Full encrypted system (expected /boot)with the best possible algorithm and key lenght (maybe a ciphe

I say hello to the openSUSE community!

I am sorry for such complicated questions from my side at the beginning, but I want
to set up a new system with openSUSE 11.3

The system should be fully encrypted. I want to use the best possible encryption.
1 I am not sure, AES 256 xts-plain is the most secure single algorithm, isn’t it?

2 Is it possible to use a cipher?

3 Which algorithm does the yast-installer use when I encrypt the whole system with a logical volume group?

I have read this two articles:
a) Encrypted Root File System - openSUSE
b) openSUSE Lizards » encrypted root file system on LVM

But I have to say that these routines are a little bit complicated in my eyes.
Isn´t there a easier way to encrypt the whole OS?
I know there is a 64bit live cd available.

4 So the first description (a) is obsolete?

5 How can I set up a (fully encrypted) system without using LVM?

The hard disk layout should be done in this way:

/boot sda1
/enhanced partition sda2
/swap sda5
/var sda6
/tmp sda7
/root sda8
/home sda9

I hope /swap /var and /tmp are the only directories where temporary files are stored that disturb the security (when you only encrypt the home directory).

6 Or are there other directories where temporary Data is stored?

I hope this Post includes all my questions. Maybe there will be some more later…

Again, I am sorry for so much questions!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  1. It’s a good one; stronger than you can break in your lifetime.

  2. This seems redundant; what do you mean exactly?

  3. Not sure. I followed the second link you posted (tinyurl) when I set
    mine up; it’s been great since.

  4. I think so. The option is there now within the installer, I believe
    as of 11.2.

  5. I’m not sure; is there a reason you’d want to?

  6. There could be other places I suppose, but you’re encrypting
    everything except /boot so it shouldn’t really matter since that is
    everything in which you could possibly have sensitive data (except for a
    Grub password I suppose).

Good luck.

On 08/18/2010 05:36 AM, purple light wrote:
>
> I say hello to the openSUSE community!
>
> I am sorry for such complicated questions from my side at the
> beginning, but I want
> to set up a new system with openSUSE 11.3
>
> The system should be fully encrypted. I want to use the best possible
> encryption.
> 1 I am not sure, AES 256 xts-plain is the most secure single algorithm,
> isn’t it?
>
> 2 Is it possible to use a cipher?
>
> 3 Which algorithm does the yast-installer use when I encrypt the whole
> system with a logical volume group?
>
>
> I have read this two articles:
> a) ‘Encrypted Root File System - openSUSE’
> (http://old-en.opensuse.org/Encrypted_Root_File_System)
> b) ‘openSUSE Lizards » encrypted root file system on LVM’
> (http://tinyurl.com/de4zrv)
>
> But I have to say that these routines are a little bit complicated in
> my eyes.
> Isn´t there a easier way to encrypt the whole OS?
> I know there is a 64bit live cd available.
>
> 4 So the first description (a) is obsolete?
>
> 5 How can I set up a (fully encrypted) system without using LVM?
>
> The hard disk layout should be done in this way:
>
> /boot sda1
> /enhanced partition sda2
> /swap sda5
> /var sda6
> /tmp sda7
> /root sda8
> /home sda9
>
>
> I hope /swap /var and /tmp are the only directories where temporary
> files are stored that disturb the security (when you only encrypt the
> home directory).
>
> 6 Or are there other directories where temporary Data is stored?
>
>
> I hope this Post includes all my questions. Maybe there will be some
> more later…
>
>
>
>
> Again, I am sorry for so much questions!
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMbACgAAoJEF+XTK08PnB56PwP/AitiBG3FHZTEOGg9sCk9x/T
ZovEgMQ51UMuGg69DFw4T4Yky0ey76rBBAvsCi706qvaeno322/QNkYu9F6uhjRS
AwYfxziIld+HCYr6uOMCPkdEB9NPeO9ypCsphWxYEGTS68eZbyWKrMctP9RLnV8r
NzlxpDO4sJFx+W7+EKWwJJeXObOqmH+q5AP8K6/j9ml+Q+UUfEVMn6tk8MYVaa27
iMfBPhbP9OY/Dtd2D8TGdfpjY0MlHgRLiM8LTnG32YyzphUWk5r10kH7qZCjcU87
eoMaC8DQAFvzTPtO0XRTJcHdi1n+UqUz1R87MEspHjirAHHDpJh4R+9c190O6Ul6
z6l+c6rgKrQXMb4UdrTiss+z3hiGEZhpLifDc2T5GDvTI8MuPFiP1w+Djril1onc
Gu3fZ8zMYOGMhrvXOlbkqN9TkTuXSntzQKbk3A0rbhJnEAcAR6c5wp31dLz8iZkC
WXoy06sGbf2zJwtZuVsABltbQ44M+eUaAhpZjVPciPZEQ2ENLznuoke6eKZUfJmK
xAChMV2pCQrJXTLDEHXbGo4gNs/EgLmEGZazl0jWkaes0oqpzLxpClvJOl4G79fp
29qxm4nJQbysvJC/Et30Jm0WguP4HjdF8kQQU5D4McJFhcnPJ0vOIwMj1TNsxCDg
uobgGiP1Eot1rt9CO+yk
=1q4x
-----END PGP SIGNATURE-----

Thanks for your quick response

1 That don´t help me much. Do you know which one is used? AES? Serpent? Blowfish? Twofish? It´s not described in the installer. Otherwise the mod of operation isn´t descriped too. Of course I don’t believe that a weak method is used. But the cryptsetup order that is used would be great. This is important for me.
A lot of algos are more or less “good” But each has it’s own weakness.

2 when three algos are used in a cascade isn’t there much more security? I mean instead of 256Bit key an all in all 768 key length when three 256bit algos are used?

4 I didn’t understood your argument. Could you describe it in an other way?

5 The problem is I don´t have any experience with LVM. Is really everything in the secured volume group encrypted? Isn’t there a negative side when it is compare which a traditional layout? And when I am using 2 primary partitions one for boot and one for the enhanced logical partition in an LVM. Is there the possibility two install an other OS on this disk? Or would it be too complicated to organize MBR and another boot partition for another OS?

/boot >
/enhanced > Two primaries used >two primaries free

6 Mainly I want know that because I want have the option to wipe data traces.
Of course this is not essential with an encrypted file system, but the plus on security doesn´t cost much work. I hope you can understand my point of view here.

On 2010-08-18 17:47, ab@novell.com wrote:

> 5. I’m not sure; is there a reason you’d want to?

I don’t like nor trust LVM.

I don’t see why we should have an extra layer - except that with non lvm partitions apparently we
have to type the password several times. That should be easy to code around. AFAIK, it’s the only
hurdle.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))

[QUOTE=Carlos E. R.;2208517]On 2010-08-18 17:47, ab@novell.com wrote:

> 5. I’m not sure; is there a reason you’d want to?

I don’t like nor trust LVM.

I don’t see why we should have an extra layer - except that with non lvm partitions apparently we
have to type the password several times. That should be easy to code around. AFAIK, it’s the only
hurdle.

But an “normal” installation without LVM isn´t supported by the installer.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  1. My box, which came from the tinyurl link you posted, uses AES 256. I
    do not have a box setup post-11.2 using the installation options but I’d
    guess it will be the same.

  2. Your question was “is it possible to use a cipher” which includes AES
    by definition. Were you meaning is it possible to use a cipher multiple
    times or to use multiple different ciphers? I do not know how you would
    do that in implementation though, sure, in theory more may help,
    especially if they are different ciphers with different passphrases for
    keys. If you are this concerned with your security, though, you probably
    shouldn’t be exposing your concern. :wink: On the other hand you’re using
    TOR for your posts so maybe you need this after all.

  3. I may not have understood your question. When you said “the first
    option is obsolete” I assumed you meant the first link which you had
    marked as ‘a’. It is no longer necessary with the newer versions of OpenSUSE.

  4. LVM will be configured for you. Everything in the volume group should
    be encrypted because it happens at the group level. In my case, where I
    followed link ‘b’ for my initial setup, my entire /dev/sda2 is encrypted
    which is the level below the volume group. The end result should be the
    same, though, where all sensitive data is kept outside of /boot (except a
    hash for a Grub password, if applicable).

  5. Yes, if you use the full disk encryption you should be fine. If you
    have time to wipe your box before you are about to have somebody steal
    your hardware and try to brute-force your encryption feel free to run DBAN
    over everything first.

Good luck.

On 08/18/2010 12:42 PM, purple light wrote:
>
> Thanks for your quick response
>
> 1 That don´t help me much. Do you know which one is used? AES? Serpent?
> Blowfish? Twofish? It´s not described in the installer. Otherwise the
> mod of operation isn´t descriped too. Of course I don’t believe that a
> weak method is used. But the cryptsetup order that is used would be
> great. This is important for me.
> A lot of algos are more or less “good” But each has it’s own weakness.
>
>
> 2 when three algos are used in a cascade isn’t there much more
> security? I mean instead of 256Bit key an all in all 768 key length when
> three 256bit algos are used?
>
>
> 4 I didn’t understood your argument. Could you describe it in an other
> way?
>
> 5 The problem is I don´t have any experience with LVM. Is really
> everything in the secured volume group encrypted? Isn’t there a negative
> side when it is compare which a traditional layout? And when I am using
> 2 primary partitions one for boot and one for the enhanced logical
> partition in an LVM. Is there the possibility two install an other OS
> on this disk? Or would it be too complicated to organize MBR and another
> boot partition for another OS?
>
> /boot >
> /enhanced > Two primaries used >two primaries free
>
>
>
>
>
>
>
> 6 Mainly I want know that because I want have the option to wipe data
> traces.
> Of course this is not essential with an encrypted file system, but the
> plus on security doesn´t cost much work. I hope you can understand my
> point of view here.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMbDHZAAoJEF+XTK08PnB5DiEP/jFCwu1bzihfJVSg/WC+0R9e
ASKai4V8q7tuHEEneg0PqGKULk7qRrsRvdGH5UV9om6frMhrhjsvfP5DX64w4ZmC
LcaCgdNlzQncYP70tCFq+eN5uxjMzFa/WKkrQAZlc0y7m8Xuk6nOMGBhK8IzVj1d
iAg/zKzRMLstgKBMjwLcm2ACJTYXAv0WbijGQu9FUr1Ugf+lrkqqzyFXfCv5dCk5
M8+A5KiBu5c6tWZldnlt18KYKLvC8iEiMxwwIpnBfJYRDpcsmXv1qwgUFUhT1DXs
+ntsYO3n+If2zsxD56oNK7Jbt1NWI02MzvnqZ2wL6ZdI17lUYhRqekxY8BxC79X1
HPa3/Z8umsOy4Y1cIwrkXEeIniR7LYKlYj6UAs+62oIs2/RJUj3xdg7nT8QmxD4m
MKJyclqEyJXQ8OfZuwsG2kQ0+qIZQ/ip5ZomLeLA1UdRIsV89D4gHJClPMoMdhMM
woiaS67QG2tZsNmCrCylTtlulk/PvBLDX8Oc6h0zeewY6XcOXhniNKjbodRKKBgD
i9LvLHF5c2vm1trSZ5/bk3mDpRzPgYG0gj1WAOsbW1sJ8XvZgP5bZI0DUCWPCbw9
vtMrFwqWXWB8z69S+tXm4CpVtwYYlPiX5sqgvGMZNqUX9iElXCpa25dDKPL1A6K3
5VzGyrgL1E0bPiA5RlxK
=BzRM
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> But an “normal” installation without LVM isn´t supported by the
>> installer.

On the partition screen the installer ask you for a Partition Scheme or
a LVM scheme


VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkxsOcAACgkQJQ+0ABWtaVkA7gCg1PlH8fZUIb9a/26EqRN3c3Z/
NoIAoPLIn/tT6zW/Hh+y0ThOQVR4+yCA
=ukjm
-----END PGP SIGNATURE-----

On 2010-08-18 20:42, purple light wrote:
>
> Thanks for your quick response
>
> 1 That don´t help me much. Do you know which one is used? AES? Serpent?
> Blowfish? Twofish? It´s not described in the installer. Otherwise the
> mod of operation isn´t descriped too. Of course I don’t believe that a
> weak method is used. But the cryptsetup order that is used would be
> great. This is important for me.
> A lot of algos are more or less “good” But each has it’s own weakness.

file -s on the device says it:

LUKS encrypted file, ver 1 [aes, cbc-essiv:sha256, sha1] UUID: …

About the command used to create it, see previous posts in these forums, I explained it not a month ago.

> 5 The problem is I don´t have any experience with LVM. Is really
> everything in the secured volume group encrypted?

Yes.

> Isn’t there a negative
> side when it is compare which a traditional layout?

Yes.

> And when I am using
> 2 primary partitions one for boot and one for the enhanced logical
> partition in an LVM. Is there the possibility two install an other OS
> on this disk?

Yes and no.

If it is another linux, yes - if it can understand it. If it is not (linux), it must go outside the
LVM, obviously.

> Or would it be too complicated to organize MBR and another
> boot partition for another OS?

Depends on you >:-)

> 6 Mainly I want know that because I want have the option to wipe data
> traces.
> Of course this is not essential with an encrypted file system, but the
> plus on security doesn´t cost much work. I hope you can understand my
> point of view here.

I don’t understand the question.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))

ab@novell.com wrote:

> 2. Your question was “is it possible to use a cipher” which includes AES
> by definition. Were you meaning is it possible to use a cipher multiple
> times or to use multiple different ciphers? I do not know how you would
> do that in implementation though, sure, in theory more may help,
> especially if they are different ciphers with different passphrases for
> keys. If you are this concerned with your security, though, you probably
> shouldn’t be exposing your concern. :wink: On the other hand you’re using
> TOR for your posts so maybe you need this after all.

I think about something like that: AES-serpent-twofish

> 4. I may not have understood your question. When you said “the first
> option is obsolete” I assumed you meant the first link which you had
> marked as ‘a’. It is no longer necessary with the newer versions of OpenSUSE.

Yes I meant that. But what option is now the best?

VampirD wrote:

> On the partition screen the installer ask you for a Partition Scheme or
> a LVM scheme

Yes it asks. But when you want to use an encrypted system the only mod that can be used is LVM. When you want to use the normal, traditional setup only /home can be encrypted

Carlos E.R: wrote:

>file -s on the device says it:
> LUKS encrypted file, ver 1 [aes, cbc-essiv:sha256, sha1] UUID: …

but this block mode isn´t secure.

What about this one:
cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sdXy