Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Encrypting external hard drive partition.

  1. #1
    keyb user NNTP User

    Default Encrypting external hard drive partition.


    Hi,

    I have an external USB hard drive that I would like to use as a
    backup.
    My "old" Maxtor usb/firewire is very fast and usefull, but it is not
    encrypted.

    My idea is to use the dm-crypt and cryptsetup/Luks and make a ext3
    partition mount only with password.
    This would be suficient for protecting data.

    Does anyone tried this before?
    How is the beahviour of the USB drive when mounting after the
    encryption process. Does it automount and asks for the password?
    Or it as to be done manually with luksOpen ?

    Regards,
    Pedro


    --
    keyb_user
    ------------------------------------------------------------------------
    keyb_user's Profile: http://forums.opensuse.org/member.php?userid=1234
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  2. #2
    BenderBendingRodriguez NNTP User

    Default Re: Encrypting external hard drive partition.


    I am running two encrypted disks but internal. The idea would be to make
    that disk identified by its UUID. Also if i'm not wrong if You remove
    the disk (after mounting it etc.) and try to boot without it then You'll
    encounter problems. I may be wrong but it will be asking You for the
    passphrase and You'll have three options:
    1) Forget it immediately
    2)Remember until logout
    3) Remember indefinitely (it's kinda stupid as You want it to be secure
    right?)


    --
    If builders built homes the same way programmers make applications then
    one woodpecker would destroy whole civilization.
    ------------------------------------------------------------------------
    BenderBendingRodriguez's Profile: http://forums.opensuse.org/member.php?userid=1731
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  3. #3
    keyb user NNTP User

    Default Re: Encrypting external hard drive partition.


    Hi,

    I do not want an encrypted disk.
    I want just an encrypted partition ...

    BenderBendingRodriguez;1929924 Wrote:
    > I am running two encrypted disks but internal. The idea would be to make
    > that disk identified by its UUID.
    >


    I also have my internal 500GB hard drive partitions encrypted.
    By the boot process is not configured to boot using UUID as mentioned
    in:

    'Encrypted Root File System - openSUSE'
    (http://en.opensuse.org/Encrypted_Roo...ith_SUSE_HOWTO)

    it is the normal device name.
    Mapper will also detect whatever is encrypted.
    But this is at boot time ...
    I was wondering what happens during usb connection ...

    >
    > Also if i'm not wrong if You remove the disk (after mounting it etc.)
    > and try to boot without it then You'll encounter problems.
    >


    Why?

    >
    > I may be wrong but it will be asking You for the passphrase and You'll
    > have three options:
    > 1) Forget it immediately
    > 2)Remember until logout
    > 3) Remember indefinitely (it's kinda stupid as You want it to be secure
    > right?)


    Option 3) is really a no go !


    My problem with the encrypted partitions is just the manual mount. It
    is not really a problem actually! But the convenience of mounting
    authomatically is precious.


    Regards,
    Pedro


    --
    keyb_user
    ------------------------------------------------------------------------
    keyb_user's Profile: http://forums.opensuse.org/member.php?userid=1234
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  4. #4
    BenderBendingRodriguez NNTP User

    Default Re: Encrypting external hard drive partition.


    Problem with booting is simple, etc/fstab is not correct to what is
    available.

    And by disks i naturally meant partitions since there is ALMOST no
    real difference


    --
    If builders built homes the same way programmers make applications then
    one woodpecker would destroy whole civilization.
    ------------------------------------------------------------------------
    BenderBendingRodriguez's Profile: http://forums.opensuse.org/member.php?userid=1731
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  5. #5
    keyb user NNTP User

    Default Re: Encrypting external hard drive partition.


    Hi,


    BenderBendingRodriguez;1929961 Wrote:
    > Problem with booting is simple, etc/fstab is not correct to what is
    > available.
    >


    Hummm ... you are right, that is indeed the case ...
    In my laptop I will put a /dev/mapper entry ... but the problem is
    still mounting the disk (luksOpen) ... I have a strong feeling this can
    only be mounted on the shell ...

    >
    > And by disks i naturally meant partitions since there is ALMOST no
    > real difference


    Indeed ... Why make things so complex

    Oh, googling around I found that the good Ubuntu folks have made some
    progress ...

    http://tinyurl.com/8wcraf

    Regards,
    Pedro


    --
    keyb_user
    ------------------------------------------------------------------------
    keyb_user's Profile: http://forums.opensuse.org/member.php?userid=1234
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  6. #6
    BenderBendingRodriguez NNTP User

    Default Re: Encrypting external hard drive partition.


    > but the problem is still mounting the disk (luksOpen) ... I have a
    > strong feeling this can only be mounted on the shell

    What do You mean by that? I'm using gnome and it automatically asks me
    if i want to mount it (after stting it up with dm-crypt etc.) set it up
    once and forget ??
    I was afraid on the beginning that if i have to reinstall the system
    then i will lose all the data (a guy convinced me pretty much about
    that).But now i know everything is stored on the encrypted disk I
    read a bit about how LUKS works so it's better now


    --
    If builders built homes the same way programmers make applications then
    one woodpecker would destroy whole civilization.
    ------------------------------------------------------------------------
    BenderBendingRodriguez's Profile: http://forums.opensuse.org/member.php?userid=1731
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  7. #7
    keyb user NNTP User

    Default Re: Encrypting external hard drive partition.


    Hi,


    BenderBendingRodriguez;1929986 Wrote:
    > What do You mean by that? I'm using gnome and it automatically asks me
    > if i want to mount it (after stting it up with dm-crypt etc.) set it up
    > once and forget ??


    Ok, I use KDE, I will check that stuff ..

    Meanwhile looking at the link:
    http://tinyurl.com/8wcraf

    There is a dmesg list that detects a 500GB hdd disk ... and the author
    refers TWO days encription, I hope it is a /dev/random process ... not
    the one I intent to use ...

    Also I have a 1TB external drive ....

    >
    > I was afraid on the beginning that if i have to reinstall the system
    > then i will lose all the data (a guy convinced me pretty much about
    > that).But now i know everything is stored on the encrypted disk I read
    > a bit about how LUKS works so it's better now


    Yeah ...
    I also had some problems with custom kernels compiled by me and the
    like ... and I never had a problem with luksFormat partitions ... even
    when I had to rebuild the /boot/grub/menu.lst with the correct kernel
    parameters...
    The data is there the partitions are there ... it is just a matter of
    correctly oppening the partitions.
    I fully trust this procedure ...

    Regards,
    Pedro


    --
    keyb_user
    ------------------------------------------------------------------------
    keyb_user's Profile: http://forums.opensuse.org/member.php?userid=1234
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  8. #8
    keyb user NNTP User

    Default Re: Encrypting external hard drive partition.


    Hi,

    Just finished dd if=/dev/urandom of=/dev/my_usb2.0_1TB_hdd and it took
    ...

    404207 s

    That is 4.67 days folks ...

    If someone tries this I recommend that it is better to use a PC that is
    available to remain always there for 5 days an always connected to the
    external disk as this is a very long process ...

    Regards,
    Pedro


    --
    keyb_user
    ------------------------------------------------------------------------
    keyb_user's Profile: http://forums.opensuse.org/member.php?userid=1234
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  9. #9
    G0NZ0 NNTP User

    Default Re: Encrypting external hard drive partition.


    4 days WOW!!! Incredible!!!!

    Does it work now? How is the performance?

    Also, it is not very clear to me why you should always boot with that
    device plugged. The encrypted drive should work at the same way on any
    computer, right? Any Opensuse (or possibly any Linux) should detect that
    it is an encrypted partition and ask for the password. Am i wrong on
    this? (i am not sure as i have never tried myself)
    If that is correct, then these computers might not have any fstab
    entry. So you could just remove the fstab entry on your machine and you
    would not need the device plugged at boot time.


    --
    * ~ There are 10 types of people. Those who understand binary, and
    those who don't. ~ *
    ------------------------------------------------------------------------
    G0NZ0's Profile: http://forums.opensuse.org/member.php?userid=74
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


  10. #10
    keyb user NNTP User

    Default Re: Encrypting external hard drive partition.


    Hi,

    Sorry for the late reply.

    G0NZ0;1933170 Wrote:
    > 4 days WOW!!! Incredible!!!!
    >


    I think that is CPU time ... it took about 5 days actually . It
    finished during night time I can't be precise about the actual time it
    took ...

    >
    >
    > Does it work now? How is the performance?
    >



    Oh Yes! it Runs perfectly !
    And it mounts very well, in KDE simply plug the usb cable and a pop-up
    asks for the password ... and then it gets mounted!
    Simple. (the mount dir still need a chmod a+wr has it mounts as root wr
    only ... I will change this ... )

    About performance: I did not yet run any of those performance utility
    commands just to check the actual specs.
    What I can say right now is that I am moving some DVD's (4.4GB/each)
    from internal hdd to the backup and I get speeds of up to 35MB/s ...
    ususally it is like 20-25MB/s, but this is very much dependent on the
    file size ... It gets to the 35MB/s .. I think this is the hdd max
    transfer limit for SATA2 5400rpm (not sure).

    I am also not sure if this is a performance problem, the disk I use is
    a Western Digital My Book, (essential edition)
    I think this device uses a Westen Digital Green disk ... it also does
    not mention any speed specifications.
    So quite frankly I really do not know about that specific issue.


    Also, it is not very clear to me why you should always boot with that
    device plugged. The encrypted drive should work at the same way on any
    computer, right? Any Opensuse (or possibly any Linux) should detect that
    it is an encrypted partition and ask for the password. Am i wrong on this?
    (i am not sure as i have never tried myself)
    If that is correct, then these computers might not have any fstab entry.
    So you could just remove the fstab entry on your machine and you would not
    need the device plugged at boot time.

    Humm ... Right ... well I never mentioned the "boot with" the device
    connected.
    That is not necessary ... My issue was simply around the fact that the
    automount process could possibly not kow what to do with a disk whose
    partition is encrypted.
    But that is indeed not the case.
    Like you mention, it Should run and be autodetected in Any Linux that
    contains the Luks tools and apropriate encryption modules (Sha and the like,
    all current Linux distros have no problem with this).
    The problem with fstab was that one ...

    But has I can assure: I just made a dd comand and then encrypted the
    partitions and thats it!
    Under kde 3.5 and kde 4 OpenSuSE 11.1 64 bits ... it simply just works

    The encryption process was simple: I just used the following commands:

    First:

    - fdisk /dev/sdb ... clear all partitions: with d option, then w option.
    Exit fdisk

    write random data to the disk:

    - dd if=/dev/urandom of=/dev/sdb (folks /dev/random takes _Even_ longer
    then urandom ... )

    this takes the 4.67 days +

    When finished create a Linux partition:

    - fdisk /dev/sdb

    created a primary partition, option n, then write, option w.

    Then :

    - cryptsetup -v --key-size 256 luksFormat /dev/sdb1


    Then:

    - cryptsetup luksOpen /dev/sdb1 securitybackup

    Then Format the new partitions:
    I used this advices from the Ubuntu link (for large disks):

    - mkfs -t ext3 -m 1 -O dir_index,filetype,sparse_super
    /dev/mapper/securitybackup


    Thats it!


    Regards,
    Pedro


    --
    keyb_user
    ------------------------------------------------------------------------
    keyb_user's Profile: http://forums.opensuse.org/member.php?userid=1234
    View this thread: http://forums.opensuse.org/showthread.php?t=405406


Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •