[Grml] disk partition encryption roadmap
T o n g
mlist4suntong at yahoo.com
Tue Jan 25 18:02:53 CET 2011
I'm thinking to do the disk partition encryptions now. However
"Hard drive encryption sounds like an intimating concept, mostly because
it is. The thought of taking your precious files, then using a
mathematical formula to convert them into random noise before scattering
them back across your disk is a hard sell. " 
So I need some demystify of the whole disk/partition encryption thing.
The official "Disk Encryption HOWTO" from tldp.org  is only dated as
2004-11-17, so I would assume it is *way* outdated. In terms of security,
I tend to turn to people that I trust for help. Having tldp.org failed on
me, I need your help, people from the grml community, instead of some
random blogs found on the interent.
Linux Encryption HOWTO
v0.2.2, 04 October 2000
Here are my questions,
- First very noob question, I don't want whole disk encryption, just want
to encrypt some selected already partitioned partitions. If someone mount
the encrypted partitions, will it shows up as empty or, there are some
hints that the partition have been encrypted?
- The Ubuntu  and CentOS  seems to endorse dm-crypt, instead of
cryptsetup-luks that grml-crypt uses. So I need a bit of explanation why
it is better than others.
- In terms of encryption used, TrueCrypt supports the following
encryption algorithms: AES, Serpent, Twofish, AES-Twofish, AES-Twofish-
Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent; And these
hash algorithms: RIPEMD-160, SHA-512 & Whirlpool 
So I need a bit of explanation why the chosen algorithm is better than
- Is your choice as cross-platform as TrueCrypt?
- Since I need to encrypt more than one selected partitions, is there any
alternative to typing in passphrase for each one of them when mounting
- how passphrase are cached? Do I have to repeately typing in passphrase
each time I do the mount? I also heard of passphrase-less disk
encryptions. Hmm... I don't want to go there so maybe I can skip that.
BTW, I just need a mini how-to about disk encryption, it does not need to
be in-depth or comprehensive but rather short and to the point, to allow
anyone with a minimum of linux disk encryption knowledge to create
encrypted memory sticks, USB disks, or partitions in minutes.
Thanks a lot.
Tong (remove underscore(s) to reply)
More information about the Grml