| 1 |
J. Roeleveld wrote: |
| 2 |
> On 6 June 2020 06:37:23 CEST, Dale <rdalek1967@×××××.com> wrote: |
| 3 |
>> Howdy, |
| 4 |
>> |
| 5 |
>> I think I got a old 3TB hard drive to work. After dd'ing it, redoing |
| 6 |
>> partitions and such, it seems to be working. Right now, I'm copying a |
| 7 |
>> bunch of data to it to see how it holds up. Oh, it's a PMR drive too. |
| 8 |
>> lol Once I'm pretty sure it is alive and working well, I want to play |
| 9 |
>> with encryption. At some point, I plan to encrypt /home. I found a |
| 10 |
>> bit |
| 11 |
>> of info with startpage but some is dated. This is one link that seems |
| 12 |
>> to be from this year, at least updated this year. |
| 13 |
>> |
| 14 |
>> https://linoxide.com/linux-how-to/encrypt-linux-filesystem/ |
| 15 |
>> |
| 16 |
>> It seems like a nice one since it has commands and what it should look |
| 17 |
>> like when it is performing the commands. I like knowing what I'm doing |
| 18 |
>> sort of matches what the howto shows. It also seems to use LVM which I |
| 19 |
>> will be using as well. I think I can follow that and get a working |
| 20 |
>> encrypted storage. Later, I can attempt this on /home without doing it |
| 21 |
>> blind. I also have the options in the kernel as well. I'll post them |
| 22 |
>> at the bottom. I enabled quite a lot a while back. ;-) |
| 23 |
>> |
| 24 |
>> Is this a secure method or is there a more secure way? Is there any |
| 25 |
>> known issues with using this? Anyone here use this method? Keep in |
| 26 |
>> mind, LVM. BTFRS, SP?, may come later. |
| 27 |
>> |
| 28 |
>> One other question, can one change the password every once in a while? |
| 29 |
>> Or once set, you stuck with it from then on? |
| 30 |
>> |
| 31 |
>> If anyone has links to even better howtos, I'd love to check them out. |
| 32 |
>> |
| 33 |
>> Dale |
| 34 |
>> |
| 35 |
>> :-) :-) |
| 36 |
>> |
| 37 |
>> |
| 38 |
>> root@fireball / # zcat /proc/config.gz | grep crypt | grep =y |
| 39 |
>> CONFIG_ARCH_HAS_MEM_ENCRYPT=y |
| 40 |
>> CONFIG_DM_CRYPT=y |
| 41 |
>> CONFIG_CRYPTO=y |
| 42 |
>> CONFIG_CRYPTO_ALGAPI=y |
| 43 |
>> CONFIG_CRYPTO_ALGAPI2=y |
| 44 |
>> CONFIG_CRYPTO_AEAD=y |
| 45 |
>> CONFIG_CRYPTO_AEAD2=y |
| 46 |
>> CONFIG_CRYPTO_SKCIPHER=y |
| 47 |
>> CONFIG_CRYPTO_SKCIPHER2=y |
| 48 |
>> CONFIG_CRYPTO_HASH=y |
| 49 |
>> CONFIG_CRYPTO_HASH2=y |
| 50 |
>> CONFIG_CRYPTO_RNG=y |
| 51 |
>> CONFIG_CRYPTO_RNG2=y |
| 52 |
>> CONFIG_CRYPTO_RNG_DEFAULT=y |
| 53 |
>> CONFIG_CRYPTO_AKCIPHER2=y |
| 54 |
>> CONFIG_CRYPTO_AKCIPHER=y |
| 55 |
>> CONFIG_CRYPTO_KPP2=y |
| 56 |
>> CONFIG_CRYPTO_ACOMP2=y |
| 57 |
>> CONFIG_CRYPTO_MANAGER=y |
| 58 |
>> CONFIG_CRYPTO_MANAGER2=y |
| 59 |
>> CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y |
| 60 |
>> CONFIG_CRYPTO_GF128MUL=y |
| 61 |
>> CONFIG_CRYPTO_NULL=y |
| 62 |
>> CONFIG_CRYPTO_NULL2=y |
| 63 |
>> CONFIG_CRYPTO_CRYPTD=y |
| 64 |
>> CONFIG_CRYPTO_AUTHENC=y |
| 65 |
>> CONFIG_CRYPTO_SIMD=y |
| 66 |
>> CONFIG_CRYPTO_GLUE_HELPER_X86=y |
| 67 |
>> CONFIG_CRYPTO_RSA=y |
| 68 |
>> CONFIG_CRYPTO_ECHAINIV=y |
| 69 |
>> CONFIG_CRYPTO_CBC=y |
| 70 |
>> CONFIG_CRYPTO_ECB=y |
| 71 |
>> CONFIG_CRYPTO_LRW=y |
| 72 |
>> CONFIG_CRYPTO_XTS=y |
| 73 |
>> CONFIG_CRYPTO_NHPOLY1305=y |
| 74 |
>> CONFIG_CRYPTO_NHPOLY1305_SSE2=y |
| 75 |
>> CONFIG_CRYPTO_NHPOLY1305_AVX2=y |
| 76 |
>> CONFIG_CRYPTO_ESSIV=y |
| 77 |
>> CONFIG_CRYPTO_HMAC=y |
| 78 |
>> CONFIG_CRYPTO_CRC32C=y |
| 79 |
>> CONFIG_CRYPTO_XXHASH=y |
| 80 |
>> CONFIG_CRYPTO_BLAKE2B=y |
| 81 |
>> CONFIG_CRYPTO_CRCT10DIF=y |
| 82 |
>> CONFIG_CRYPTO_MD5=y |
| 83 |
>> CONFIG_CRYPTO_RMD128=y |
| 84 |
>> CONFIG_CRYPTO_RMD160=y |
| 85 |
>> CONFIG_CRYPTO_RMD256=y |
| 86 |
>> CONFIG_CRYPTO_RMD320=y |
| 87 |
>> CONFIG_CRYPTO_SHA1=y |
| 88 |
>> CONFIG_CRYPTO_SHA1_SSSE3=y |
| 89 |
>> CONFIG_CRYPTO_SHA256_SSSE3=y |
| 90 |
>> CONFIG_CRYPTO_SHA512_SSSE3=y |
| 91 |
>> CONFIG_CRYPTO_SHA256=y |
| 92 |
>> CONFIG_CRYPTO_SHA512=y |
| 93 |
>> CONFIG_CRYPTO_WP512=y |
| 94 |
>> CONFIG_CRYPTO_AES=y |
| 95 |
>> CONFIG_CRYPTO_AES_TI=y |
| 96 |
>> CONFIG_CRYPTO_ARC4=y |
| 97 |
>> CONFIG_CRYPTO_BLOWFISH=y |
| 98 |
>> CONFIG_CRYPTO_BLOWFISH_COMMON=y |
| 99 |
>> CONFIG_CRYPTO_BLOWFISH_X86_64=y |
| 100 |
>> CONFIG_CRYPTO_CAMELLIA=y |
| 101 |
>> CONFIG_CRYPTO_CAMELLIA_X86_64=y |
| 102 |
>> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y |
| 103 |
>> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y |
| 104 |
>> CONFIG_CRYPTO_DES=y |
| 105 |
>> CONFIG_CRYPTO_SERPENT=y |
| 106 |
>> CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y |
| 107 |
>> CONFIG_CRYPTO_TWOFISH=y |
| 108 |
>> CONFIG_CRYPTO_TWOFISH_COMMON=y |
| 109 |
>> CONFIG_CRYPTO_TWOFISH_X86_64=y |
| 110 |
>> CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y |
| 111 |
>> CONFIG_CRYPTO_ANSI_CPRNG=y |
| 112 |
>> CONFIG_CRYPTO_DRBG_MENU=y |
| 113 |
>> CONFIG_CRYPTO_DRBG_HMAC=y |
| 114 |
>> CONFIG_CRYPTO_DRBG=y |
| 115 |
>> CONFIG_CRYPTO_JITTERENTROPY=y |
| 116 |
>> CONFIG_CRYPTO_USER_API=y |
| 117 |
>> CONFIG_CRYPTO_USER_API_HASH=y |
| 118 |
>> CONFIG_CRYPTO_USER_API_SKCIPHER=y |
| 119 |
>> CONFIG_CRYPTO_USER_API_RNG=y |
| 120 |
>> CONFIG_CRYPTO_LIB_AES=y |
| 121 |
>> CONFIG_CRYPTO_LIB_ARC4=y |
| 122 |
>> CONFIG_CRYPTO_LIB_DES=y |
| 123 |
>> CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y |
| 124 |
>> CONFIG_CRYPTO_LIB_SHA256=y |
| 125 |
>> CONFIG_CRYPTO_HW=y |
| 126 |
>> root@fireball / # |
| 127 |
>> |
| 128 |
>> Just wanted to have a few extras. ROFL |
| 129 |
> A gentoo centric manual/howto: |
| 130 |
> |
| 131 |
> https://wiki.gentoo.org/wiki/Dm-crypt |
| 132 |
> |
| 133 |
|
| 134 |
|
| 135 |
Thanks for both replies. I found one other Gentoo one but it was |
| 136 |
encrypting the whole thing, /boot and all, plus they used efi. I didn't |
| 137 |
find the one you linked too. |
| 138 |
|
| 139 |
First drive seems to have died. Got part way copying files and things |
| 140 |
got interesting. When checking smartctrl, it even puked on my |
| 141 |
keyboard. Drive only had a few hundred hours on it so maybe the drive |
| 142 |
was iffy from the start or that enclosure did damage somehow. Either |
| 143 |
way, drive two being tested. Running smartctrl test first and then |
| 144 |
restart from scratch and fill it up with files or something. |
| 145 |
|
| 146 |
Thanks much. |
| 147 |
|
| 148 |
Dale |
| 149 |
|
| 150 |
:-) :-) |
Archives