View previous topic :: View next topic |
Author |
Message |
hulk2nd Guru
Joined: 25 Mar 2003 Posts: 512 Location: Freiburg, Germany
|
Posted: Thu Nov 20, 2003 9:15 pm Post subject: |
|
|
ok, i've done it. at boot it asks for the password and then everything works well. i had to do some changes in the build-initrd.sh and the grub.conf, which were meant somewhere on the net.
but i have another question. how can my hdd really be save if everyone can boot a computer with a knoppix cd and my hdd installed, do the "losetup -e AES128 -T /dev/loop0 /dev/hda4" command and then can mount the encrypted(?) root filesystem and have completely r/w access on it???
greets,
hulk |
|
Back to top |
|
|
S_aIN_t Guru
Joined: 11 May 2002 Posts: 488 Location: Ottawa
|
Posted: Thu Nov 20, 2003 10:29 pm Post subject: |
|
|
hulk2nd wrote: | ok, i've done it. at boot it asks for the password and then everything works well. i had to do some changes in the build-initrd.sh and the grub.conf, which were meant somewhere on the net.
but i have another question. how can my hdd really be save if everyone can boot a computer with a knoppix cd and my hdd installed, do the "losetup -e AES128 -T /dev/loop0 /dev/hda4" command and then can mount the encrypted(?) root filesystem and have completely r/w access on it???
greets,
hulk |
wouldn't ask you for the password when you're doing that? _________________ "That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com |
|
Back to top |
|
|
hulk2nd Guru
Joined: 25 Mar 2003 Posts: 512 Location: Freiburg, Germany
|
Posted: Thu Nov 20, 2003 10:54 pm Post subject: |
|
|
not really, it does not ask to enter a special password, it always asks to SET a password.
greets,
hulk |
|
Back to top |
|
|
S_aIN_t Guru
Joined: 11 May 2002 Posts: 488 Location: Ottawa
|
Posted: Fri Nov 21, 2003 3:23 am Post subject: |
|
|
well.. all i can say is that i lost my root partition.. which really sucks.
i am getting this now:
Code: | read_super_block: can't find reiserfs filesystem on (dev 03:03, block 64, size 1024) |
this is bad.. i think i have to reformat and reinstall. _________________ "That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com |
|
Back to top |
|
|
usingloser Apprentice
Joined: 18 May 2003 Posts: 297 Location: ->Here<-
|
Posted: Fri Nov 21, 2003 6:51 am Post subject: |
|
|
Hulk, I just think it will report that the provided password can't read the superblock on the hard drive and fail. At the very least they wont be able to just choose a password and get to your filesystem and I don't think it will corrupt it. _________________ gentoo 4tw |
|
Back to top |
|
|
hulk2nd Guru
Joined: 25 Mar 2003 Posts: 512 Location: Freiburg, Germany
|
Posted: Fri Nov 21, 2003 12:57 pm Post subject: |
|
|
@S_aIN_t: DON'T DO THAT!!!!
i can help you out!!!!! Just msg if you didn't already reformatted.
@usingloser: ahh, i found out what it is. i can enter whatever password i want but only with the correct password i can mount the partition. ... i really could have come on this before ...
thanks for your help and greets,
hulk |
|
Back to top |
|
|
S_aIN_t Guru
Joined: 11 May 2002 Posts: 488 Location: Ottawa
|
Posted: Fri Nov 21, 2003 5:16 pm Post subject: |
|
|
hulk2nd wrote: | @S_aIN_t: DON'T DO THAT!!!!
i can help you out!!!!! Just msg if you didn't already reformatted.
@usingloser: ahh, i found out what it is. i can enter whatever password i want but only with the correct password i can mount the partition. ... i really could have come on this before ...
thanks for your help and greets,
hulk |
alright.. message sent. i haven't reformated and reinstalled yet.. i am completely tempted by freebsd 5.1. and it supports encryption of all partitions. _________________ "That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com |
|
Back to top |
|
|
Wilhelm Tux's lil' helper
Joined: 27 May 2003 Posts: 149
|
Posted: Thu Dec 04, 2003 7:28 pm Post subject: |
|
|
Don't know if some can use this info but after loads of messing around my system is working fine with loop-AES.
One of my main problems was when a filesystem was badly unmounted.
Here's my smart way of mounting and checking all encrypted filesystems.
My init.d/loop-AES script
Code: |
#!/sbin/runscript
depend() {
need checkroot modules
before localmount
after checkroot
}
start() {
ebegin "Setting up encryped loop devices"
echo myPasswordGoesHere;) | losetup -p 0 -e AES256 /dev/loop4 /dev/hdb2 -C 100 -S mySeedGoesHere;)
echo myPasswordGoesHere;) | losetup -p 0 -e AES256 /dev/loop3 /dev/hdb1 -C 100 -S mySeedGoesHere;)
eend $? "Failed to start encrypted loop devices!"
}
|
Then to get rc to execute the mounting before the file system checks i found this solution.
In /etc/runlevels/boot create a file .critical this file is read by rc to allow you to add highly critical init.d scripts. BEWARE get this wrong and you'll need your knoppix-CD .
Here's my .critical
Code: |
checkroot hostname modules loop-AES checkfs localmount
|
See how my loop-AES mounting is before checkfs.
Hope this helps some peeps. |
|
Back to top |
|
|
hulk2nd Guru
Joined: 25 Mar 2003 Posts: 512 Location: Freiburg, Germany
|
Posted: Sun Dec 07, 2003 7:16 pm Post subject: |
|
|
anyone knows what to change to get this working with 2.6? couldnt get it working with the steps described here ...
greets,
hulk |
|
Back to top |
|
|
Q Tux's lil' helper
Joined: 17 Apr 2002 Posts: 149 Location: Oxford, UK
|
Posted: Sun Dec 28, 2003 2:28 pm Post subject: |
|
|
Please could someone in the know update this for 2.6 |
|
Back to top |
|
|
hulk2nd Guru
Joined: 25 Mar 2003 Posts: 512 Location: Freiburg, Germany
|
|
Back to top |
|
|
alexander_g_1 n00b
Joined: 04 Dec 2003 Posts: 8
|
Posted: Wed Jan 07, 2004 3:10 pm Post subject: |
|
|
hi all,
what a lovely thread, thanx for this one!!
my question for today is:
if i encrypt let's say f.e. /dev/hda und /dev/hdb (which is 200 gig altogether).....what would be the best method to do a full desaster recovery backup (encrypted) just in case one of the hdd's goes defect with the time ?
200 gig getting burned on 700 mb cd's would be to time consuming of course.
any ideas ?
Best Regards,
Alexander |
|
Back to top |
|
|
Paulten Apprentice
Joined: 28 Mar 2003 Posts: 257 Location: Sykkylven, Norway
|
Posted: Sun Jan 25, 2004 1:48 pm Post subject: |
|
|
What is your experiance with benchmark / overhead for running a encrypted file system (reiserfs here)
I have a 160GB disc running with AES256, and when I burn a DVD from it, loop takes about 40-50% cpu
Which makes my DVD burner only burn 3.2x of 4x.
The disk is almost full. (5gb) free, could this affect the preformance?
Can I gain speed using like blowfish32? (probably, how much ?:p )
Thanks. _________________ Homepage : http://paul.kde.no Jabber ID : tenfjord@jabber.org
"Dei levde som dyr. Dei verken røykte eller drakk" -Ukjent |
|
Back to top |
|
|
hulk2nd Guru
Joined: 25 Mar 2003 Posts: 512 Location: Freiburg, Germany
|
Posted: Wed Jan 28, 2004 3:50 am Post subject: |
|
|
i would have used 128 instead of 256 cause 128 is not hackable with bruteforce so 256 is not safer. and it takes much more performance compared to 128.
greets,
hulk _________________ Linux: "Free as in free speech, not as in free beer" |
|
Back to top |
|
|
Paulten Apprentice
Joined: 28 Mar 2003 Posts: 257 Location: Sykkylven, Norway
|
Posted: Wed Jan 28, 2004 11:47 am Post subject: |
|
|
256 is hackable with bruteforce, but not 128? Sound strange..
Where did you read about this? Have any good links?
What about blowfish32? Thanks _________________ Homepage : http://paul.kde.no Jabber ID : tenfjord@jabber.org
"Dei levde som dyr. Dei verken røykte eller drakk" -Ukjent |
|
Back to top |
|
|
tageiru n00b
Joined: 26 Oct 2002 Posts: 46
|
Posted: Wed Jan 28, 2004 5:21 pm Post subject: |
|
|
Paulten wrote: | 256 is hackable with bruteforce, but not 128? Sound strange..
Where did you read about this? Have any good links?
What about blowfish32? Thanks |
No. he said that if 128 is not hackable with bruteforce why use 256 when it sucks more cpu. |
|
Back to top |
|
|
io- n00b
Joined: 17 Dec 2003 Posts: 29 Location: Arizona
|
Posted: Wed Mar 03, 2004 9:19 pm Post subject: |
|
|
anyone have any ideas on setting 1 password to gain access, 1 password that when given wipes the drive as quickly and effectively as possible, and all other attempts at the password just fail as normal? |
|
Back to top |
|
|
daemonb Apprentice
Joined: 24 Jul 2002 Posts: 242
|
Posted: Wed Mar 10, 2004 1:25 pm Post subject: |
|
|
At shutdown, every time I get the following error:
Remounting remaining filesystems readonly (FAILED)
Give root password for maintenance
(or type Control-d for normal startup):
Can anybody help me?
Thanks
Dom |
|
Back to top |
|
|
Lord Tocharian Tux's lil' helper
Joined: 11 Mar 2003 Posts: 75
|
Posted: Wed Mar 10, 2004 4:05 pm Post subject: |
|
|
Dom,
I had that problem for a long time. I believe it is a problem with the Gentoo halt script. However, the other day it stopped on my ~x86 machine. I believe it was after I updated to the latest masked baselayout. |
|
Back to top |
|
|
wisdom Tux's lil' helper
Joined: 26 May 2002 Posts: 101 Location: sweden
|
Posted: Wed Mar 10, 2004 5:55 pm Post subject: |
|
|
I doesnt have any loop.o in my /lib/....
where to get it? |
|
Back to top |
|
|
daemonb Apprentice
Joined: 24 Jul 2002 Posts: 242
|
Posted: Fri Mar 12, 2004 7:43 am Post subject: |
|
|
emerge the latest baselayout (1.8.6.8-r1) didn't solve my problem.....
Any tips?
mount shows me this:
/dev/loop/5 on / type xfs (rw,noatime)
none on /initrd/dev type devfs (rw)
/dev/loop/5 on / type xfs (rw,noatime)
none on /dev type devfs (rw)
none on /proc type proc (rw)
none on /dev/shm type tmpfs (rw)
Is it normal, that loop ist mounted 2times?
Is this the f. problem?
thanks
Dom |
|
Back to top |
|
|
MrPrez n00b
Joined: 02 Sep 2003 Posts: 67
|
Posted: Tue Apr 13, 2004 9:40 pm Post subject: |
|
|
daemonb wrote: | emerge the latest baselayout (1.8.6.8-r1) didn't solve my problem.....
Any tips?
mount shows me this:
/dev/loop/5 on / type xfs (rw,noatime)
none on /initrd/dev type devfs (rw)
/dev/loop/5 on / type xfs (rw,noatime)
none on /dev type devfs (rw)
none on /proc type proc (rw)
none on /dev/shm type tmpfs (rw)
Is it normal, that loop ist mounted 2times?
Is this the f. problem?
|
same problem |
|
Back to top |
|
|
Jayh n00b
Joined: 07 May 2004 Posts: 4
|
Posted: Tue May 11, 2004 8:52 pm Post subject: |
|
|
Hi Guys,
I've read the loop-aes.README and this thread but I can't find any information about the following problem:
If I encrypted my disk using the dd=if/dev/blabla of=/dev/loopX using losetup, drive is encrypted and only with the password from the losetup, you can decrypt the harddisk.
But what if I create a new losetup password using a different loop device and I would rerun the dd command to encrypt the same hd again, would it be possible to see the information already stored on there encrypted by my previous password or is the data again re-encrypted with another ciphers?
I assume that the data is encrypted using ciphers from the old losetup password and when I re-encrypt the partition, the data would simply be gone because the data ciphers don't match.
Am I correct or is it possible to re-encrypt the data and see all the files on it? If it is possible to see the files, what's the use of encrypting it?
Greets,
Jayh |
|
Back to top |
|
|
ultraViolet Apprentice
Joined: 03 Apr 2004 Posts: 280 Location: Lyon, France
|
Posted: Sat Jun 26, 2004 2:40 pm Post subject: |
|
|
daemonb wrote: | At shutdown, every time I get the following error:
Remounting remaining filesystems readonly (FAILED)
Give root password for maintenance
(or type Control-d for normal startup):
Can anybody help me?
Thanks
Dom |
You probably need to modify fstab, the last number of the entry for your encrypted partition should be 0 (to tell the system to not check your partition) |
|
Back to top |
|
|
ultraViolet Apprentice
Joined: 03 Apr 2004 Posts: 280 Location: Lyon, France
|
Posted: Sat Jun 26, 2004 2:54 pm Post subject: |
|
|
Hi,
I've got another problem.
I am encrypting a partition (not boot).
Here is my fstab entry :
/dev/hda7 /home/curvedtarantula/share/arachne ext2 defaults,loop=/dev/loop0,encryption=twofish-128 0 0
All works fine when I mount it with a terminal, when my system is running, using "mount /home/curvedtarantula/share/arachne" .
But at boot time, the system prompt me for the password. When I give it, it writes the same error message I would get if the password was false. (Wrong fs type...blahblah)
I don't unterstand since the mount command is refering to fstab too...
Since I'm french, and using an azerty keyboard, I have tried to type it in qwerty (because the system load the keymaps later), and it hasn"t work much.
Could anybody help me please ? |
|
Back to top |
|
|
|