* Re: [gentoo-user] Encrypting a hard drive's data. Best method.
@ 2020-06-06 7:14 99% ` J. Roeleveld
0 siblings, 0 replies; 1+ results
From: J. Roeleveld @ 2020-06-06 7:14 UTC (permalink / raw
To: gentoo-user
On 6 June 2020 06:37:23 CEST, Dale <rdalek1967@gmail.com> wrote:
>Howdy,
>
>I think I got a old 3TB hard drive to work. After dd'ing it, redoing
>partitions and such, it seems to be working. Right now, I'm copying a
>bunch of data to it to see how it holds up. Oh, it's a PMR drive too.
>lol Once I'm pretty sure it is alive and working well, I want to play
>with encryption. At some point, I plan to encrypt /home. I found a
>bit
>of info with startpage but some is dated. This is one link that seems
>to be from this year, at least updated this year.
>
>https://linoxide.com/linux-how-to/encrypt-linux-filesystem/
>
>It seems like a nice one since it has commands and what it should look
>like when it is performing the commands. I like knowing what I'm doing
>sort of matches what the howto shows. It also seems to use LVM which I
>will be using as well. I think I can follow that and get a working
>encrypted storage. Later, I can attempt this on /home without doing it
>blind. I also have the options in the kernel as well. I'll post them
>at the bottom. I enabled quite a lot a while back. ;-)
>
>Is this a secure method or is there a more secure way? Is there any
>known issues with using this? Anyone here use this method? Keep in
>mind, LVM. BTFRS, SP?, may come later.
>
>One other question, can one change the password every once in a while?
>Or once set, you stuck with it from then on?
>
>If anyone has links to even better howtos, I'd love to check them out.
>
>Dale
>
>:-) :-)
>
>
>root@fireball / # zcat /proc/config.gz | grep crypt | grep =y
>CONFIG_ARCH_HAS_MEM_ENCRYPT=y
>CONFIG_DM_CRYPT=y
>CONFIG_CRYPTO=y
>CONFIG_CRYPTO_ALGAPI=y
>CONFIG_CRYPTO_ALGAPI2=y
>CONFIG_CRYPTO_AEAD=y
>CONFIG_CRYPTO_AEAD2=y
>CONFIG_CRYPTO_SKCIPHER=y
>CONFIG_CRYPTO_SKCIPHER2=y
>CONFIG_CRYPTO_HASH=y
>CONFIG_CRYPTO_HASH2=y
>CONFIG_CRYPTO_RNG=y
>CONFIG_CRYPTO_RNG2=y
>CONFIG_CRYPTO_RNG_DEFAULT=y
>CONFIG_CRYPTO_AKCIPHER2=y
>CONFIG_CRYPTO_AKCIPHER=y
>CONFIG_CRYPTO_KPP2=y
>CONFIG_CRYPTO_ACOMP2=y
>CONFIG_CRYPTO_MANAGER=y
>CONFIG_CRYPTO_MANAGER2=y
>CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
>CONFIG_CRYPTO_GF128MUL=y
>CONFIG_CRYPTO_NULL=y
>CONFIG_CRYPTO_NULL2=y
>CONFIG_CRYPTO_CRYPTD=y
>CONFIG_CRYPTO_AUTHENC=y
>CONFIG_CRYPTO_SIMD=y
>CONFIG_CRYPTO_GLUE_HELPER_X86=y
>CONFIG_CRYPTO_RSA=y
>CONFIG_CRYPTO_ECHAINIV=y
>CONFIG_CRYPTO_CBC=y
>CONFIG_CRYPTO_ECB=y
>CONFIG_CRYPTO_LRW=y
>CONFIG_CRYPTO_XTS=y
>CONFIG_CRYPTO_NHPOLY1305=y
>CONFIG_CRYPTO_NHPOLY1305_SSE2=y
>CONFIG_CRYPTO_NHPOLY1305_AVX2=y
>CONFIG_CRYPTO_ESSIV=y
>CONFIG_CRYPTO_HMAC=y
>CONFIG_CRYPTO_CRC32C=y
>CONFIG_CRYPTO_XXHASH=y
>CONFIG_CRYPTO_BLAKE2B=y
>CONFIG_CRYPTO_CRCT10DIF=y
>CONFIG_CRYPTO_MD5=y
>CONFIG_CRYPTO_RMD128=y
>CONFIG_CRYPTO_RMD160=y
>CONFIG_CRYPTO_RMD256=y
>CONFIG_CRYPTO_RMD320=y
>CONFIG_CRYPTO_SHA1=y
>CONFIG_CRYPTO_SHA1_SSSE3=y
>CONFIG_CRYPTO_SHA256_SSSE3=y
>CONFIG_CRYPTO_SHA512_SSSE3=y
>CONFIG_CRYPTO_SHA256=y
>CONFIG_CRYPTO_SHA512=y
>CONFIG_CRYPTO_WP512=y
>CONFIG_CRYPTO_AES=y
>CONFIG_CRYPTO_AES_TI=y
>CONFIG_CRYPTO_ARC4=y
>CONFIG_CRYPTO_BLOWFISH=y
>CONFIG_CRYPTO_BLOWFISH_COMMON=y
>CONFIG_CRYPTO_BLOWFISH_X86_64=y
>CONFIG_CRYPTO_CAMELLIA=y
>CONFIG_CRYPTO_CAMELLIA_X86_64=y
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
>CONFIG_CRYPTO_DES=y
>CONFIG_CRYPTO_SERPENT=y
>CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
>CONFIG_CRYPTO_TWOFISH=y
>CONFIG_CRYPTO_TWOFISH_COMMON=y
>CONFIG_CRYPTO_TWOFISH_X86_64=y
>CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
>CONFIG_CRYPTO_ANSI_CPRNG=y
>CONFIG_CRYPTO_DRBG_MENU=y
>CONFIG_CRYPTO_DRBG_HMAC=y
>CONFIG_CRYPTO_DRBG=y
>CONFIG_CRYPTO_JITTERENTROPY=y
>CONFIG_CRYPTO_USER_API=y
>CONFIG_CRYPTO_USER_API_HASH=y
>CONFIG_CRYPTO_USER_API_SKCIPHER=y
>CONFIG_CRYPTO_USER_API_RNG=y
>CONFIG_CRYPTO_LIB_AES=y
>CONFIG_CRYPTO_LIB_ARC4=y
>CONFIG_CRYPTO_LIB_DES=y
>CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y
>CONFIG_CRYPTO_LIB_SHA256=y
>CONFIG_CRYPTO_HW=y
>root@fireball / #
>
>Just wanted to have a few extras. ROFL
Dale,
I didn't read the full page, but as it uses LUKS to manage the encryption, it is (at least similar) to what I do on my laptops.
A LUKS volume has support for multiple (I think 4) key slots (passwords that will decrypt the volume)
So, in order to change the password you would do:
1) add the new password into an unused slot
2) test the new password works
3) delete the old password (freeing the slot)
--
Joost
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2020-06-06 4:37 [gentoo-user] Encrypting a hard drive's data. Best method Dale
2020-06-06 7:14 99% ` J. Roeleveld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox