encrypted installation?

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read this

encrypted installation?

Postby wombalton on Sat Jun 13, 2009 4:50 am

hi there,
i'm just trying linux mint. I'm quite familiar with ubuntu, using it every day... so what i miss in mint is during the installing progress an option to encrypt the whole hard drive, like with ubuntus alternate installation. am i just to stupid to find it or does this option really not exist?
wombalton
Level 1
Level 1
 
Posts: 2
Joined: Sat Jun 13, 2009 4:19 am

Linux Mint is funded by ads and donations.
 

Re: encrypted installation?

Postby Husse on Sun Jun 14, 2009 7:26 am

It does not exist - we are a small team and cannot port everything in Ubuntu....
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: encrypted installation?

Postby Fred on Sun Jun 14, 2009 8:41 am

wombalton wrote:
so what i miss in mint is during the installing progress an option to encrypt the whole hard drive...


Actually, I see little need in encrypting the whole drive in Linux. I would suggest you use something like TrueCrypt. It is a very good, peer reviewed, open source program. I have used TrueCrypt before and have been happy with it. In Linux you can't currently encrypt the system partition however. This isn't a big problem with Linux as it would be in Windows. Data is scattered all over the Windows partition. In Linux you should have no data in the OS proper anyway, so it is easy to encrypt the data partition or partitions and still be safe. There is nothing in the OS itself worth protecting. OSs are a dime-a-dozen. :-)

You gain nothing by encrypting the entire system, but you do loose the plausible deniability that encryption is in use. Looks a little strange to have a boot partition and seemingly empty partitions on your hard drive and no system showing to be able to run. :-) I don't use whole system encryption for that very reason.

If you look at my laptop it appears to be a simple unencrypted system. In fact, you would be hard pressed, even if you knew what you were doing, to prove, or even know for sure, there was anything else there. :-)

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.
User avatar
Fred
Level 10
Level 10
 
Posts: 3356
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Re: encrypted installation?

Postby Husse on Sun Jun 14, 2009 8:46 am

In fact, you would be hard pressed, even if you knew what you were doing, to prove, or even know for sure, there was anything else there. :-)

You just told us :)
What about testdisk - this nifty little tool can do some amazing tricks :)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: encrypted installation?

Postby Fred on Sun Jun 14, 2009 8:58 am

Husse,

lol, Yeah, I guess I did just tell you didn't I. Kind of like the password thing emorrp1 commented on in another thread. I did laugh, I must admit. :-)

More to the point, I don't know if testdisk would show any tell-tell signs. I'll have to check that . Good question. :-)

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.
User avatar
Fred
Level 10
Level 10
 
Posts: 3356
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Re: encrypted installation?

Postby frosch62 on Sun Jun 14, 2009 10:12 am

Fred wrote:
Actually, I see little need in encrypting the whole drive in Linux. I would suggest you use something like TrueCrypt. It is a very good, peer reviewed, open source program. I have used TrueCrypt before and have been happy with it. In Linux you can't currently encrypt the system partition however. This isn't a big problem with Linux as it would be in Windows. Data is scattered all over the Windows partition. In Linux you should have no data in the OS proper anyway, so it is easy to encrypt the data partition or partitions and still be safe. There is nothing in the OS itself worth protecting. OSs are a dime-a-dozen. :-)

You gain nothing by encrypting the entire system, but you do loose the plausible deniability that encryption is in use. Looks a little strange to have a boot partition and seemingly empty partitions on your hard drive and no system showing to be able to run. :-) I don't use whole system encryption for that very reason.

If you look at my laptop it appears to be a simple unencrypted system. In fact, you would be hard pressed, even if you knew what you were doing, to prove, or even know for sure, there was anything else there. :-)

Fred


I hate to have my first post on this forum give the impression that I'm only here to criticize, so let me phrase this constructively:

The statement above, that the system partition "/ or root" can't be encrypted, is simply incorrect. While it is true that Linux Mint does not as of yet support this feature at install, the distribution which Linux Mint is based on, Ubuntu, offers this from their alternate install install disk -- and has for quite a while: http://oei.yungchin.nl/2008/04/23/insta ... ncryption/

This shows it has been offered since at least April '08. And having just moved from a (totally except for /boot -- which is negligible) encrypted drive under Fedora 11 and Ubuntu 9.04, I can confirm that swap, root and everything else was running under an encrypted lvm. For those wishing to try it out:

http://www.ubuntu.com/getubuntu/downloa ... #alternate

This capability was also mentioned in Husse's post, with an explanation as to why the feature -- which does other places exist -- has not been ported to Linux Mint: lack of resources. As concerns merely encrypting the home folder, this doesn't keep from raising eyebrows, as this passphrase must also be entered before the operating system is booted (using linux's encryption methods). Truecrypt is a wonderful program, and can even be used to have an encrypted dual-boot setup (system encryption on windows partititon/ luks setup on linux), without any issues. Besides, plausible deniability goes only so far; the moment they see that truecrypt is installed (on linux or windows), they'll assume that you have an encrypted parition somewhere, in which case whatever nasty things (blackmail, threats) they had already planned are not going away. This feature, as of my last time using Truecrypt, was also not available for Linux distributions. That is not to say I don't recommend using truecrypt on top of full system encryption (I mean, why not?), but the capabilities that Fred's discussing aren't quite ripe at the moment.

But the statement that no sensitive data is located (on Linux) in system files -- like in that terrible Windows OS -- is also untrue. Files that have been opened, edited, linked to startup programs, etc. make their way into swap, potentially into /tmp, which means that a non-encrypted system drive does indeed leave one's personal data to those with access to the root partition vulnerable.

Fred, I would encourage you to look into what you've said before. Besides, you were responding to someone who had already used the feature in Ubuntu...
frosch62
Level 1
Level 1
 
Posts: 2
Joined: Sun Jun 14, 2009 7:18 am

Re: encrypted installation?

Postby Fred on Sun Jun 14, 2009 10:38 am

frosch62,

Whoo, slow down my friend. You blood pressure is rising too fast. :-)

I obviously didn't make myself clear. I wasn't referring to any kind of encryption other than TrueCrypt. TrueCrypt can't yet be used on Linux to encrypt the system. And I am of the opinion that even if it could you wouldn't want to for the reasons in my earlier post.

As far as the whole disk encryption available during the Ubuntu set-up, It isn't available on Mint's install disk. Having said that, it can be used but has to be installed manually which is a rather complicated process that in my opinion does not bring anything to the table that is useful.

I think that using TrueCrypt alone on selected data partitions, or parts of them, is the better way to go because of the plausible deniability mentioned in my earlier post. Doing it this way does not leave tracks behind in the OS that encryption is even in use.

EDIT: Have you ever heard of tmpfs? That is what you use for selected folders in /var and the whole of /tmp. Also, it is trivial to have a small script automatically shred or dd swap on shutdown. Google is your friend.

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.
User avatar
Fred
Level 10
Level 10
 
Posts: 3356
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Re: encrypted installation?

Postby frosch62 on Sun Jun 14, 2009 4:04 pm

Yo Fred,
I'm chill, don't worry... still got a long and healthy life ahead of me, and no high blood pressure. I was reading your post in relation to the thread's topic (linux encryption) and failed to see that you had clearly been talking about Truecrypt. My bad. I'll read slower next time...

Your point about /tmp is well taken, but what about swap? Or is this where your "dd" script comes in?

Also, I'm still not certain how to go about hiding the fact that you have Truecrypt installed? Also, the encrypted data, as you point out, doesn't (on its own) point to any sort of encryption. But even if you hide your truecrypt install as a file on your computer, it won't open when clicked. I would check

I'm quite interested in what you have to say, and I'm sorry if I came off too hard; I clearly misunderstood what you meant :(
frosch62
Level 1
Level 1
 
Posts: 2
Joined: Sun Jun 14, 2009 7:18 am

Re: encrypted installation?

Postby Husse on Sun Jun 14, 2009 5:03 pm

how to go about hiding the fact that you have Truecrypt installed

I don't think you need to have it installed - run it of a live CD or pen drive
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: encrypted installation?

Postby wombalton on Wed Jun 17, 2009 3:54 pm

whoo guys, didn't thought my post would cause that much of emotions... simply wanted to know if this very feature(full encryption) is available under Linux Mint, 'cause it's a Ubuntu fork and Ubuntu does support this... so I thought why not Mint also...
It's just a very easy way to encrypt your hard drive. I know that there are different possibilities in Linux, but as I understand Mint was designed to be easy to use...
Thought it wouldn't be a big deal to have this same feature than the "big brother", but I'm not familiar with creating linux distributions. So if it is that hard, don't worry. Think the most people can live without or some alternatives...
But for my part I will than going on using Ubuntu...
wombalton
Level 1
Level 1
 
Posts: 2
Joined: Sat Jun 13, 2009 4:19 am

Linux Mint is funded by ads and donations.
 

Return to Installation & Boot

Who is online

Users browsing this forum: PatH57 and 29 guests