[NBLUG/talk] dm-crypt for hard drive encryption
Aaron Grattafiori
nite at sonic.net
Tue Nov 15 10:21:54 PST 2005
I wroteup a decent how-to for encrypting your swap and/or a disk drive using
the device mapper crypto utility. (I guess its kinda replacing loop-aes)
*What is dm-crypt??*
"dm-crypt is such a device-mapper target that provides transparent
encryption of block devices using the new Linux 2.6 cryptoapi. The user
can basically specify one of the symmetric ciphers, a key (of any
allowed size), an iv generation mode and then he can create a new block
device in /dev. Writes to this device will be encrypted and reads
decrypted. You can mount your filesystem on it as usual. But without the
key you can't access your data."
The swap is easy to encrypt... if your curious why.. you might try this
command probably as root:
you at yourbox# strings < /your/swap/device | grep "yourpassword"
(its possible your password can be stored in swap, plaintext...)
(yes, your password will now be in .bash_history, so just search for a
piece of it)
I wrote some scripts to help ease the configuration and help make it
easier to activate the crypto disk/loop device.
my guide here: http://dyn.neg9.org/crypto/steps.html
Script to mount: http://dyn.neg9.org/crypto/cmount
Script to unmount: http://dyn.neg9.org/crypto/cumount
dm-crypt info here: http://www.saout.de/misc/dm-crypt/
good luck!
-Aaron Grattafiori
More information about the talk
mailing list