| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: RIPEMD160 |
| 3 |
|
| 4 |
Richard M. Conlan wrote: |
| 5 |
> Any recommendations of good dongle-based hard-drive encryption software? |
| 6 |
> |
| 7 |
|
| 8 |
Your best bet for dongle-based encryption in linux would be to use |
| 9 |
dm-crypt luks. |
| 10 |
|
| 11 |
A good, general guide: |
| 12 |
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS |
| 13 |
|
| 14 |
And then this link will demonstrate how to store the keys on your usb |
| 15 |
dongle (last question): |
| 16 |
http://luks.endorphin.org/faq |
| 17 |
|
| 18 |
|
| 19 |
I used this to encrypt my computers. I stored the keys for my drives on |
| 20 |
the dongle. But I also encrypted the dongle. So I used the gentoo wiki |
| 21 |
guide and changed some things around so the initrd image would decrypt |
| 22 |
my dongle then cat the keys to cryptsetup. One really good pass phrase |
| 23 |
on one encrypted dongle will decrypt all my drives. I also made an |
| 24 |
encrypted backup of the passphrases onto a floppy and stored them |
| 25 |
outside of my property. |
| 26 |
|
| 27 |
Hope this helps. It is, at least, one suggestion. |
| 28 |
|
| 29 |
Sincerely, |
| 30 |
Doug |
| 31 |
|
| 32 |
> ~RMC |
| 33 |
> |
| 34 |
> Paul de Vrieze wrote: |
| 35 |
>> On Friday 17 February 2006 23:49, Robert Larson wrote: |
| 36 |
>>> On Friday 30 September 2005 02:02 pm, J.A. wrote: |
| 37 |
>>>> I have a separate gateway/firewall (in.thesame.net) but I forgot the |
| 38 |
>>>> user name and password. It was setup with openna.com security |
| 39 |
>>>> procedures about four years ago. |
| 40 |
>>> openna.com mentions nothing (I didn't see it) about securing your BIOS |
| 41 |
>>> or boot loader. This means that you can download knoppix and boot it |
| 42 |
>>> (assuming you have a bootable cdrom, you may need to change bios |
| 43 |
>>> settings). |
| 44 |
>> |
| 45 |
>> Don't forget the padlock on the case. Otherwise the bios can be reset, |
| 46 |
>> including the password. Also be aware that most bios passwords can |
| 47 |
>> easilly be cracked, so don't make it equal to another password. |
| 48 |
>> |
| 49 |
>> Of course a padlock is not going to stop the really determined. One |
| 50 |
>> can easilly open the case in a different way, or just cut the padlock |
| 51 |
>> away. If you want real "security" the only way to go is to encrypt |
| 52 |
>> your harddisk. (This means you need to type the passphrase for the key |
| 53 |
>> at bootup, or have a dongle) |
| 54 |
>> |
| 55 |
>> Paul |
| 56 |
>> |
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
- -- |
| 62 |
How do I know the past isn't fiction designed to account for the discrepancy |
| 63 |
between my immediate physical sensations and my state of mind? |
| 64 |
|
| 65 |
/~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net> |
| 66 |
\ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu) |
| 67 |
X Against HTML Key fingerprint: |
| 68 |
/ \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19 |
| 69 |
-----BEGIN PGP SIGNATURE----- |
| 70 |
Version: GnuPG v1.4.2.1 (GNU/Linux) |
| 71 |
|
| 72 |
iD8DBQFD+ehXkqDBd8TkShkRA1HAAJ9df1VhUa+Enk1vHqCpaQpMXeEyNwCgsIYY |
| 73 |
CtACPC/ExqEpmfvKepoqVmI= |
| 74 |
=gp3m |
| 75 |
-----END PGP SIGNATURE----- |
| 76 |
-- |
| 77 |
gentoo-security@g.o mailing list |
Archives