1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: RIPEMD160 |
3 |
|
4 |
Richard M. Conlan wrote: |
5 |
> Any recommendations of good dongle-based hard-drive encryption software? |
6 |
> |
7 |
|
8 |
Your best bet for dongle-based encryption in linux would be to use |
9 |
dm-crypt luks. |
10 |
|
11 |
A good, general guide: |
12 |
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS |
13 |
|
14 |
And then this link will demonstrate how to store the keys on your usb |
15 |
dongle (last question): |
16 |
http://luks.endorphin.org/faq |
17 |
|
18 |
|
19 |
I used this to encrypt my computers. I stored the keys for my drives on |
20 |
the dongle. But I also encrypted the dongle. So I used the gentoo wiki |
21 |
guide and changed some things around so the initrd image would decrypt |
22 |
my dongle then cat the keys to cryptsetup. One really good pass phrase |
23 |
on one encrypted dongle will decrypt all my drives. I also made an |
24 |
encrypted backup of the passphrases onto a floppy and stored them |
25 |
outside of my property. |
26 |
|
27 |
Hope this helps. It is, at least, one suggestion. |
28 |
|
29 |
Sincerely, |
30 |
Doug |
31 |
|
32 |
> ~RMC |
33 |
> |
34 |
> Paul de Vrieze wrote: |
35 |
>> On Friday 17 February 2006 23:49, Robert Larson wrote: |
36 |
>>> On Friday 30 September 2005 02:02 pm, J.A. wrote: |
37 |
>>>> I have a separate gateway/firewall (in.thesame.net) but I forgot the |
38 |
>>>> user name and password. It was setup with openna.com security |
39 |
>>>> procedures about four years ago. |
40 |
>>> openna.com mentions nothing (I didn't see it) about securing your BIOS |
41 |
>>> or boot loader. This means that you can download knoppix and boot it |
42 |
>>> (assuming you have a bootable cdrom, you may need to change bios |
43 |
>>> settings). |
44 |
>> |
45 |
>> Don't forget the padlock on the case. Otherwise the bios can be reset, |
46 |
>> including the password. Also be aware that most bios passwords can |
47 |
>> easilly be cracked, so don't make it equal to another password. |
48 |
>> |
49 |
>> Of course a padlock is not going to stop the really determined. One |
50 |
>> can easilly open the case in a different way, or just cut the padlock |
51 |
>> away. If you want real "security" the only way to go is to encrypt |
52 |
>> your harddisk. (This means you need to type the passphrase for the key |
53 |
>> at bootup, or have a dongle) |
54 |
>> |
55 |
>> Paul |
56 |
>> |
57 |
|
58 |
|
59 |
|
60 |
|
61 |
- -- |
62 |
How do I know the past isn't fiction designed to account for the discrepancy |
63 |
between my immediate physical sensations and my state of mind? |
64 |
|
65 |
/~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net> |
66 |
\ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu) |
67 |
X Against HTML Key fingerprint: |
68 |
/ \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19 |
69 |
-----BEGIN PGP SIGNATURE----- |
70 |
Version: GnuPG v1.4.2.1 (GNU/Linux) |
71 |
|
72 |
iD8DBQFD+ehXkqDBd8TkShkRA1HAAJ9df1VhUa+Enk1vHqCpaQpMXeEyNwCgsIYY |
73 |
CtACPC/ExqEpmfvKepoqVmI= |
74 |
=gp3m |
75 |
-----END PGP SIGNATURE----- |
76 |
-- |
77 |
gentoo-security@g.o mailing list |