Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Encrypted Root File System, Swap, etc...
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... , 11, 12, 13  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
hulk2nd
Guru
Guru


Joined: 25 Mar 2003
Posts: 512
Location: Freiburg, Germany

PostPosted: Thu Nov 20, 2003 9:15 pm    Post subject: Reply with quote

ok, i've done it. at boot it asks for the password and then everything works well. i had to do some changes in the build-initrd.sh and the grub.conf, which were meant somewhere on the net.

but i have another question. how can my hdd really be save if everyone can boot a computer with a knoppix cd and my hdd installed, do the "losetup -e AES128 -T /dev/loop0 /dev/hda4" command and then can mount the encrypted(?) root filesystem and have completely r/w access on it???

greets,
hulk
Back to top
View user's profile Send private message
S_aIN_t
Guru
Guru


Joined: 11 May 2002
Posts: 488
Location: Ottawa

PostPosted: Thu Nov 20, 2003 10:29 pm    Post subject: Reply with quote

hulk2nd wrote:
ok, i've done it. at boot it asks for the password and then everything works well. i had to do some changes in the build-initrd.sh and the grub.conf, which were meant somewhere on the net.

but i have another question. how can my hdd really be save if everyone can boot a computer with a knoppix cd and my hdd installed, do the "losetup -e AES128 -T /dev/loop0 /dev/hda4" command and then can mount the encrypted(?) root filesystem and have completely r/w access on it???

greets,
hulk


wouldn't ask you for the password when you're doing that?
_________________
"That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com
Back to top
View user's profile Send private message
hulk2nd
Guru
Guru


Joined: 25 Mar 2003
Posts: 512
Location: Freiburg, Germany

PostPosted: Thu Nov 20, 2003 10:54 pm    Post subject: Reply with quote

not really, it does not ask to enter a special password, it always asks to SET a password.

greets,
hulk
Back to top
View user's profile Send private message
S_aIN_t
Guru
Guru


Joined: 11 May 2002
Posts: 488
Location: Ottawa

PostPosted: Fri Nov 21, 2003 3:23 am    Post subject: Reply with quote

well.. all i can say is that i lost my root partition.. which really sucks.
i am getting this now:
Code:
read_super_block: can't find reiserfs filesystem on (dev 03:03, block 64, size 1024)


this is bad.. i think i have to reformat and reinstall. :(
_________________
"That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com
Back to top
View user's profile Send private message
usingloser
Apprentice
Apprentice


Joined: 18 May 2003
Posts: 297
Location: ->Here<-

PostPosted: Fri Nov 21, 2003 6:51 am    Post subject: Reply with quote

Hulk, I just think it will report that the provided password can't read the superblock on the hard drive and fail. At the very least they wont be able to just choose a password and get to your filesystem and I don't think it will corrupt it.
_________________
gentoo 4tw
Back to top
View user's profile Send private message
hulk2nd
Guru
Guru


Joined: 25 Mar 2003
Posts: 512
Location: Freiburg, Germany

PostPosted: Fri Nov 21, 2003 12:57 pm    Post subject: Reply with quote

@S_aIN_t: DON'T DO THAT!!!!
i can help you out!!!!! Just msg if you didn't already reformatted.

@usingloser: ahh, i found out what it is. i can enter whatever password i want but only with the correct password i can mount the partition. ... i really could have come on this before ...

thanks for your help and greets,
hulk
Back to top
View user's profile Send private message
S_aIN_t
Guru
Guru


Joined: 11 May 2002
Posts: 488
Location: Ottawa

PostPosted: Fri Nov 21, 2003 5:16 pm    Post subject: Reply with quote

hulk2nd wrote:
@S_aIN_t: DON'T DO THAT!!!!
i can help you out!!!!! Just msg if you didn't already reformatted.

@usingloser: ahh, i found out what it is. i can enter whatever password i want but only with the correct password i can mount the partition. ... i really could have come on this before ...

thanks for your help and greets,
hulk


alright.. message sent. i haven't reformated and reinstalled yet.. i am completely tempted by freebsd 5.1. and it supports encryption of all partitions.
_________________
"That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Thu Dec 04, 2003 7:28 pm    Post subject: Reply with quote

Don't know if some can use this info but after loads of messing around my system is working fine with loop-AES.

One of my main problems was when a filesystem was badly unmounted.
Here's my smart way of mounting and checking all encrypted filesystems.

My init.d/loop-AES script

Code:

#!/sbin/runscript
 
 
depend() {
        need checkroot modules
        before localmount
        after checkroot
}
 
start() {
 
        ebegin "Setting up encryped loop devices"
 
        echo myPasswordGoesHere;) | losetup -p 0 -e AES256 /dev/loop4 /dev/hdb2 -C 100 -S mySeedGoesHere;)
        echo myPasswordGoesHere;) | losetup -p 0 -e AES256 /dev/loop3 /dev/hdb1 -C 100 -S mySeedGoesHere;)
 
        eend $? "Failed to start encrypted loop devices!"
}



Then to get rc to execute the mounting before the file system checks i found this solution.
In /etc/runlevels/boot create a file .critical this file is read by rc to allow you to add highly critical init.d scripts. BEWARE get this wrong and you'll need your knoppix-CD ;).

Here's my .critical

Code:

checkroot hostname modules loop-AES checkfs localmount


See how my loop-AES mounting is before checkfs.


Hope this helps some peeps.
Back to top
View user's profile Send private message
hulk2nd
Guru
Guru


Joined: 25 Mar 2003
Posts: 512
Location: Freiburg, Germany

PostPosted: Sun Dec 07, 2003 7:16 pm    Post subject: Reply with quote

anyone knows what to change to get this working with 2.6? couldnt get it working with the steps described here ...

greets,
hulk
Back to top
View user's profile Send private message
Q
Tux's lil' helper
Tux's lil' helper


Joined: 17 Apr 2002
Posts: 149
Location: Oxford, UK

PostPosted: Sun Dec 28, 2003 2:28 pm    Post subject: Reply with quote

Please could someone in the know update this for 2.6
Back to top
View user's profile Send private message
hulk2nd
Guru
Guru


Joined: 25 Mar 2003
Posts: 512
Location: Freiburg, Germany

PostPosted: Sun Dec 28, 2003 2:33 pm    Post subject: Reply with quote

http://forums.gentoo.org/viewtopic.php?t=108162&start=0

greets,
hulk
Back to top
View user's profile Send private message
alexander_g_1
n00b
n00b


Joined: 04 Dec 2003
Posts: 8

PostPosted: Wed Jan 07, 2004 3:10 pm    Post subject: Reply with quote

hi all,

what a lovely thread, thanx for this one!! :-)

my question for today is:

if i encrypt let's say f.e. /dev/hda und /dev/hdb (which is 200 gig altogether).....what would be the best method to do a full desaster recovery backup (encrypted) just in case one of the hdd's goes defect with the time ?

200 gig getting burned on 700 mb cd's would be to time consuming of course.

any ideas ?

Best Regards,

Alexander
Back to top
View user's profile Send private message
Paulten
Apprentice
Apprentice


Joined: 28 Mar 2003
Posts: 257
Location: Sykkylven, Norway

PostPosted: Sun Jan 25, 2004 1:48 pm    Post subject: Reply with quote

What is your experiance with benchmark / overhead for running a encrypted file system (reiserfs here)
I have a 160GB disc running with AES256, and when I burn a DVD from it, loop takes about 40-50% cpu :(
Which makes my DVD burner only burn 3.2x of 4x.
The disk is almost full. (5gb) free, could this affect the preformance?
Can I gain speed using like blowfish32? (probably, how much ?:p )

Thanks.
_________________
Homepage : http://paul.kde.no Jabber ID : tenfjord@jabber.org
"Dei levde som dyr. Dei verken røykte eller drakk" -Ukjent
Back to top
View user's profile Send private message
hulk2nd
Guru
Guru


Joined: 25 Mar 2003
Posts: 512
Location: Freiburg, Germany

PostPosted: Wed Jan 28, 2004 3:50 am    Post subject: Reply with quote

i would have used 128 instead of 256 cause 128 is not hackable with bruteforce so 256 is not safer. and it takes much more performance compared to 128.

greets,
hulk
_________________
Linux: "Free as in free speech, not as in free beer"
Back to top
View user's profile Send private message
Paulten
Apprentice
Apprentice


Joined: 28 Mar 2003
Posts: 257
Location: Sykkylven, Norway

PostPosted: Wed Jan 28, 2004 11:47 am    Post subject: Reply with quote

256 is hackable with bruteforce, but not 128? Sound strange..
Where did you read about this? Have any good links?
What about blowfish32? Thanks
_________________
Homepage : http://paul.kde.no Jabber ID : tenfjord@jabber.org
"Dei levde som dyr. Dei verken røykte eller drakk" -Ukjent
Back to top
View user's profile Send private message
tageiru
n00b
n00b


Joined: 26 Oct 2002
Posts: 46

PostPosted: Wed Jan 28, 2004 5:21 pm    Post subject: Reply with quote

Paulten wrote:
256 is hackable with bruteforce, but not 128? Sound strange..
Where did you read about this? Have any good links?
What about blowfish32? Thanks


No. he said that if 128 is not hackable with bruteforce why use 256 when it sucks more cpu.
Back to top
View user's profile Send private message
io-
n00b
n00b


Joined: 17 Dec 2003
Posts: 29
Location: Arizona

PostPosted: Wed Mar 03, 2004 9:19 pm    Post subject: Reply with quote

anyone have any ideas on setting 1 password to gain access, 1 password that when given wipes the drive as quickly and effectively as possible, and all other attempts at the password just fail as normal?
Back to top
View user's profile Send private message
daemonb
Apprentice
Apprentice


Joined: 24 Jul 2002
Posts: 242

PostPosted: Wed Mar 10, 2004 1:25 pm    Post subject: Reply with quote

At shutdown, every time I get the following error:

Remounting remaining filesystems readonly (FAILED)

Give root password for maintenance
(or type Control-d for normal startup):

Can anybody help me?

Thanks

Dom
Back to top
View user's profile Send private message
Lord Tocharian
Tux's lil' helper
Tux's lil' helper


Joined: 11 Mar 2003
Posts: 75

PostPosted: Wed Mar 10, 2004 4:05 pm    Post subject: Reply with quote

Dom,

I had that problem for a long time. I believe it is a problem with the Gentoo halt script. However, the other day it stopped on my ~x86 machine. I believe it was after I updated to the latest masked baselayout.
Back to top
View user's profile Send private message
wisdom
Tux's lil' helper
Tux's lil' helper


Joined: 26 May 2002
Posts: 101
Location: sweden

PostPosted: Wed Mar 10, 2004 5:55 pm    Post subject: Reply with quote

I doesnt have any loop.o in my /lib/....
where to get it?
Back to top
View user's profile Send private message
daemonb
Apprentice
Apprentice


Joined: 24 Jul 2002
Posts: 242

PostPosted: Fri Mar 12, 2004 7:43 am    Post subject: Reply with quote

emerge the latest baselayout (1.8.6.8-r1) didn't solve my problem.....

Any tips?

mount shows me this:

/dev/loop/5 on / type xfs (rw,noatime)
none on /initrd/dev type devfs (rw)
/dev/loop/5 on / type xfs (rw,noatime)
none on /dev type devfs (rw)
none on /proc type proc (rw)
none on /dev/shm type tmpfs (rw)

Is it normal, that loop ist mounted 2times?
Is this the f. problem?

thanks

Dom
Back to top
View user's profile Send private message
MrPrez
n00b
n00b


Joined: 02 Sep 2003
Posts: 67

PostPosted: Tue Apr 13, 2004 9:40 pm    Post subject: Reply with quote

daemonb wrote:
emerge the latest baselayout (1.8.6.8-r1) didn't solve my problem.....

Any tips?

mount shows me this:

/dev/loop/5 on / type xfs (rw,noatime)
none on /initrd/dev type devfs (rw)
/dev/loop/5 on / type xfs (rw,noatime)
none on /dev type devfs (rw)
none on /proc type proc (rw)
none on /dev/shm type tmpfs (rw)

Is it normal, that loop ist mounted 2times?
Is this the f. problem?


same problem :(
Back to top
View user's profile Send private message
Jayh
n00b
n00b


Joined: 07 May 2004
Posts: 4

PostPosted: Tue May 11, 2004 8:52 pm    Post subject: Reply with quote

Hi Guys,

I've read the loop-aes.README and this thread but I can't find any information about the following problem:

If I encrypted my disk using the dd=if/dev/blabla of=/dev/loopX using losetup, drive is encrypted and only with the password from the losetup, you can decrypt the harddisk.

But what if I create a new losetup password using a different loop device and I would rerun the dd command to encrypt the same hd again, would it be possible to see the information already stored on there encrypted by my previous password or is the data again re-encrypted with another ciphers?

I assume that the data is encrypted using ciphers from the old losetup password and when I re-encrypt the partition, the data would simply be gone because the data ciphers don't match.

Am I correct or is it possible to re-encrypt the data and see all the files on it? If it is possible to see the files, what's the use of encrypting it?

Greets,

Jayh
Back to top
View user's profile Send private message
ultraViolet
Apprentice
Apprentice


Joined: 03 Apr 2004
Posts: 280
Location: Lyon, France

PostPosted: Sat Jun 26, 2004 2:40 pm    Post subject: Reply with quote

daemonb wrote:
At shutdown, every time I get the following error:

Remounting remaining filesystems readonly (FAILED)

Give root password for maintenance
(or type Control-d for normal startup):

Can anybody help me?

Thanks

Dom


You probably need to modify fstab, the last number of the entry for your encrypted partition should be 0 (to tell the system to not check your partition)
Back to top
View user's profile Send private message
ultraViolet
Apprentice
Apprentice


Joined: 03 Apr 2004
Posts: 280
Location: Lyon, France

PostPosted: Sat Jun 26, 2004 2:54 pm    Post subject: Reply with quote

Hi,
I've got another problem.

I am encrypting a partition (not boot).

Here is my fstab entry :
/dev/hda7 /home/curvedtarantula/share/arachne ext2 defaults,loop=/dev/loop0,encryption=twofish-128 0 0

All works fine when I mount it with a terminal, when my system is running, using "mount /home/curvedtarantula/share/arachne" .
But at boot time, the system prompt me for the password. When I give it, it writes the same error message I would get if the password was false. (Wrong fs type...blahblah)

I don't unterstand since the mount command is refering to fstab too...

Since I'm french, and using an azerty keyboard, I have tried to type it in qwerty (because the system load the keymaps later), and it hasn"t work much.

Could anybody help me please ?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... , 11, 12, 13  Next
Page 12 of 13

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum