From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-191665-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id EB8871382C5
	for <garchives@archives.gentoo.org>; Sat,  6 Jun 2020 07:16:24 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E38F9E0968;
	Sat,  6 Jun 2020 07:16:19 +0000 (UTC)
Received: from gw2.antarean.org (gw2.antarean.org [141.105.125.208])
	by pigeon.gentoo.org (Postfix) with ESMTP id 833CEE0954
	for <gentoo-user@lists.gentoo.org>; Sat,  6 Jun 2020 07:16:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by gw2.antarean.org (Postfix) with ESMTP id 49f9mN09Cvz8wRh
	for <gentoo-user@lists.gentoo.org>; Sat,  6 Jun 2020 09:16:20 +0200 (CEST)
X-Virus-Scanned: amavisd-new at antarean.org
Received: from gw2.antarean.org ([127.0.0.1])
	by localhost (gw2.antarean.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ND5vDnhIS8Eu for <gentoo-user@lists.gentoo.org>;
	Sat,  6 Jun 2020 09:16:19 +0200 (CEST)
Received: from mailstore1.antarean.org (localhost [127.0.0.1])
	by gw2.antarean.org (Postfix) with ESMTP id 49f9mM5LVXz8wGZ
	for <gentoo-user@lists.gentoo.org>; Sat,  6 Jun 2020 09:16:19 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mailstore1.antarean.org (Postfix) with ESMTP id 49f9mL3C1Yz15
	for <gentoo-user@lists.gentoo.org>; Sat,  6 Jun 2020 09:16:18 +0200 (CEST)
X-Virus-Scanned: amavisd-new at antarean.org
Received: from mailstore1.antarean.org ([127.0.0.1])
	by localhost (mailstore1.antarean.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id svpP3nJ_kQaE for <gentoo-user@lists.gentoo.org>;
	Sat,  6 Jun 2020 09:16:18 +0200 (CEST)
Received: from lan102.nl.antarean.org (lan102.nl.antarean.org [10.20.13.202])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by mailstore1.antarean.org (Postfix) with ESMTPSA id 49f9mL0sV3zj
	for <gentoo-user@lists.gentoo.org>; Sat,  6 Jun 2020 09:16:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=antarean.org;
	s=default; t=1591427778;
	bh=9dYaGNXAkUXP/BcFt6oav33vAjYalRx+2KQL6qiNfNw=;
	h=Date:In-Reply-To:References:Subject:To:From;
	b=mxNPgHnKsvONnDANp12Z/RTGnS5kLv6zBsC6lfDmxtE9DKoiKKlsV0rgzR9RA8r/A
	 VYGvrhiMVsgOzMIWT/5MwH8nngTjnSZVsKRqkJjJZGfbWuoWY7UyMVoeDijAMhrHSq
	 b+kltm4z5FJddmv5uPQKuXxJ+HLsoq46hTLGzE2o=
Date: Sat, 06 Jun 2020 09:16:14 +0200
User-Agent: K-9 Mail for Android
In-Reply-To: <ddcf7e41-ef39-eae8-ba36-82efc057a1ee@gmail.com>
References: <ddcf7e41-ef39-eae8-ba36-82efc057a1ee@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method.
To: gentoo-user@lists.gentoo.org
From: "J. Roeleveld" <joost@antarean.org>
Message-ID: <12F6F6AC-B646-4638-8349-BD5B9DB51B5E@antarean.org>
X-Archives-Salt: 829aeb91-9e2f-46ea-a619-760ac72c0134
X-Archives-Hash: 8556d8545cff1d931b19399a0e436834

On 6 June 2020 06:37:23 CEST, Dale <rdalek1967@gmail=2Ecom> wrote:
>Howdy,
>
>I think I got a old 3TB hard drive to work=2E=C2=A0 After dd'ing it, redo=
ing
>partitions and such, it seems to be working=2E=C2=A0 Right now, I'm copyi=
ng a
>bunch of data to it to see how it holds up=2E=C2=A0 Oh, it's a PMR drive =
too=2E=C2=A0
>lol=C2=A0 Once I'm pretty sure it is alive and working well, I want to pl=
ay
>with encryption=2E=C2=A0 At some point, I plan to encrypt /home=2E=C2=A0 =
I found a
>bit
>of info with startpage but some is dated=2E=C2=A0 This is one link that s=
eems
>to be from this year, at least updated this year=2E=C2=A0
>
>https://linoxide=2Ecom/linux-how-to/encrypt-linux-filesystem/
>
>It seems like a nice one since it has commands and what it should look
>like when it is performing the commands=2E=C2=A0 I like knowing what I'm =
doing
>sort of matches what the howto shows=2E=C2=A0 It also seems to use LVM wh=
ich I
>will be using as well=2E=C2=A0 I think I can follow that and get a workin=
g
>encrypted storage=2E=C2=A0 Later, I can attempt this on /home without doi=
ng it
>blind=2E=C2=A0 I also have the options in the kernel as well=2E=C2=A0 I'l=
l post them
>at the bottom=2E=C2=A0 I enabled quite a lot a while back=2E=C2=A0 ;-)=C2=
=A0
>
>Is this a secure method or is there a more secure way?=C2=A0 Is there any
>known issues with using this?=C2=A0 Anyone here use this method?=C2=A0 Ke=
ep in
>mind, LVM=2E=C2=A0 BTFRS, SP?, may come later=2E=C2=A0
>
>One other question, can one change the password every once in a while?=C2=
=A0
>Or once set, you stuck with it from then on?=C2=A0
>
>If anyone has links to even better howtos, I'd love to check them out=2E=
=C2=A0
>
>Dale
>
>:-)=C2=A0 :-)=C2=A0
>
>
>root@fireball / # zcat /proc/config=2Egz | grep crypt | grep =3Dy
>CONFIG_ARCH_HAS_MEM_ENCRYPT=3Dy
>CONFIG_DM_CRYPT=3Dy
>CONFIG_CRYPTO=3Dy
>CONFIG_CRYPTO_ALGAPI=3Dy
>CONFIG_CRYPTO_ALGAPI2=3Dy
>CONFIG_CRYPTO_AEAD=3Dy
>CONFIG_CRYPTO_AEAD2=3Dy
>CONFIG_CRYPTO_SKCIPHER=3Dy
>CONFIG_CRYPTO_SKCIPHER2=3Dy
>CONFIG_CRYPTO_HASH=3Dy
>CONFIG_CRYPTO_HASH2=3Dy
>CONFIG_CRYPTO_RNG=3Dy
>CONFIG_CRYPTO_RNG2=3Dy
>CONFIG_CRYPTO_RNG_DEFAULT=3Dy
>CONFIG_CRYPTO_AKCIPHER2=3Dy
>CONFIG_CRYPTO_AKCIPHER=3Dy
>CONFIG_CRYPTO_KPP2=3Dy
>CONFIG_CRYPTO_ACOMP2=3Dy
>CONFIG_CRYPTO_MANAGER=3Dy
>CONFIG_CRYPTO_MANAGER2=3Dy
>CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=3Dy
>CONFIG_CRYPTO_GF128MUL=3Dy
>CONFIG_CRYPTO_NULL=3Dy
>CONFIG_CRYPTO_NULL2=3Dy
>CONFIG_CRYPTO_CRYPTD=3Dy
>CONFIG_CRYPTO_AUTHENC=3Dy
>CONFIG_CRYPTO_SIMD=3Dy
>CONFIG_CRYPTO_GLUE_HELPER_X86=3Dy
>CONFIG_CRYPTO_RSA=3Dy
>CONFIG_CRYPTO_ECHAINIV=3Dy
>CONFIG_CRYPTO_CBC=3Dy
>CONFIG_CRYPTO_ECB=3Dy
>CONFIG_CRYPTO_LRW=3Dy
>CONFIG_CRYPTO_XTS=3Dy
>CONFIG_CRYPTO_NHPOLY1305=3Dy
>CONFIG_CRYPTO_NHPOLY1305_SSE2=3Dy
>CONFIG_CRYPTO_NHPOLY1305_AVX2=3Dy
>CONFIG_CRYPTO_ESSIV=3Dy
>CONFIG_CRYPTO_HMAC=3Dy
>CONFIG_CRYPTO_CRC32C=3Dy
>CONFIG_CRYPTO_XXHASH=3Dy
>CONFIG_CRYPTO_BLAKE2B=3Dy
>CONFIG_CRYPTO_CRCT10DIF=3Dy
>CONFIG_CRYPTO_MD5=3Dy
>CONFIG_CRYPTO_RMD128=3Dy
>CONFIG_CRYPTO_RMD160=3Dy
>CONFIG_CRYPTO_RMD256=3Dy
>CONFIG_CRYPTO_RMD320=3Dy
>CONFIG_CRYPTO_SHA1=3Dy
>CONFIG_CRYPTO_SHA1_SSSE3=3Dy
>CONFIG_CRYPTO_SHA256_SSSE3=3Dy
>CONFIG_CRYPTO_SHA512_SSSE3=3Dy
>CONFIG_CRYPTO_SHA256=3Dy
>CONFIG_CRYPTO_SHA512=3Dy
>CONFIG_CRYPTO_WP512=3Dy
>CONFIG_CRYPTO_AES=3Dy
>CONFIG_CRYPTO_AES_TI=3Dy
>CONFIG_CRYPTO_ARC4=3Dy
>CONFIG_CRYPTO_BLOWFISH=3Dy
>CONFIG_CRYPTO_BLOWFISH_COMMON=3Dy
>CONFIG_CRYPTO_BLOWFISH_X86_64=3Dy
>CONFIG_CRYPTO_CAMELLIA=3Dy
>CONFIG_CRYPTO_CAMELLIA_X86_64=3Dy
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=3Dy
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=3Dy
>CONFIG_CRYPTO_DES=3Dy
>CONFIG_CRYPTO_SERPENT=3Dy
>CONFIG_CRYPTO_SERPENT_SSE2_X86_64=3Dy
>CONFIG_CRYPTO_TWOFISH=3Dy
>CONFIG_CRYPTO_TWOFISH_COMMON=3Dy
>CONFIG_CRYPTO_TWOFISH_X86_64=3Dy
>CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=3Dy
>CONFIG_CRYPTO_ANSI_CPRNG=3Dy
>CONFIG_CRYPTO_DRBG_MENU=3Dy
>CONFIG_CRYPTO_DRBG_HMAC=3Dy
>CONFIG_CRYPTO_DRBG=3Dy
>CONFIG_CRYPTO_JITTERENTROPY=3Dy
>CONFIG_CRYPTO_USER_API=3Dy
>CONFIG_CRYPTO_USER_API_HASH=3Dy
>CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy
>CONFIG_CRYPTO_USER_API_RNG=3Dy
>CONFIG_CRYPTO_LIB_AES=3Dy
>CONFIG_CRYPTO_LIB_ARC4=3Dy
>CONFIG_CRYPTO_LIB_DES=3Dy
>CONFIG_CRYPTO_LIB_POLY1305_GENERIC=3Dy
>CONFIG_CRYPTO_LIB_SHA256=3Dy
>CONFIG_CRYPTO_HW=3Dy
>root@fireball / #
>
>Just wanted to have a few extras=2E=C2=A0 ROFL=C2=A0

A gentoo centric manual/howto:

https://wiki=2Egentoo=2Eorg/wiki/Dm-crypt

--=20
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E