From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CCF451382C5 for ; Sun, 7 Jun 2020 10:34:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6BCF6E0971; Sun, 7 Jun 2020 10:33:54 +0000 (UTC) Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 26724E095C for ; Sun, 7 Jun 2020 10:33:54 +0000 (UTC) Received: by mail-ej1-f46.google.com with SMTP id y13so14988627eju.2 for ; Sun, 07 Jun 2020 03:33:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=415JywxV0qO7IggSqkuwRLVpk208iy1WcNJI6vDpB8M=; b=LtWQ3Djn7Wk3gkYjKu+z9jD+6Fy+Zh9ST6xOYlgRzyRcxPwPSSn+LVMSUlvzbkoKxx 7zs0jC3P7vtsXf9WygKJvE+GmUR7bRJjCNHzAWf4YDfHcdrAofRysyr3RJfO440OsjhR sTy7sIJGz5XOTMntxEDfKsqOR2nyaoiDCgmJydmHdBK3shYkRZuMRWcKLi9zDQ628I0E eDzjm41OHuwT6rai4eDbkDf9kqFf1TxiXOPQJ5BsPmSIOvmSgJGvThOYYqSAyLESp3rO sqZ4XKJO7VX/oV128BW3CInLc3cC0gLkmvHXrB3+AukGkxVj842yt2sC++RYHZ7yJ0wF x8qA== X-Gm-Message-State: AOAM5311u4ux8FY8TbJr/EOuC2kcK3TfVfVyOYcMn2CgAshSDaHzjvmm rjx77KfHDto88mm3dDhbKr20raI2IQddBhlBa7EWUA== X-Google-Smtp-Source: ABdhPJz59xcjdYaMAmmfB8Xgot0se1SWFt2x5zyynrpNhW1AY07191cXf+NVNo5U/DeBXB4uLxOoFrwjRy0goX7WE2M= X-Received: by 2002:a17:906:3bd8:: with SMTP id v24mr15268680ejf.231.1591526032502; Sun, 07 Jun 2020 03:33:52 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <7e55092b-1914-da09-cb33-25aea63d2b22@gmail.com> <6a9ae564-14be-aa10-e0d3-d50fd82e3e3b@gmail.com> <7e2ee8c9-7956-39a4-e31b-6a3f40d08da9@gmail.com> In-Reply-To: From: Rich Freeman Date: Sun, 7 Jun 2020 06:33:41 -0400 Message-ID: Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method. To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: f9638722-fd94-4598-a624-0e00bef57113 X-Archives-Hash: a8f906f88fd605231ea13d606c68004c On Sun, Jun 7, 2020 at 4:08 AM Dale wrote: > > I still don't think I'm ready to try and do this on a hard drive. I'm certainly not going to do this with /home yet. If you have a spare drive or just a USB stick lying around, set it up on that. Then you can test that it mounts on boot and prompts for a password and all that stuff. Or you can use a loopback filesystem using a file on your hard drive. That is pretty safe as long as you don't enter "/bin/bash" as your loopback filename or whatever. I'm not sure if that will correctly mount itself automatically at boot though, as I'm not sure if the various service dependencies are set up to handle it (the drive containing the file has to be mounted first). > I notice that one can use different encryption tools. I have Blowfish, Twofish, AES and sha*** as well as many others. I'd stick with AES. If you're trying to keep the NSA out of your hard drive and you think they're part of a conspiracy to get people to use AES despite having cracked it, then I don't know what to tell you because they're probably going to get you no matter what you do... :) AES is probably the most mainstream crypto system out there and is considered very secure. It is also widely supported by hardware and all recent Intel/AMD CPUs. 128-bit keys are the most standard. Linux supports 256-bit though if you use that I'm not sure if hardware-acceleration is available. -- Rich