Propose your solution
Attachments
No attachments.
Duplicates
Comments
|
|
|
That doesn't allow me to encrypt existing volumes with existing data, it just allows me to encrypt new volumes. Also, if I were to encrypt the root partition, it could not be booted from. Lastly, ubuntu uses a different encryption tech than truecrypt, and if possible I would like to use the ubuntu standard encryption. Ideally, If I were to install ubuntu and _then_ enable encryption, I would get the exact same system as if I were to install ubuntu _with_ encryption.
|
|
chunk08
wrote on the 29 Feb 08 at 01:43
|
|
|
|
It would still require a Live CD. You can't encrypt a partition while it is mounted...
|
|
d3xter
wrote on the 29 Feb 08 at 09:04
|
|
|
The alternate CD is completly mess. When I booted from alternate CD, my wi-fi didn't work and installer was hanged-up after setting the partitions.
The only good solution is to adapt standard installer and make a support for encrypted volumes.
|
|
dei
wrote on the 29 Feb 08 at 10:36
|
|
|
absolutely against it!
if someone (most likely noob) screws up his system and asks for help he will most likely not know his encryption-key and his data is lost. --> Ubuntu will be the "bad Guy" who has eaten up all the data
disc-encryption is a feature for rather professional or geek use, which know what they're installing
|
|
jwoods
wrote on the 29 Feb 08 at 13:19
|
|
|
Partially encrypting a disk is a really bad idea. In the past, full disk encryption wasn't available, so partial encryption was the best compromise we could get.
The options should be full disk encryption or no encryption.
If I encrypt data, I expect it to be inaccessible. Now, consider that the data has to be decrypted to work with. What if I have data files in my home directory which are encrypted, but are loaded into an application to work with? Now, it's entirely possible that the data will be swapped to disk. If swap isn't encrypted, the data is vulnerable.
Also consider that many files may write to various temporary directories which aren't encrypted.
Partial encryption is a bad idea -- there are simply too many possibilities for data leak, especially for inexperienced users, to consider. If it's worth encrypting, it's worth doing right.
|
|
|
Technically the best is to use appropriate md crypt plugins and encrypt the LVM volume. You shouldn't use file containers on top of any journaled fs - there are real reasons for that.
Enabling the full disc encryption on the run is not impossible. All it requires is X gigabytes of unallocated space for a temporary partition. Move everything there, modify grub config, reboot into configuration mode, remove the previous partitions / lvm. Create new one as encrypted, initialize it, create new fs, copy the stuff from temp partition back, fix bootloader, reboot. Voila.
The problem is... How to make it really reliable. It can screw up things. A lot.
|
|
|
|
With partial encryption, it's really simple to make clear text attack (on standard binaries/configuration files). So partial encryption is quite as useless as no encryption at all. However, full encryption is not safe either. Metadata tends to be constants and can be guessed, so clear text attack are still feasible with full encrypted filesystems.
|
|
pturing
wrote on the 3 Mar 08 at 16:39
|
|
|
It is possible to in-place encrypt an unencrypted partition, and to reverse this.
However, this is very dangerous because if the system loses power, etc. while this operation is being done, the partition is hosed.
|
|
|
|
Maybe some work with true crypt could be done to port their M$ implementation of it. Also would it be such a bad idea to include trucrypt by default for better security practices.
|
|
|
Please I need encryption!
During the Vietnam War, my commanding officer, Colonel Morrison, gave us orders to rob the Bank of Hanoi to help bring the war to an end. We succeeded in our mission, but on returning to our base four days after the end of the war, we found our C.O. murdered by the Viet Cong and his headquarters burned to the ground. Therefore no proof existed that the we were acting under orders, and we were sent to prison by a military court. We were sent to Fort Bragg, from which we escaped before we could actually stand trial.
We are a group of United States Army Special Forces who work as soldiers of fortune while being on the run from the military for a "crime we didn't commit".
This is why we need encryption!
|
|
|
|
Full-disk encryption is absolutely essential to anyone who values the privacy of their data, and the current possibilities are confusing and difficult to implement. The installer could warn newbies not to do this unless they fully understand the risks. For many people this is not an optional extra but a must-have feature, so I think it's foolish to be so afraid that some noobs might mess it up and complain that you argue against implementing it altogether.
|
|
jcdutton
wrote on the 26 Sep 08 at 18:43
|
|
|
In windows, a program called becrypt allows one to do whole disk encryption.
It encrypts the entire disk while it is being used. I.e. While it is mounted.
One can even shutdown the PC during the encryption process.
It prompts for a password on cold boot and return from hibernate.
It would be nice to have a Linux whole disk encryption that could do the same. When translated into Linux, the password would be asked for before the GRUB prompt.
|
|
|
|
This isn't a idea for privacy-freaks only; this is a great idea for a laptop. Laptops are very commonly stolen, and getting data off of most windows/osx/*nix (r) partitions is something that anyone can do... no hacker needed. I think the average user just needs the /home/ partition encrypted, though... not swap, /, etc... they just need enough protection so that when their laptop is stolen, they are only out the money, and do not have to worry about their credit ratings, their bills, their financial accounts, their very personal emails and files, etc...
|
|
|
well in a few days Jaunty will be on the streets
there any news about full disk encryption in this new version???
thankz
|
Post your comment
|
