[ale] Pros & cons on encrypting disks

Tue Dec 2 12:08:50 EST 2008

No _required_ reading that I have found. I've done a bit of google work to
find details and read a bit of the LUKS pages (that's the main process for
keys, I think). If you are doing a fresh install of Fedora9+ or Ubuntu 8+
(use the "special disk"??) it automagically works. F9 will set up LVM with
/boot on a physical and the rest under an encrypted volume. This is good as
/ and swap are encrypted. So if the laptop suspends or hibernates, the drive
key password is required to unlock it plus the user password. You can create
multiple password "slots" that unlock the same partion encryption.

On Mon, Dec 1, 2008 at 5:29 PM, Scott Castaline <hscast at charter.net> wrote:

> Jim Kinney wrote:
> > Can't encrypt the boot partition otherwise no kernel available to run
> > the decryption :-)
>
> Figured that was the reason, not even sure why I even had any doubts to
> that.
> >
> > I ran Fedora 8 with added drive encryption. No problem (the first
> > install was tedious but it all worked fine). I then up0graded that
> > laptop to Fedora 9. During the install it recognized the encrypted
> > drive, prompted for the password for the key, unlocked and upgraded
> > flawlessly (OK - So I had previously removed all the Livna repo
> > multimedia stuff to avoid headaches).
> >
> > Later backed off personal data, wiped the drive and installed F9 from
> > scratch. No problems. Just reworked the machine from scratch with F10
> > 64-bit as I upgraded to 4GB ram. Once the bios patch went on the box has
> > performed well. No flawlessly - there are bugs in the suspend,
> > hibernate, power-management and the gnome session manager is rather
> > unstable (Grr!).  But the disk encryption is has been so far rock solid.
> >
> > Admin on a disk encryption is a bigger challenge. Must have a backup of
> > the keys and know the encryption scheme and also must know the password.
> > Current scheme allows multiple passwords so there can be an admin user
> > and other normal users. So normal users can boot the box without knowing
> > the admin password.
> >
> Any suggested reading material, something that isn't required reading
> for a CSE major? I'm from the hardware dungeon(s).
>
> > Disk encryption is/will-be a big thing to be comfortable working with.
> >
> > On Sat, Nov 29, 2008 at 12:42 PM, Scott Castaline <hscast at charter.net
> > <mailto:hscast at charter.net>> wrote:
> >
> >     Just want to get a feel for the pros and cons of encrypting my
> disk(s).
> >     I just created a VM to install Fedora 10 before upgrading my system.
> I
> >     chose to use the encryption option to see how it worked in the
> install
> >     process and how it behaves once installed. I did notice that the boot
> >     partition cannot be encrypted. Is this just a Fedora thing or is that
> >     the encryption key is not present until the initial boot process is
> >     completed? So what are the pros and the cons to this?
> >
> >     TIA
> >     Scott
> >     _______________________________________________
> >     Ale mailing list
> >     Ale at ale.org <mailto:Ale at ale.org>
> >     http://mail.ale.org/mailman/listinfo/ale
> >
> >
> >
> >
> > --
> > --
> > James P. Kinney III
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>

-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20081202/cb2fbf38/attachment.html 