at 10:45:29AM +0530, J. Bakshi wrote:
> I am always interested in Full disk encryption for my laptop ( i5 + 3 GB ),
> but what makes me stop
> is the thinking of performance lag. R
On Mon, 28 Nov 2011 10:24:55 -0700
Bob Proulx wrote:
> Rick Thomas wrote:
> > Another point about using a separate swap vs including swap on the
> > encrypted LVM: On a server, the LVM will almost certainly be on a
> > RAID. There's no point in putting swap on RAID.
>
> Strongly disagree. Th
Rick Thomas wrote:
> Another point about using a separate swap vs including swap on the
> encrypted LVM: On a server, the LVM will almost certainly be on a
> RAID. There's no point in putting swap on RAID.
Strongly disagree. The point of raid is to keep the machine running
in spite of a disk f
On Nov 28, 2011, at 8:48 AM, J. Bakshi wrote:
On Mon, 28 Nov 2011 13:15:59 + (UTC)
Virgo Pärna wrote:
On Mon, 28 Nov 2011 00:59:34 -0500, Rick Thomas
wrote:
Unless you are concerned about growing swap at some later date, you
should leave swap out of the LVM and encrypt it separately
On Mon, 28 Nov 2011 13:15:59 + (UTC)
Virgo Pärna wrote:
> On Mon, 28 Nov 2011 00:59:34 -0500, Rick Thomas wrote:
> >
> > Unless you are concerned about growing swap at some later date, you
> > should leave swap out of the LVM and encrypt it separately -- with a
> > *random* key.
> >
>
>
On Mon, 28 Nov 2011 00:59:34 -0500, Rick Thomas wrote:
>
> Unless you are concerned about growing swap at some later date, you
> should leave swap out of the LVM and encrypt it separately -- with a
> *random* key.
>
I think, that this would not work, if one wants to use hibernation. And
Rick Thomas wrote:
> Bob Proulx wrote:
> >The way I like to set up the system is to set up /boot in its own
> >partition on /dev/sda1. Then set up the rest of the disk in /dev/sda5
> >as a logical partition for an encrypted partition. Then use that
> >encrypted partition for one large LVM volume.
On Nov 26, 2011, at 2:00 AM, Bob Proulx wrote:
The way I like to set up the system is to set up /boot in its own
partition on /dev/sda1. Then set up the rest of the disk in /dev/sda5
as a logical partition for an encrypted partition. Then use that
encrypted partition for one large LVM volume.
On Sun, 27 Nov 2011 09:51:58 -0500
Brad Alexander wrote:
> What about your /etc/shadow file and other config files in /etc?
>
> As I said, I have been running LUKS + cryptsetup on a number of machines
> for years:
>
> my laptop, a C2D P9600 - Built Nov 2010
> my desktop, a C2D E4500 - (Re)built
On Sun, 27 Nov 2011 09:53:21 -0500
Brad Alexander wrote:
> You need your windows in an unencrypted partition. At that point, grub
> should detect it. You should have at least two unencrypted partitions --
> Your windows dual-boot and /boot...And optionally swap, but that would be
> separately enc
You need your windows in an unencrypted partition. At that point, grub
should detect it. You should have at least two unencrypted partitions --
Your windows dual-boot and /boot...And optionally swap, but that would be
separately encrypted.
--b
On Sun, Nov 27, 2011 at 8:18 AM, J. Bakshi wrote:
>
What about your /etc/shadow file and other config files in /etc?
As I said, I have been running LUKS + cryptsetup on a number of machines
for years:
my laptop, a C2D P9600 - Built Nov 2010
my desktop, a C2D E4500 - (Re)built 2007
backup server, a 2GHz P4 - (Re)built 2008
etc...
Nothing has faile
On Sat, 26 Nov 2011 09:11:14 -0500
Andrew Reid wrote:
> I've had an LVM/luks-encrypted root partition (includes everything
> except /boot, on various logical volumes) for several years on two
> different Lenovo Thinkpads, and while I've never done any benchmarks,
> I haven't noticed any perfor
On 2011-11-26, Brad Alexander wrote:
>
> That is the reason I encrypt the entire banana rather than trying to
> encrypt the peel.
Makes sense to me (I guess). I don't need to encrypt anything but my home
directory (certain folders). I think I could do all I need to do with
ccrypt, but I haven't
rad Alexander wrote:
> >
> > Hi,
> >
> > I have been using full-disk encryption on my laptop for several years
> over
> > several laptops. My current one is a Dell Latitude E6500 with a 2.66GHz
> > Core2Duo P9600 with 4GB of RAM, and the lag from encryption is not
&
On Sat, 26 Nov 2011 10:18:57 -0500
Brad Alexander wrote:
> Hi,
>
> I have been using full-disk encryption on my laptop for several years over
> several laptops. My current one is a Dell Latitude E6500 with a 2.66GHz
> Core2Duo P9600 with 4GB of RAM, and the lag from en
On 2011-11-26, Brad Alexander wrote:
>
> Hi,
>
> I have been using full-disk encryption on my laptop for several years over
> several laptops. My current one is a Dell Latitude E6500 with a 2.66GHz
> Core2Duo P9600 with 4GB of RAM, and the lag from encryption is not
>
Hi,
I have been using full-disk encryption on my laptop for several years over
several laptops. My current one is a Dell Latitude E6500 with a 2.66GHz
Core2Duo P9600 with 4GB of RAM, and the lag from encryption is not
noticeable.
The way I did it was from the installer. I created a separate (and
> Hello,
>
> I am always interested in Full disk encryption for my laptop ( i5 + 3 GB ),
> but what makes me stop is the thinking of performance lag. Recently I have
> seen an ububtu laptop ( i5 + 4 GB ) with full disk encryption and it is
> performing normal, haven't fou
On Sat, 26 Nov 2011 13:00:24 +0530
"J. Bakshi" wrote:
> On Sat, 26 Nov 2011 00:00:05 -0700
> Bob Proulx wrote:
>
> > J. Bakshi wrote:
> > > I am always interested in Full disk encryption for my laptop ( i5 +
> > > 3 GB ), but what makes me st
On Sat, 26 Nov 2011 00:00:05 -0700
Bob Proulx wrote:
> J. Bakshi wrote:
> > I am always interested in Full disk encryption for my laptop ( i5 +
> > 3 GB ), but what makes me stop is the thinking of performance
> > lag. Recently I have seen an ububtu laptop ( i5 + 4 GB
J. Bakshi wrote:
> I am always interested in Full disk encryption for my laptop ( i5 +
> 3 GB ), but what makes me stop is the thinking of performance
> lag. Recently I have seen an ububtu laptop ( i5 + 4 GB ) with full
> disk encryption and it is performing normal, haven't foun
Hello,
I am always interested in Full disk encryption for my laptop ( i5 + 3 GB ), but
what makes me stop
is the thinking of performance lag. Recently I have seen an ububtu laptop ( i5
+ 4 GB ) with full
disk encryption and it is performing normal, haven't found any lag...
So I am inter
Hello,
Arthur Machlas a écrit :
> I've built kernels without an initrd a number of times, but never
> before on a system with full-desk encryption. When installing Squeeze
> on a laptop I used the assisted setup and created a ful-disk
> encryption setup, that has a separate /boot partition, the re
I've built kernels without an initrd a number of times, but never
before on a system with full-desk encryption. When installing Squeeze
on a laptop I used the assisted setup and created a ful-disk
encryption setup, that has a separate /boot partition, the rest of the
disk LVM and whatever encryptio
Thomas Nguyen Van wrote:
Our company needs to encrypt hard drives on our machines running under Linux Debian Lenny.
http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
http://code.google.com/p/cryptsetup/
LUKS works on all machines, with or without cryptographic chipsets (e.g.
Intel Truste
El 2011-01-24 a las 10:51 +, Thomas Nguyen Van escribió:
(replying to the list)
> Morning Cameleon,
> Thanks for your reply to my initial post
You're welcome.
***
> Hardware based FDE that uses BIOS for unlocking the drive should be OS-
> independent and I think the above datasheet is ai
(Ccing the OP since I am unsure whether he reads the list.)
Thomas Nguyen Van:
>
> Our company needs to encrypt hard drives on our machines running under
> Linux Debian Lenny. […]
Instead of reposting your question from last Wednesday, it would be more
polite to answer to the replies you already
Good morning
Our company needs to encrypt hard drives on our machines running under Linux
Debian Lenny.
Seagate proposes FDE solutions with Momentus 5400 and/or 7200
(http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_ii_sq_kit.pdf)
This solution is very interest
On Wed, 19 Jan 2011 07:21:24 +, Thomas Nguyen Van wrote:
> Our company needs to encrypt hard drives on our machines running under
> Linux Debian Lenny. Seagate proposes FDE solutions with Momentus 5400
> and/or 7200
> (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_i
On 19.1.2011 9:21, Thomas Nguyen Van wrote:
> Good evening,
>
> Our company needs to encrypt hard drives on our machines running under Linux
> Debian Lenny.
> Seagate proposes FDE solutions with Momentus 5400 and/or 7200
> (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_
Good evening,
Our company needs to encrypt hard drives on our machines running under Linux
Debian Lenny.
Seagate proposes FDE solutions with Momentus 5400 and/or 7200
(http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_ii_sq_kit.pdf)
This solution is very interestin
64 matches
Mail list logo