[Grml] disk partition encryption roadmap

Tue Jan 25 18:02:53 CET 2011

Hi,

I'm thinking to do the disk partition encryptions now. However 

"Hard drive encryption sounds like an intimating concept, mostly because 
it is. The thought of taking your precious files, then using a 
mathematical formula to convert them into random noise before scattering 
them back across your disk is a hard sell. " [1]

1. http://www.maximumpc.com/article/howtos/
how_to_encrypt_your_entire_hard_drive_for_free_using_true_crypt

So I need some demystify of the whole disk/partition encryption thing. 
The official "Disk Encryption HOWTO" from tldp.org [2] is only dated as 
2004-11-17, so I would assume it is *way* outdated. In terms of security, 
I tend to turn to people that I trust for help. Having tldp.org failed on 
me, I need your help, people from the grml community, instead of some 
random blogs found on the interent.

2. http://www.tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/

Linux Encryption HOWTO
http://encryptionhowto.sourceforge.net/Encryption-HOWTO.html
v0.2.2, 04 October 2000

Here are my questions, 

- First very noob question, I don't want whole disk encryption, just want 
to encrypt some selected already partitioned partitions. If someone mount 
the encrypted partitions, will it shows up as empty or, there are some 
hints that the partition have been encrypted? 

- The Ubuntu [3] and CentOS [4] seems to endorse dm-crypt, instead of 
cryptsetup-luks that grml-crypt uses. So I need a bit of explanation why 
it is better than others. 

3. http://www.humboldt.edu/its/security-encryption-linuxubuntu
4. http://beginlinux.com/blog/2009/04/centos-53-encrypted-block-devices/

- In terms of encryption used, TrueCrypt supports the following 
encryption algorithms: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-
Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent; And these 
hash algorithms: RIPEMD-160, SHA-512 & Whirlpool [5]

5. http://www.informit.com/articles/article.aspx?p=1276279

So I need a bit of explanation why the chosen algorithm is better than 
others. 

- Is your choice as cross-platform as TrueCrypt?

- Since I need to encrypt more than one selected partitions, is there any 
alternative to typing in passphrase for each one of them when mounting 
them?

- how passphrase are cached? Do I have to repeately typing in passphrase  
each time I do the mount? I also heard of passphrase-less disk 
encryptions. Hmm... I don't want to go there so maybe I can skip that.

BTW, I just need a mini how-to about disk encryption, it does not need to 
be in-depth or comprehensive but rather short and to the point, to allow 
anyone with a minimum of linux disk encryption knowledge to create 
encrypted memory sticks, USB disks, or partitions in minutes.

Thanks a lot. 

-- 
Tong (remove underscore(s) to reply)
  http://xpt.sourceforge.net/techdocs/
  http://xpt.sourceforge.net/tools/