');

Related Articles

16 Comments

  1. 9

    Cool-Technology

    When usually people or companies speak of encrypting their hardrive, they are speaking of protecting their data (Company’s secret or very important files with vital information on a person). Occassionly, there are those who wants to encrypt their hardrive for ‘other’ reasons, which could get them in trouble with the government. But for normal use, I don’t see why anyone would encrypt a server which is supposed to be ‘Public’ by default.

    Reply
    1. 9.1

      Brian

      Wow. So many assumptions. I don’t even know where to start. What are you on about with regard to governments? Why do common-folk have knee-jerk reactions regarding encryption and that anyone using it must be doing naughty things?

      And “public”? Who’s talking about public data here? “Server” does not automatically equal public. There are tons of severs sitting inside corporate, or even private home networks hosting non-public data.

      Do you really want some criminal who breaks into your house and steals your computer to have that data?

      Reply
  2. 8

    Brian

    There is a downside and that’s operator-less rebooting of machines. Think of the server that’s in the basement of your house. While you are away on vacation, the power goes out and stays out for a few hours (Do you have a generator that comes on automatically when the power goes out? I sure don’t). Finally the UPS runs out and the computer is shut down. A while later the power comes back on but the computer gets stuck booting waiting for an operator to enter a passphrase. And it continues to wait, days, until you come home.

    Reply
    1. 8.1

      finid

      Good point, but it’s all about balancing risk and reward.

      That said, there is a software that allows remote booting of such a system. I should take a look at it and do a writeup one of these days.

      Reply
  3. 7

    Andy

    Hello.
    This is really great tool.
    I have one questions,
    If my pc or notebook is encrypted and use other OS to format my pc.
    Encrypted is still protected my pc or notebook being format?
    Because these days every main board has reset button on it. Even set it with best password, one button bye bye passwords.

    Therefore Encrypted is still protect pc device even with format HDD…

    Is there any other software can protect pc from even format it?

    Please give me advice.

    Thank you

    Reply
  4. 6

    kelisa

    Do u know debian base distro (not pure Debian) with disk encryption option during install ?

    Reply
    1. 6.1

      finid

      The only one I know is Ubuntu/Kubuntu Desktop Alternate Installer. See this link for a tutorial based on the Ubuntu edition:

      Reply
  5. 5

    DonnyDonNothin

    just thought that i would mention if you are paranoid about the fbi or government taking your data, you should wear a tinfoil hat every time you enter you passphrase

    Reply
  6. 4

    busillis

    I’m using FC14 and passed this option up on install. Now I am installed, is there a way to encrypt my install?

    Reply
    1. 4.1

      finid

      If you are thinking about encrypting a disk after installation, I do not think it can be done – easily. Full disk encryption of the disk you are installing into is something that must done during installation, not after.

      If some one has a method of doing it after installation, I’d like to know about it.

      If you customized the default LVM configuration as detailed at http://www.linuxbsdos.com/2010/11/03/fedora-14-installation-guide/, you can protect your home folder if you create a new logical volume, copy over contents of your current home folder to the new logical volume, delete the old one, and you have an encrypted logical volume.

      It does not offer the same benefits as full disk encryption, but it is better than nothing. The best and easiest solution is to reinstall and do it the right way.

      Reply
  7. 3

    terovoid

    I do not use LVM partitioning scheme, and I encrypt all the partitions with the exception of the /boot partition. Is this habit dangerous?

    Reply
    1. 3.1

      finid

      I don’t see any problem with your set up. The key thing is to encrypt, and not whether you use LVM or the traditional disk partitioning scheme. LVM just makes it easier to manage your drive(s).

      Reply
  8. 2

    mario

    It’s also important to note, that on current computers, there is no recognizable performance hit when using disk encryption, for 128 bit AES anyway. Been using it a couple of years now.

    And I’m still wondering why the other major distros make it such a hassle to set it up really. So I’ll definitely check out Fedora for my next reinstall. (Hope it also supports btrfs/compressed disks, for netbook performance.)

    Reply
    1. 2.1

      finid

      No major distro supports btrfs as at the last release cycle. I think by the next release cycle, you’ll start seeing btrfs support in a few of them. I hope you are aware that btrfs is not fully production ready.

      Reply
    2. 2.2

      Max - The IT Pro

      “there is no recognizable performance hit when using disk encryption, for 128 bit AES anyway.”

      That has always been my worry…slow performance. But if things have improved, I’ll definitely give it a whirl. I’d probably use a 256 bit AES key instead of 128.

      Reply
  9. Pingback: Links 2/2/2010: Oracle/Sun Analysis | Boycott Novell

Leave a Reply

Your email address will not be published. Required fields are marked *