| 1 |
On Sun, Jun 7, 2020 at 4:08 AM Dale <rdalek1967@×××××.com> wrote: |
| 2 |
> |
| 3 |
> I still don't think I'm ready to try and do this on a hard drive. I'm certainly not going to do this with /home yet. |
| 4 |
|
| 5 |
If you have a spare drive or just a USB stick lying around, set it up |
| 6 |
on that. Then you can test that it mounts on boot and prompts for a |
| 7 |
password and all that stuff. |
| 8 |
|
| 9 |
Or you can use a loopback filesystem using a file on your hard drive. |
| 10 |
That is pretty safe as long as you don't enter "/bin/bash" as your |
| 11 |
loopback filename or whatever. I'm not sure if that will correctly |
| 12 |
mount itself automatically at boot though, as I'm not sure if the |
| 13 |
various service dependencies are set up to handle it (the drive |
| 14 |
containing the file has to be mounted first). |
| 15 |
|
| 16 |
> I notice that one can use different encryption tools. I have Blowfish, Twofish, AES and sha*** as well as many others. |
| 17 |
|
| 18 |
I'd stick with AES. If you're trying to keep the NSA out of your hard |
| 19 |
drive and you think they're part of a conspiracy to get people to use |
| 20 |
AES despite having cracked it, then I don't know what to tell you |
| 21 |
because they're probably going to get you no matter what you do... :) |
| 22 |
|
| 23 |
AES is probably the most mainstream crypto system out there and is |
| 24 |
considered very secure. It is also widely supported by hardware and |
| 25 |
all recent Intel/AMD CPUs. 128-bit keys are the most standard. Linux |
| 26 |
supports 256-bit though if you use that I'm not sure if |
| 27 |
hardware-acceleration is available. |
| 28 |
|
| 29 |
-- |
| 30 |
Rich |
Archives