Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: TrueCrypt Help - Multiple Partitions

  1. #1
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default TrueCrypt Help - Multiple Partitions

    Hi there.

    I'm planning on encrypting my system with TrueCrypt, I'll have multiple partitions. The scheme will be:

    * 1GB for /boot (Unencrypted)
    * 60GB for "/". This partition will have password A.
    * 8GB for "/swap". This partition will have password B.
    * The rest (about 852GB) for /home, this partition will have password C.

    I couldn't find any conclusive help on the web so I'm counting with people who already did it on opensuse or any other Linux distro.

    I plan to mount ALL partitions before boot, kind of like the same way when you encrypt partitions using the default encryption tool, but I don't want to use that.

    Regards.
    openSUSE 13.1

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: TrueCrypt Help - Multiple Partitions

    On 2013-08-09 15:06, amarildojr wrote:

    > I plan to mount ALL partitions before boot, kind of like the same way
    > when you encrypt partitions using the default encryption tool, but I
    > don't want to use that.


    No, partitions are always mounted after boot.

    Early, but after the kernel has control (thus booted), and it runs
    scripts located in initrd.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

  3. #3
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: TrueCrypt Help - Multiple Partitions

    Quote Originally Posted by robin_listas View Post
    On 2013-08-09 15:06, amarildojr wrote:

    > I plan to mount ALL partitions before boot, kind of like the same way
    > when you encrypt partitions using the default encryption tool, but I
    > don't want to use that.


    No, partitions are always mounted after boot.

    Early, but after the kernel has control (thus booted), and it runs
    scripts located in initrd.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)
    So there is a way of mounting all partitions with no problems at all (with TC)? All I want is to be able to mount them with no problems (/home, /swap etc)
    openSUSE 13.1

  4. #4
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: TrueCrypt Help - Multiple Partitions

    On 2013-08-09 16:36, amarildojr wrote:

    > So there is a way of mounting all partitions with no problems at all
    > (with TC)? All I want is to be able to mount them with no problems
    > (/home, /swap etc)


    I have never used TC.

    I have a virtual machine where I'm attempting to setup encryption of
    root without using an LVM, but so far I'm stuck. Too much food in my
    plate, meaning too many things to do.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

  5. #5
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,071

    Default Re: TrueCrypt Help - Multiple Partitions

    On Fri, 09 Aug 2013 13:06:01 +0000, amarildojr wrote:

    > I plan to mount ALL partitions before boot


    You probably won't be able to do that, based on my experiences.

    I attempted to add truecrypt (even a custom build with most of the
    libraries statically linked) to initrd, and it just wouldn't go.

    You have to make the binary and several libraries available ahead of
    startup, and the list just gets too long and complex. I did a custom
    build of truecrypt to get rid of the GUI, and still found I had to link
    in things like (IIRC) QT, which surprised me.

    This is one thing I wish the Truecrypt folks would address - they do full
    system encryption for Windows but not Linux, and they say they won't do
    it because they can't provide full plausible deniability with Linux.

    But not all of us need plausible deniability like that - we just want a
    fully encrypted system.

    Dare I ask why you don't want to use the built-in encryption
    functionality?

    Jim

    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  6. #6
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: TrueCrypt Help - Multiple Partitions

    I have to admit that plausible deniability is a "must" on my concepts. I don't think they need to limit themselves on "if we can't implement that feature than we won't implement almost the whole thing". If they can implement System encryption then they should do it.

    Dare I ask why you don't want to use the built-in encryption
    functionality?
    I'm doing extensive readings on that today. I'm looking for cryptanalisys of it, breaches, vulnerabilities etc.
    The main reason is the fact that I can't chose the algorithm upon install. If I'm able to customize my encryption settings, even if after install, then I sure will use it. Also, I'm willing to learn about which places can contain data, like /tmp, /var, /swap and so on and if I'm able to encrypt those places.

    For all I'm seeing there are few alternatives to TrueCrypt. If I stumble upon one I shall report how it went (the encryption process) with a tutorial as well.
    openSUSE 13.1

  7. #7
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,071

    Default Re: TrueCrypt Help - Multiple Partitions

    On Fri, 09 Aug 2013 19:56:01 +0000, amarildojr wrote:

    > I have to admit that plausible deniability is a "must" on my concepts. I
    > don't think they need to limit themselves on "if we can't implement that
    > feature than we won't implement almost the whole thing".


    See, I'm not doing anything that requires deniability - I just want to
    make sure the data is completely unrecoverable in the event of a head
    crash (having lost a drive to a head crash and not being able to
    selectively delete stuff like old tax returns after recovering them was a
    problem for me - but the drive was under warranty so I was able to
    exchange it for a new one, which ruled out destruction for me).

    >> Dare I ask why you don't want to use the built-in encryption
    >> functionality?

    >
    > I'm doing extensive readings on that today. I'm looking for
    > cryptanalisys of it, breaches, vulnerabilities etc.


    Makes sense. I don't think I've heard of any vulnerabilities, but having
    flexibility in choosing the encryption algorithm is useful, I'll agree.

    > The main reason is the fact that I can't chose the algorithm upon
    > install. If I'm able to customize my encryption settings, even if after
    > install, then I sure will use it. Also, I'm willing to learn about which
    > places can contain data, like /tmp, /var, /swap and so on.
    >
    > For all I'm seeing there are few alternatives to TrueCrypt. If I stumble
    > upon one I shall report how it went (the encryption process) with a
    > tutorial as well.


    Yeah, TrueCrypt does provide a lot of flexibility. I use my external
    drive as a mounted data store after the system is up and running, so I
    just manually mount it (the system stays on all the time anyways). I did
    play with doing a bootable USB flash drive that could be used to boot,
    but that's where I ran into problems - even at installation - with
    getting the installer to recognize the mounted-but-unformatted encrypted
    drive.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  8. #8
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: TrueCrypt Help - Multiple Partitions

    Hmm
    I had it yesterday, a replacement for TrueCrypt, from Bruce Schneier's site. Now I have to find a way to encrypt "/" without using LVM, or at least learn how to re-install the system (with LVM) without losing my /home folder.
    openSUSE 13.1

  9. #9

    Default Re: TrueCrypt Help - Multiple Partitions

    Quote Originally Posted by amarildojr View Post
    Hmm
    I had it yesterday, a replacement for TrueCrypt, from Bruce Schneier's site. Now I have to find a way to encrypt "/" without using LVM, or at least learn how to re-install the system (with LVM) without losing my /home folder.
    Did you find an alternative to TruCrypt on Schneier's site you decided to try? If so what was it?

    If you would like to use LUKS, cryptsetup --help shows the compiled in ciphers available, with aes-cbc-essiv:sha256 the default I believe.

  10. #10
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: TrueCrypt Help - Multiple Partitions

    On 2013-08-10 14:36, amarildojr wrote:
    >
    > Hmm
    > I had it yesterday, a replacement for TrueCrypt, from Bruce Schneier's
    > site. Now I have to find a way to encrypt "/" without using LVM, or at
    > least learn how to re-install the system (with LVM) without losing my
    > /home folder.


    You could consider entering a feature in openFATE requesting root
    encryption without LVM. Have a look at
    Support installation with
    encrypted root file system
    , the last comment.

    Apparently other distributions can do it.

    The way to reinstall is, well, backup and reinstall.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •