Encrypting a partition

[Msquared]

I know this thread is aging a bit, but I thought I'd post some comments,
and link to an article I just put online:

  http://www.msquared.id.au/articles/cryptroot/

The article is titled "Encrypted root on Fedora & CentOS", and shows you
how to encrypt the entire hard drive.  I'll address resume issues and
other things below...


On Mon, Dec 24, 2007 at 11:04:05AM +0000, Luciano Rocha wrote:

> > I want to know how I can encrypt my /home partition which is inside a
> > Logical Volume to increase the security.

My article shows you how to encrypt the entire volume group.

> Then add it to /etc/crypttab:
> chome /dev/volgroup/home none

With my article, you don't need anything in crypttab (including keys or
other sensitive information).



On Mon, Dec 24, 2007 at 09:11:17AM -0800, Alan wrote:

> Does encrypting swap interfere with hibernate or sleep mode on laptops?
> (Just asking in case I ever get sleep or hibernate working on my
> laptop.)

On Mon, Dec 24, 2007 at 05:43:10PM +0000, Luciano Rocha wrote:

> If you wish for a encrypted swap allowing suspend, you'll have to place
> a constant key in crypttab (which isn't secure, unless you also encrypt
> the root), and check if the resume scripts support that case or manually
> add it (not trivial).

If you encrypt the swap itself using a random key each boot, you will have
problems.  If you use a constant key in crypttab, then you don't have any
security unless the crypttab itself (or rather, the filesystem that
contains it) is also encrypted.

If you use the method used in my article above, you should be able to
hibernate and resume without any problems

I've tried and it worked for me, even with a dual-boot.  In fact, I was
able to sleep Windows and resume Linux and vice versa for a much faster
way to switch from Windows to Linux (and vice versa).  Of course, my
Windows partition isn't encrypted, but I don't use Windows as much.


Regards, Msquared...