Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
 

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: USB Pendrive with encrypted /home< Next Oldest | Next Newest >
bla Offline





Group: Members
Posts: 2
Joined: April 2006
Posted: April 29 2006,16:47 QUOTE

Hi,
It is quite important for me to keep my data encrypted on usb drives because they ease get lost...

So i've made a modification to linuxrc script from initrd so one can pass an option to kernel "encrypted=<device>" where device is encrypted filesystem (aes256, ext3). During booted you will be asked for password. If mounting fails you can retry. Then home & var from enc. fs are linked to / and violla.

I've devided my USB into two partitions. vfat with grub and compressed root filesystem=freespace for files, and 50MB encrypted ext3.
One can create encrypted partition on running DSL with:
losetup -e aes256 /dev/loop0 /dev/<device>
mkfs.ext3 /dev/loop0
losetup -d /dev/loop0

Then boot it with other bootflags...
Is somebody interested? Might it go upstream?
Some files:
https://thera.be/my_public/DSL-enc
Inside of linuxrc i've inserted credit, so you can search modifications by "bla"... i generally don't care about the credit itself.

IMAGE-encryption.bz2  there is a compressed image of my whole 512 usb memory... rather useless! But you can try it... Password for encrypted /home on that image is "dummydummydummydummy".

PS. I don't know how to, in elegant way, stop DSL from overriding /home/.* files!
Back to top
Profile PM 
roberts Offline





Group: Members
Posts: 4983
Joined: Oct. 2003
Posted: April 29 2006,17:16 QUOTE

We currently offer the protect boot option for just such purposes. This option encrypts the backup file. I made this setup just for pendrive and the fact that they get easily lost.

With pendrive as other flash devices you do not want to have peristent home or other writeable directories on the pendrive. With the limited life, write cycles. Running DSL as designed wth large static extensions seperated from any backup, they become write once read many. Therefore the backup should remain rather small and home and opt being in ramdisk does not affect the wite cycles.
Therefore only writes occuring to pendrive are when performing the backup. Using the protect option secures that sensitive/personal  file.


Edited by roberts on April 29 2006,17:17
Back to top
Profile PM WEB 
WDef Offline





Group: Members
Posts: 798
Joined: Sep. 2005
Posted: May 10 2006,11:15 QUOTE

Bla -

*WARNING*

Never use single-key loop-aes v.1.x in dsl!

It's old and is *broken* encryption-wise.  Your data is vulnerable to attacks.

If the 'protect' tarball encryption is not enough, use multikey v.3.x loop-aes in dsl-n or knoppix.  I think you can probably mount your single-key encrypted partition with v.3 loop-aes in dsl-n, make a multikey encrypted partition with loop-aes v.3, mount both, then copy your data across from your unsafe partition to your new safe partition.

Then umount your old partition and *shred* the whole thing many times. Or use wipe -b /dev/hdwhatever

Also, never try to mount your v3 loop-aes partition with the old loop driver in dsl - you might bork your data.

Also - don't use swap, or, if you do, encrypt it.
Back to top
Profile PM 
2 replies since April 29 2006,16:47 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

 
reply to topic new topic new poll
Quick Reply: USB Pendrive with encrypted /home

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code