From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 603981382C5 for ; Sun, 7 Jun 2020 08:08:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BCAEFE0928; Sun, 7 Jun 2020 08:08:41 +0000 (UTC) Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 76754E08CE for ; Sun, 7 Jun 2020 08:08:41 +0000 (UTC) Received: by mail-qt1-x836.google.com with SMTP id q14so12286759qtr.9 for ; Sun, 07 Jun 2020 01:08:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=o4u3JUCg4tcujNgROrs7gFX6gjeKFJ/In7SJgiMJlUY=; b=Hi91co/zyqrY33OY9sZW8REfIcOJlyNlSIYdOMyA3DM2xYcjZqrd39MdSkvFPvfQ00 WcLOtINW78g2hEvrCIc4nlfzNIH+Jg29L9PwDfV2lWeG9jb0alLQGIK2EYet6cd453Rn hGGS6LFNyRwe1B7teaZTbbgKV2n0EtzBN8i8Q7J7LfJDZpX7Mo8lMma06TasbM1h8fP9 BCcJHlOpu/xktfQkWhalXy6ufwMYWcZ6ufFdNwIAtOkORMgGXigmJX+AZRph8KvyquyG 2nl4egHoHPBPc50STE8BlxC3SuKyoEgIT1QiB1HTOlaaQQFJId+9Qy+a7So8tJVOt10U q4+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=o4u3JUCg4tcujNgROrs7gFX6gjeKFJ/In7SJgiMJlUY=; b=fvv1mEAGcSAV0/luKp9dhvtzLR2KTxZgIwvddKFtiDjQdP9NqJrNXokIJQAaxmcNPW kuDBq8LIorFGUbsw6A/bnFVN0LR3+u399nlZTRFu5wNSaCiOsdpDPvt+1BFCgJvQKkGz dngEaUf1EBP0IgkKNamRSj5Y7REHjdEie9skGazqTc58UfZClxrlTnMzuGhs1pcJOAx8 zWl1Ja90z8FC84GSMkOSr9+13K2W8ykXaCraU0hQDqjcu4ez2b5tlxS8pGomXBUnd3OP 5ey/RySxLjctcJSkBeTfVPnvJSs+iEdwgULnS1gJzavnmKMUfgc6hYtPjJJHDou4rUoO Wl2A== X-Gm-Message-State: AOAM532h8wclxUKtjbCs3kZ7ynv3GRPlpAai6M0OXyaVz6sWjkDf/Wj7 4tQJwio067K9dhhv8OhXMzE= X-Google-Smtp-Source: ABdhPJxx+2bxm6df5OakGqIH69lv8P7PKArt+nW4XdTkZLRMj4OlV4h/iCgQeJ6yF7NsLtZ7XynTAg== X-Received: by 2002:ac8:11d:: with SMTP id e29mr18529982qtg.182.1591517320423; Sun, 07 Jun 2020 01:08:40 -0700 (PDT) Received: from [192.168.0.100] (adsl-074-188-244-109.sip.asm.bellsouth.net. [74.188.244.109]) by smtp.gmail.com with ESMTPSA id g132sm4242635qkb.78.2020.06.07.01.08.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 07 Jun 2020 01:08:39 -0700 (PDT) Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method. From: Dale To: gentoo-user@lists.gentoo.org References: <7e55092b-1914-da09-cb33-25aea63d2b22@gmail.com> <6a9ae564-14be-aa10-e0d3-d50fd82e3e3b@gmail.com> <7e2ee8c9-7956-39a4-e31b-6a3f40d08da9@gmail.com> Openpgp: preference=signencrypt Autocrypt: addr=rdalek1967@gmail.com; prefer-encrypt=mutual; keydata= mQINBFxc7MgBEAC+zrgEdqJJiDe/UDAB+ScmferXWfJTVjbVT2T4DQ7jiLrgP9aNUo1HioNF mrU3JPOCR32gvZyTbY1+niO5+VSo/+pSqQ785h6ZDj1klMkrg6tEzGnf2MNBpBj4houZwxQ+ WDKKTg2M9F+lv8wTIdR/JQn+hSviktLMtrghQlyLhpapsLXWLA6gMFebpQYwxUwemvan8ddX lQvJe9FGyFYvBi0dp1gl10F2O+DVZJxvX8xkX+yImVlhVJiC31gXHRcj+Qlo7gprlU7TIieF Uow6/ZvYKJ26pztVdFCg5w0rMJkF/x8Zd4A6wnuptiAPmWaQ1+YKgYDonbDUgwqFSx5/lN5z DGZ4LlioxeUTTPVvZsqBIeDz6jNFA583OYbo1/S26dqrvTFf2DKlsvoDpVfAhNlwJPjoixs0 X3FNqPv+M10n4kq5Iz7Q9E3O4s/nfFIYGocEslVka7zZPkXSaHbsn+KJlY8XV6qxtCEdh0/V XX1+1aU2J74M0JikWhpwxTZ1dP5aOyWSPPEgFFIRW6xwwC02SoRH9a7mggfGYp/YjPlONNaT SCL8sgRfvmq3D0XTbLyTjSbExxkfKDmbePQagawDE3TlI/oivHf1JaAcbwMb3LZuU4TGcOIl 5D+x7q0MUIeCop0ZFOwAnqW3AVVNvsBkv2KN+IHJryWAf0/iMQARAQABtBtEYWxlIDxyZGFs ZWsxOTY3QGdtYWlsLmNvbT6JAk4EEwEIADgWIQTZ7suruPBaS60bCYXvEM/XWu+ZnAUCXFzs yAIbIwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDvEM/XWu+ZnN+7D/4/1dNG4aCz0+v+ 0dcjV5tY1feYEWCdHKyDzxWBxlCpd/0NPRQeNY4VMjbCl/sq7GkXi/c2SbfWDQ5BQRkkExG1 pSwuXSIehGok/4fpTi3HDAguRvzdCqlKPt7me05FyiC/WnpY5GOlJ3ruGw2qABv/RmV2q5b/ tkq7h1y1f16DTNr3/nsj8HzHcrHdXdL4kaYChSOe/dbQR9Stqak7eMyR+iwvrJMNF/CGl70P 2x5ybsXMDzRVOqNcpa5ZdhEMTVh6+vC1SOmm1BFMF8XCqBEvBbcHWDQmGYTdNCsS/ADm8CBl gvjJgLdIsAzoMu4WHQDFnzXAoArqFWgAf53isOS4AWrv29tF9b8Aa1vb7h5JEa+ArcMsA6Gl X38+GY6WXXaxKI9n3PTCWu9tPGnRh7mABjnwEosDDqmzw8aTAYECb3avDuGY2rmcjgh4H6RE w08d63j1T4d5J9wlm4TGtW/VHgbUFkATEdH3Acl/EjFiyqTiX7p8kU6Reu5enIkogA93xoQh Rmy7ZiST/5LN+ZkaOdyjIw0L+5KalslN9SKt809YxgJ6kPo657LNTFPiFvFA46/SEWcBYrzq Xk0wEW0gBRWf+BqN0qRhU0/EQ+QfRdLLFg2xtUePwlheYLXxfyDLrdCCOLWYpkzbjCZHLS4u 69smbvR9S9KBDNzJybxEWrkCDQRcXOzIARAA5IGRWTqaM44IJgBYghZg2fGj0Am7KWPhE7V7 T/EEe7vVSUEFqHtlHzI4ZK6Q0AZ9uAEjE8IJIQ7KoTjzNqAtabP0vp3s0szgtJlsZ+8vGKlQ my7fvzSrdoQL0Xn7CEwJYFXJ1EMUcYIQeoHG1cUAaXx73k9BFbjwjnUeMrqlV/ZovQlg7duW nESfQ7HZu5NrtYyY3jPMUouxiO9WQPh+IHxZbt1absF2VcvRAymD32RxGvMPbw6ChMRD/p9O 4PH7M5rXaxr78NXQX9E48vrI00f1cYb9NSN1HnSV8cW3jKObVjdBk6jPQwrMvdpgdQhUB9aZ HS/9mC9mmAgiXKyCpzXe7FPB6QznSfn4GIaC/luy1e6SLUkJhRK/niB+gq+Mfxg2zXNuDUTI cMGmpDCp3kgUoorkaltk8RW09io95BkXrGhcDNuSGZfAParBc7RXyYpbIcax8St7tEAd2oFh 4seYOPUlzuhGrPpqR/91wrFc4E1260GKauSr4UhMJv6tygBwyC0mmBMKi+ZXw6ZdZxA5fg7y 35P3TILjznCXXTDgRHq9A3NknKRMcgFacX6eIhANkMFo6oJVjuEgy1dvu1wFfDq7c+i8GAHu L4pYzyXYu6PporlNNU0xSwdVgzM/uuK0lt+UxCimgC+YR3IezgDcbfudb7h9dGIwL+bbPL0A EQEAAYkCNgQYAQgAIBYhBNnuy6u48FpLrRsJhe8Qz9da75mcBQJcXOzIAhsMAAoJEO8Qz9da 75mcXZ4P/1YXgWDZek7mhzrf6uaQzMxa92P89HeWz4PlgB/32symeEFAV04WazzBZffI8AYY rGA1Xmu/2VaB9+FOODyKhUWBc2UL0NRWBk6POwboyTdKlclmpixaN9zLcBt0YLejoRfN1B/5 aQf9/lUDZMnAiCyz0FgeqEMUshldmwWC35RqnjrCbbuk2vIqSH6BLDIXU6jQrLHE1DF0ai41 wLtQFAFXPhn45n0ZwYhVs4Z32z4sjXrIvgBgCaXa4HM+L1Klne0KiNM8ReFTTpTE0SgyDOSZ O3MOa2n77i6JbVtsbiFYnNeP3J9S/l3jevGpZEtNQOKrIm1MW8jGuHWtsDeMkT/mCcSodlkt PxIo+mMK9GpGvG2hW80LiohqNfUbNwAmr3blOYY4URPXPRnEnPs4pmTmL5owjw2dkg145i9I D42Tq+XZ6YtWt3SGzGbAYow6XwTwZ5NFAzV9UQuCGrDw4KWan6O6Z+VIYWsn0UMZlu1Obxna aocofkaUCbISK26kImuD1aA8juSHC18Qv1xUage6/UakbSxyDtACqt6hOVFKX3IA59ApdNRT +2x3iCmlvF9MJsGgFq6IpqL+Fk7iWV8Kjbz0wQOId6N9+JdQh3LrLaS7a1PowUm1z9DK5/O0 Yg+gpDnEOOFI7WM5u7a7FSM2Z/LXGVwel/0eWvLk9tN6 Message-ID: Date: Sun, 7 Jun 2020 03:08:38 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------A672138295A0D72CBA754D11" X-Archives-Salt: c6f81d6b-1d29-4978-9cb5-6fabecac117e X-Archives-Hash: 9dad5f4f2ebf877fab60abb19b8e17bf This is a multi-part message in MIME format. --------------A672138295A0D72CBA754D11 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Dale wrote: > > > My take.  Bad password, easy to guess, easy to crack because it is > simple or common; not very secure even if the password is changed > since one could use the old password in certain situations and get at > the data.  Good strong password, changed or not; hard to crack even if > the whole drive is taken.  > > Moral of the story.  Have a good strong password and keep your mouth > shut about what the password is, unless you want that person to spill > the beans.  Or you plan to knock them off later.  ROFLMBO > > I'm not storing the secrets to some new weapon that will destroy the > world and everything on it, including the roaches.  Well, that last > one might be OK. lol  I just want it so that when I fall into the > cremation chamber or a cemetery plot, it won't be easy for a person to > access the drive.  I'm good at the keeping password to myself bit.  > Still thinking on killing all the roaches tho .  I'd keep that secure > but I wouldn't mind being rid of those.  :/  > > I think I need to watch a youtube video on this tho.  I want to watch > a person not only install it but actually use it.  For example, what > triggers it asking for a password and what does it look like?  Is it > pretty fast, take a few seconds or what?  I got a lot of questions but > they are things that can't be answered easily in text.  Yea, gotta go > visit youtube.  Test drive youtube-dl again.  > > Dale > > :-)  :-)  OK.  Found some videos and jeez, there is a ton of ways to use this.  You can have a password, a key file, both or likely other options as well.  On one video, the guy generated a key file with urandom that was 1024 characters.  As he put it, try typing that in.  Anyway, he put the file in / and used the file to mount the thing automatically after some setup. If however he goes to another puter, either you have to have that key file on it to or type in the password.  He also set it up to mount automatically.  Then I found out about crypttab.  I don't have that on my system, yet.  I was wondering how the system would know when a drive or partition was encrypted or not.  Well, there you go.  Once crypttab and fstab are set up, it can mount automatically.  Well neato.  ;-) When watching a video or two, I had to google some things.  I run up on zulucrypt.  It's a GUI that can handle several different encryption tools.  Yes, one should at least be familiar with command line just in case the GUI doesn't work but having a GUI does make it easier.  I still don't think I'm ready to try and do this on a hard drive.  I'm certainly not going to do this with /home yet.  Between this thread and a few videos, pictures says a lot, it's starting to make sense.  I also noticed, it is really fast.  One may need a stopwatch to even notice it is encrypted at all.  I notice that one can use different encryption tools.  I have Blowfish, Twofish, AES and sha*** as well as many others.  I know some have been compromised.  Which ones are known to be secure?  I seem to recall that after Snowden some had to be redone and some new ones popped up to make sure they were secure.  Thoughts?? Dale :-)  :-)  --------------A672138295A0D72CBA754D11 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Dale wrote:


My take.  Bad password, easy to guess, easy to crack because it is simple or common; not very secure even if the password is changed since one could use the old password in certain situations and get at the data.  Good strong password, changed or not; hard to crack even if the whole drive is taken. 

Moral of the story.  Have a good strong password and keep your mouth shut about what the password is, unless you want that person to spill the beans.  Or you plan to knock them off later.  ROFLMBO

I'm not storing the secrets to some new weapon that will destroy the world and everything on it, including the roaches.  Well, that last one might be OK. lol  I just want it so that when I fall into the cremation chamber or a cemetery plot, it won't be easy for a person to access the drive.  I'm good at the keeping password to myself bit.  Still thinking on killing all the roaches tho .  I'd keep that secure but I wouldn't mind being rid of those.  :/ 

I think I need to watch a youtube video on this tho.  I want to watch a person not only install it but actually use it.  For example, what triggers it asking for a password and what does it look like?  Is it pretty fast, take a few seconds or what?  I got a lot of questions but they are things that can't be answered easily in text.  Yea, gotta go visit youtube.  Test drive youtube-dl again. 

Dale

:-)  :-) 


OK.  Found some videos and jeez, there is a ton of ways to use this.  You can have a password, a key file, both or likely other options as well.  On one video, the guy generated a key file with urandom that was 1024 characters.  As he put it, try typing that in.  Anyway, he put the file in / and used the file to mount the thing automatically after some setup. If however he goes to another puter, either you have to have that key file on it to or type in the password.  He also set it up to mount automatically. 

Then I found out about crypttab.  I don't have that on my system, yet.  I was wondering how the system would know when a drive or partition was encrypted or not.  Well, there you go.  Once crypttab and fstab are set up, it can mount automatically.  Well neato.  ;-)

When watching a video or two, I had to google some things.  I run up on zulucrypt.  It's a GUI that can handle several different encryption tools.  Yes, one should at least be familiar with command line just in case the GUI doesn't work but having a GUI does make it easier. 

I still don't think I'm ready to try and do this on a hard drive.  I'm certainly not going to do this with /home yet.  Between this thread and a few videos, pictures says a lot, it's starting to make sense.  I also noticed, it is really fast.  One may need a stopwatch to even notice it is encrypted at all. 

I notice that one can use different encryption tools.  I have Blowfish, Twofish, AES and sha*** as well as many others.  I know some have been compromised.  Which ones are known to be secure?  I seem to recall that after Snowden some had to be redone and some new ones popped up to make sure they were secure.  Thoughts??

Dale

:-)  :-) 
--------------A672138295A0D72CBA754D11--