Gentoo Archives: gentoo-user

From: Dale <rdalek1967@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Encrypting a hard drive's data. Best method.
Date: Sat, 06 Jun 2020 04:37:32
Message-Id: ddcf7e41-ef39-eae8-ba36-82efc057a1ee@gmail.com
1 Howdy,
2
3 I think I got a old 3TB hard drive to work.  After dd'ing it, redoing
4 partitions and such, it seems to be working.  Right now, I'm copying a
5 bunch of data to it to see how it holds up.  Oh, it's a PMR drive too. 
6 lol  Once I'm pretty sure it is alive and working well, I want to play
7 with encryption.  At some point, I plan to encrypt /home.  I found a bit
8 of info with startpage but some is dated.  This is one link that seems
9 to be from this year, at least updated this year. 
10
11 https://linoxide.com/linux-how-to/encrypt-linux-filesystem/
12
13 It seems like a nice one since it has commands and what it should look
14 like when it is performing the commands.  I like knowing what I'm doing
15 sort of matches what the howto shows.  It also seems to use LVM which I
16 will be using as well.  I think I can follow that and get a working
17 encrypted storage.  Later, I can attempt this on /home without doing it
18 blind.  I also have the options in the kernel as well.  I'll post them
19 at the bottom.  I enabled quite a lot a while back.  ;-) 
20
21 Is this a secure method or is there a more secure way?  Is there any
22 known issues with using this?  Anyone here use this method?  Keep in
23 mind, LVM.  BTFRS, SP?, may come later. 
24
25 One other question, can one change the password every once in a while? 
26 Or once set, you stuck with it from then on? 
27
28 If anyone has links to even better howtos, I'd love to check them out. 
29
30 Dale
31
32 :-)  :-) 
33
34
35 root@fireball / # zcat /proc/config.gz | grep crypt | grep =y
36 CONFIG_ARCH_HAS_MEM_ENCRYPT=y
37 CONFIG_DM_CRYPT=y
38 CONFIG_CRYPTO=y
39 CONFIG_CRYPTO_ALGAPI=y
40 CONFIG_CRYPTO_ALGAPI2=y
41 CONFIG_CRYPTO_AEAD=y
42 CONFIG_CRYPTO_AEAD2=y
43 CONFIG_CRYPTO_SKCIPHER=y
44 CONFIG_CRYPTO_SKCIPHER2=y
45 CONFIG_CRYPTO_HASH=y
46 CONFIG_CRYPTO_HASH2=y
47 CONFIG_CRYPTO_RNG=y
48 CONFIG_CRYPTO_RNG2=y
49 CONFIG_CRYPTO_RNG_DEFAULT=y
50 CONFIG_CRYPTO_AKCIPHER2=y
51 CONFIG_CRYPTO_AKCIPHER=y
52 CONFIG_CRYPTO_KPP2=y
53 CONFIG_CRYPTO_ACOMP2=y
54 CONFIG_CRYPTO_MANAGER=y
55 CONFIG_CRYPTO_MANAGER2=y
56 CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
57 CONFIG_CRYPTO_GF128MUL=y
58 CONFIG_CRYPTO_NULL=y
59 CONFIG_CRYPTO_NULL2=y
60 CONFIG_CRYPTO_CRYPTD=y
61 CONFIG_CRYPTO_AUTHENC=y
62 CONFIG_CRYPTO_SIMD=y
63 CONFIG_CRYPTO_GLUE_HELPER_X86=y
64 CONFIG_CRYPTO_RSA=y
65 CONFIG_CRYPTO_ECHAINIV=y
66 CONFIG_CRYPTO_CBC=y
67 CONFIG_CRYPTO_ECB=y
68 CONFIG_CRYPTO_LRW=y
69 CONFIG_CRYPTO_XTS=y
70 CONFIG_CRYPTO_NHPOLY1305=y
71 CONFIG_CRYPTO_NHPOLY1305_SSE2=y
72 CONFIG_CRYPTO_NHPOLY1305_AVX2=y
73 CONFIG_CRYPTO_ESSIV=y
74 CONFIG_CRYPTO_HMAC=y
75 CONFIG_CRYPTO_CRC32C=y
76 CONFIG_CRYPTO_XXHASH=y
77 CONFIG_CRYPTO_BLAKE2B=y
78 CONFIG_CRYPTO_CRCT10DIF=y
79 CONFIG_CRYPTO_MD5=y
80 CONFIG_CRYPTO_RMD128=y
81 CONFIG_CRYPTO_RMD160=y
82 CONFIG_CRYPTO_RMD256=y
83 CONFIG_CRYPTO_RMD320=y
84 CONFIG_CRYPTO_SHA1=y
85 CONFIG_CRYPTO_SHA1_SSSE3=y
86 CONFIG_CRYPTO_SHA256_SSSE3=y
87 CONFIG_CRYPTO_SHA512_SSSE3=y
88 CONFIG_CRYPTO_SHA256=y
89 CONFIG_CRYPTO_SHA512=y
90 CONFIG_CRYPTO_WP512=y
91 CONFIG_CRYPTO_AES=y
92 CONFIG_CRYPTO_AES_TI=y
93 CONFIG_CRYPTO_ARC4=y
94 CONFIG_CRYPTO_BLOWFISH=y
95 CONFIG_CRYPTO_BLOWFISH_COMMON=y
96 CONFIG_CRYPTO_BLOWFISH_X86_64=y
97 CONFIG_CRYPTO_CAMELLIA=y
98 CONFIG_CRYPTO_CAMELLIA_X86_64=y
99 CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
100 CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
101 CONFIG_CRYPTO_DES=y
102 CONFIG_CRYPTO_SERPENT=y
103 CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
104 CONFIG_CRYPTO_TWOFISH=y
105 CONFIG_CRYPTO_TWOFISH_COMMON=y
106 CONFIG_CRYPTO_TWOFISH_X86_64=y
107 CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
108 CONFIG_CRYPTO_ANSI_CPRNG=y
109 CONFIG_CRYPTO_DRBG_MENU=y
110 CONFIG_CRYPTO_DRBG_HMAC=y
111 CONFIG_CRYPTO_DRBG=y
112 CONFIG_CRYPTO_JITTERENTROPY=y
113 CONFIG_CRYPTO_USER_API=y
114 CONFIG_CRYPTO_USER_API_HASH=y
115 CONFIG_CRYPTO_USER_API_SKCIPHER=y
116 CONFIG_CRYPTO_USER_API_RNG=y
117 CONFIG_CRYPTO_LIB_AES=y
118 CONFIG_CRYPTO_LIB_ARC4=y
119 CONFIG_CRYPTO_LIB_DES=y
120 CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y
121 CONFIG_CRYPTO_LIB_SHA256=y
122 CONFIG_CRYPTO_HW=y
123 root@fireball / #
124
125 Just wanted to have a few extras.  ROFL 

Replies

Subject Author
Re: [gentoo-user] Encrypting a hard drive's data. Best method. "J. Roeleveld" <joost@××××××××.org>
Re: [gentoo-user] Encrypting a hard drive's data. Best method. "J. Roeleveld" <joost@××××××××.org>
Re: [gentoo-user] Encrypting a hard drive's data. Best method. Victor Ivanov <vic.m.ivanov@×××××.com>
Re: [gentoo-user] Encrypting a hard drive's data. Best method. "Sebastiaan L. Zoutendijk" <slzoutendijk@×××××.com>
Re: [gentoo-user] Encrypting a hard drive's data. Best method. Frank Steinmetzger <Warp_7@×××.de>
Re: [gentoo-user] Encrypting a hard drive's data. Best method. Dale <rdalek1967@×××××.com>