Encrypt but?

I managed to succesfully encrypt a partition which i use to hold sensitive data. Alright everything works fine BUT if something happens let’s say i will have to reinstall completely my system, will that mean i will lose that partition? Or are all the settings stored on the partition?

AFAIK, you would lose the partition.

Did you have to choose an encryption key or did just it encrypt the partition?

If you had to choose the encryption key you might be able to recover something from a re-install by using that key to access the data. If it was just with a random generated key - your “up the creek without a paddle”(out of luck) so to speak.

I encrypted the partition with the openSUSE installer. It can’t be that i would loose it!!

Unless it gave the key, or had you chose one, the encryption software will use a randomly generated key. This is stored on the hard drive, within the operating system somewhere. If you have to re-install, that key will more than likely be lost.

opensuse could store the key somewhere with the data, but that would not be very secure. The idea is that if someone stole your hard drive they could not access the data with that key. If the key was with data, that wouldn’t very safe.

Are You completely sure?? As i want to switch completely to encrypted partitions :slight_smile: Anyway, i’ll check it by trying to install with a Live CD and choosing that partition. It’s a copy of my unencrypted files anyway.

Read through this:
Disk encryption software - Wikipedia, the free encyclopedia

It doesn’t answer my question at all. What i want to know exactly is if YaST while installing will detect that there is an encrypted partition. I found in Novell documentation about creating but nothing says that YaST will detect it.

The important parts are:

Volumes, be they stored in a file or a device/partition, may intentionally not contain any discernible “signatures” or unencrypted headers. As cipher algorithms are designed to be indistinguishable from a pseudorandom permutation without knowing the key, the presence of data on the encrypted volume is also undetectable unless there are known weaknesses in the cipher.[2]](http://en.wikipedia.org/wiki/Disk_encryption_software#cite_note-1) This means that it is impossible to prove that any file or partition is an encrypted volume (rather than random data) without having the password to mount it. This characteristic also makes it impossible to determine if a volume contains another hidden volume.

The presence of data on the drive is supposed to be hidden. Therefore a re-install will not find any data on the drive. Unless there is a weakness in the cypher.

PS. That being said, there are programs that can try and crack the cyphers. Those usually run slow (a good cypher can take up to 300 years to decode!) and can be less than accurate.

Definitely not things that I would want to wait for. the best solution is to backup the data on the encrypted hard drive/partition. That way if the system dies, you can recover from your backup. That is sound with/without encryption, but the only way to recover with encryption.

Unfortunatelly, i reinstalled system just to check if it will find the partition. While installing it didn’t, but after installation i succesfully managed to recover that partition just by mounting it as encrypted and giving new passphrase!! Is it supposed to be like that??

I’m not sure what that means. Oh, well though.

It might just mean that the encryption that suse uses isn’t the greatest, or the encryption key is the same (all people with opensuse v 11 have the same key)?

If i will confirm that then there is no use in using encryption in openSUSE!