I got a good security one more ya.

Gromitigo gromitigo at gmail.com
Sun Apr 2 10:05:04 UTC 2006 

Is there any option to install Ubuntu with an excrypted file system?
While I'm installing, is it as simple as setting up the filesystem as EFS?

On 3/31/06, Harijs Buss <harijs at info-shelter.net> wrote:
> On Friday 31 March 2006 18:49, Kent Borg rakstija:
> > If you do have a good key and encryption, if you lose your key,
> > you are completely hosed. There is no key recovery if you have
> > a secure  system.
>
> Yep. That's the point :-)
>
> > Disclaimer 1: I have not experimented with corrupting encrypted data
> > and seeing what happens and how lethal it is.  It might not be as bad
> > as I suggest, or it might be worse.
>
> Some time ago I started to use external USB enclosures with IDE disks as
> backup devices. (Yeah, I know, but this is better than nothing anyway :-)
> Enclosures are "rotated" according to usual backup scheme. Only one of these
> devices are at the same time near backup source, the rest of them are kept
> off-site. Files on enclosure disks are synced with original ones using group
> of rsync commands. File system is XFS encrypted by AES method with 1024 bit
> key.  (This was done in another distro but probably there are no big
> differences).
>
> Naturally I wanted to know what will happen if, for example, suddenly USB
> cable will be pulled out in the middle of big writing.  So I did try that :-)
> because in the worst case I simply would have to re-format the drive and
> re-write the info which is available.  Sure my 3 attempts can not count as
> "scientific experiment" but they give some impression anyway.  All three
> times after re-boot (to get rid of any buffered info) and re-connecting
> enclosure I was able to mount it as read-only and get off all files except
> one which was in writing process when USB cable was plugged out. One of my
> colleagues who made similar experiment, in one case could not mount the disk
> and therefore could not get anything out because of encryption. In all cases
> specific XFS utility programs could not do anything to repair file system, so
> I had to re-format partition and write all info that should be there.
>
> Encrypted file systems can be used quite easily but people should really
> understand that exactly because of good encryption it would be impossible to
> de-crypt info when key is lost. Any tech glitch can also lead to
> inaccessibility of info.
>
> But hey, we all make regular backups, don't we?  :-)
>
> Harijs
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>

More information about the ubuntu-users mailing list