1 |
On Sun, Jun 7, 2020 at 4:08 AM Dale <rdalek1967@×××××.com> wrote: |
2 |
> |
3 |
> I still don't think I'm ready to try and do this on a hard drive. I'm certainly not going to do this with /home yet. |
4 |
|
5 |
If you have a spare drive or just a USB stick lying around, set it up |
6 |
on that. Then you can test that it mounts on boot and prompts for a |
7 |
password and all that stuff. |
8 |
|
9 |
Or you can use a loopback filesystem using a file on your hard drive. |
10 |
That is pretty safe as long as you don't enter "/bin/bash" as your |
11 |
loopback filename or whatever. I'm not sure if that will correctly |
12 |
mount itself automatically at boot though, as I'm not sure if the |
13 |
various service dependencies are set up to handle it (the drive |
14 |
containing the file has to be mounted first). |
15 |
|
16 |
> I notice that one can use different encryption tools. I have Blowfish, Twofish, AES and sha*** as well as many others. |
17 |
|
18 |
I'd stick with AES. If you're trying to keep the NSA out of your hard |
19 |
drive and you think they're part of a conspiracy to get people to use |
20 |
AES despite having cracked it, then I don't know what to tell you |
21 |
because they're probably going to get you no matter what you do... :) |
22 |
|
23 |
AES is probably the most mainstream crypto system out there and is |
24 |
considered very secure. It is also widely supported by hardware and |
25 |
all recent Intel/AMD CPUs. 128-bit keys are the most standard. Linux |
26 |
supports 256-bit though if you use that I'm not sure if |
27 |
hardware-acceleration is available. |
28 |
|
29 |
-- |
30 |
Rich |