From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JeFO6-0000xp-HP for garchives@archives.gentoo.org; Tue, 25 Mar 2008 20:04:50 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1DEC5E04A9; Tue, 25 Mar 2008 20:02:35 +0000 (UTC) Received: from server1.nasreddine.com (server1.nasreddine.com [82.225.70.234]) by pigeon.gentoo.org (Postfix) with ESMTP id AA773E047C for ; Tue, 25 Mar 2008 20:02:34 +0000 (UTC) Received: from localhost (unknown [192.168.2.5]) by server1.nasreddine.com (Postfix) with ESMTP id 8AE511231DAB for ; Tue, 25 Mar 2008 21:02:33 +0100 (CET) X-Virus-Scanned: amavisd-new at nasreddine.info Received: from server1.nasreddine.com ([192.168.2.5]) by localhost (cadmus-mail.nasreddine.info [192.168.2.5]) (amavisd-new, port 10024) with LMTP id 4ZkDk+xtKzsc for ; Tue, 25 Mar 2008 20:02:30 +0000 (UTC) Received: from phoenix.nasreddine.info (phoenix.nasreddine.info [192.168.1.3]) by server1.nasreddine.com (Postfix) with ESMTPA id 276661231DA4 for ; Tue, 25 Mar 2008 21:02:30 +0100 (CET) Date: Tue, 25 Mar 2008 21:02:26 +0100 From: Wael Nasreddine To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Recovering root password Message-ID: <20080325200226.GA25014@phoenix.nasreddine.info> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <49bf44f10803241330r3b447b4bkde7a062c73905b94@mail.gmail.com> <68b1e2610803250103o36ee7fe5n1aab9f6399e56a0f@mail.gmail.com> <20080325083038.GA19029@phoenix.nasreddine.info> <200803251723.21456.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe" Content-Disposition: inline In-Reply-To: <200803251723.21456.michaelkintzios@gmail.com> X-OS: Linux 2.6.24-tuxonice-r3 i686 X-Editor: VIM - Vi IMproved 7.1 (2007 May 12, compiled Mar 22 2008 15:41:28) X-PGP-Key: http://wael.nasreddine.com/files/Wael_Nasreddine.asc User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: ed957aaf-c131-4ebb-9e6f-ab08a1233337 X-Archives-Hash: 14c1648ba3b51b2104015495d04c7e87 --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable This One Time, at Band Camp, Mick said, On Tue,= Mar 25, 2008 at 05:23:00PM +0000: > > That's why I have my entire installation over a DM-CRYPT ( LUKS > > encrypted partition... ), including swaps and storage ( LVM over > > DM-CRYPT actually), this way even if someone had a physical access to > > my laptop, both GRUB and LiveCD approach would be useless... > I've thought about going for this . . . and then backpedaled once more. = Every > time I had a fs problem I have managed to recover to this date without mu= ch > trouble. Vanilla primary and extended partitions seem to be straight for= ward > to access with any LiveCD. To be honest even when I had to frig about wi= th > LVM I managed to recover without loss of data (more out of luck than skil= l I > suspect). The thought however, that I may lose my private key (never say > never), or lose a drive and need to access my data pronto from a back up > makes me somewhat nervous. Should I be more brave that this? Well it depends... First of all you should know that almost every LiveCD now include a cryptsetup/lvm implementation, Gentoo does, Ubuntu does ( not as is though you should apt-get cryptsetyp, AFAIK lvm already installed), so recovering data would not be that hard if you can open the partition... As for loosing the key, that's easy too, here's what I do: I create a small file from /dev/urandom and I use it as pass key SLOT, and store it somewhere safe, so if and when I forget all of the passwords I have, I use this key, it is safe. Anyway as I said above it actually depends, using dm-crypt will lower the performance of your machine which actually make sense since the data are encrypted before they are written to the disk (AFAIK I'm not really sure how it handles I/O operations, but I'm sure that writing a huge file to your HDD will result in a lot of CPU usage of the process 'kcryptd'), but using dm-crypt is very very secure, I use it because my laptop is with me every day when I go to the university so I need this kind of security... On the other hand if you don't need encryption, maybe you should stick with LVM... (LVM is a must checkout my partitions below, I love it...) --------- CUT # lvdisplay -C LV VG Attr LSize Origin Snap% Move Log Copy% Conve= rt gentoo-opt system -wi-ao 1.00G gentoo-overlays system -wi-ao 1.00G gentoo-root system -wi-ao 500.00M gentoo-usr system -wi-ao 5.00G gentoo-var system -wi-ao 500.00M home system -wi-ao 15.00G storage system -wi-ao 50.66G suspend-swap system -wi-a- 1.00G swap system -wi-ao 2.00G tmp system -wi-ao 500.00M ubuntu-opt system -wi-ao 1.00G ubuntu-root system -wi-ao 500.00M ubuntu-usr system -wi-ao 3.50G ubuntu-var system -wi-ao 500.00M var-tmp system -wi-ao 100.00M --------- CUT Regards, -- Wael Nasreddine http://wael.nasreddine.com PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 /=C3=B6\ /=C3=B6\ When Chuck Norris wants an egg, he cracks open a chicken. --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFH6VpSVWU5RcjdGKIRAizgAKD22cNpPhOnZGVIl87C1DsgDa1gagCg9jjJ eNrj3B1jgRD8xP4njVtJ1EE= =NXH1 -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe-- -- gentoo-user@lists.gentoo.org mailing list