EzDevInfo.com

Find out type of encrypted hard disk

say you get a random harddisk into your hands which is encrypted. is it possible just from the layout of the data to see what kind of encryption has been used?

i.e. Bitlocker, Truecrypt, dcrypt?

Reading an encfs volume from Windows?

I've been looking into encfs as a solution to encrypt my personal data. However I want to access this data both on Linux and Windows on different machines (synced through Dropbox). So far all Google searches have brought up pages which specify that there is no Windows client that reads encfs.

Can it be done?

is there a way to stop mac osx disk encryption in progress?

I chose a 1T external drive for time machine and checked the "encrypt backups" option. I thought it will only encrypt the backups, but as it seems it is now encrypting the whole drive which has quite some data on it and is not SSD ;). Is there a way to cancel the encryption process? I turned off Time Machine and chose another drive for it.

What software should I use to encrypt my hard drive? [closed]

I am currently running Windows 7 RC x64 on my home system, and am interested in encrypting my hard drive. I've heard good things about TrueCrypt, but am curious what other folks might suggest. I primarily use my system for software development, so am concerned about any system performance degradation that encryption might introduce.

How to change pass phrase of full disk encryption?

I installed Ubuntu 12 with full disk encryption, and now I want to change the pass phrase.

How can this be done?

Which TrueCrypt Algorithm is the safest?

If performance is of no concern, which TrueCrypt algorithm is the safest to use?

• AES
• Serpent
• Triple DES
• Twofish
• AES-Twofish
• AES-Twofish-Serpent
• Serpent-AES
• Serpent-Twofish-AES
• Twofish-Serpent

SSH with authorized_keys to an Ubuntu system with encrypted homedir?

I recently set up a new server with Ubuntu karmic 9.10, and when I created my home directory I chose to make it encrypted. Now, after loading my authorized_keys file into ~/.ssh, it isn't recognized because my home directory isn't decrypted until after I log in. Is there a way to make SSH keys work with encrypted home directories under Ubuntu?

How do I wipe an encrypted USB flash drive?

My company has issued an encrypted USB flash drive which I stored my personal data in it. I am resigning from the company and I wanted to wipe the data in the usb drive but I have forgotten the password.

I tried using dban and nuke to wipe the data but it is an unrecognised device shown in dban.

The USB flash drive comes with an EXE program which I need to enter a password before the drive can be mounted.

How do I remove my personal data in the encrypted USB flash drive?

Updates

1. I tried gpart and the disk couldnt be found
2. I tried diskpart and the disk was 0 bytes, neither can I find any partition or able to clean it.
3. I did a live ubuntu cd boot and the usb thumb drive was detected as a cd-rom

There is no way of wiping the data and I have returned the device and trust the sysadmin to have integrity of wiping the device.

Lesson learnt: Never store your personal data on company device.

How do I resize a FileVault 2 encrypted partition?

Running Mac OS X Lion. My current setup is a 250 GB partition, encrypted by FileVault2, for Lion. Old Snow Leopard install is in second half, another 250 GB partition, unencrypted, of the same disk.

The Disk Utility GUI doesn't allow me to delete the Snow Leopard partition due to CoreStorage (FV2) partitions being present on the disk.

Using diskutil cs on the Terminal, I see commands to remove or add CoreStorage volumes, but no way to resize an existing one.

Will I need to decrypt my Lion HD in order to resize it?

Bad performance with Linux software RAID5 and LUKS encryption

I have set up a Linux software RAID5 on three hard drives and want to encrypt it with cryptsetup/LUKS. My tests showed that the encryption leads to a massive performance decrease that I cannot explain.

The RAID5 is able to write 187 MB/s [1] without encryption. With encryption on top of it, write speed is down to about 40 MB/s.

The RAID has a chunk size of 512K and a write intent bitmap. I used -c aes-xts-plain -s 512 --align-payload=2048 as the parameters for cryptsetup luksFormat, so the payload should be aligned to 2048 blocks of 512 bytes (i.e., 1MB). cryptsetup luksDump shows a payload offset of 4096. So I think the alignment is correct and fits to the RAID chunk size.

The CPU is not the bottleneck, as it has hardware support for AES (aesni_intel). If I write on another drive (an SSD with LVM) that is also encrypted, I do have a write speed of 150 MB/s. top shows that the CPU usage is indeed very low, only the RAID5 xor takes 14%.

I also tried putting a filesystem (ext4) directly on the unencrypted RAID so see if the layering is problem. The filesystem decreases the performance a little bit as expected, but by far not that much (write speed varying, but > 100 MB/s).

Summary:
Disks + RAID5: good
Disks + RAID5 + ext4: good
Disks + RAID5 + encryption: bad
SSD + encryption + LVM + ext4: good

The read performance is not affected by the encryption, it is 207 MB/s without and 205 MB/s with encryption (also showing that CPU power is not the problem).

What can I do to improve the write performance of the encrypted RAID?

[1] All speed measurements were done with several runs of dd if=/dev/zero of=DEV bs=100M count=100 (i.e., writing 10G in blocks of 100M).

Edit: If this helps: I'm using Ubuntu 11.04 64bit with Linux 2.6.38.

Edit2: The performance stays approximately the same if I pass a block size of 4KB, 1MB or 10MB to dd.

Securing a Linux server when there is potential physical access

We want to set up a Linux server (hosting Git or later SVN repositories) which should have all stored data strongly encrypted, so that if one steals the server the data cannot be read. For example, our notebooks have all important data stored on a "true-crypted" partition.

We plan to access it with SSH private keys and only after successful login should the data be readable. The server would be located in our office, shut down at night and not be connected to the Internet directly, but only accessible in our intranet.

What suggestions do you have? I'm only a sporadic Linux user and hence not very competent at it.

Linux laptop encryption

What are my options for encrypting the /home directories of my Ubuntu laptops? They are currently setup without any encryption and some have /home as a separate partition whilst others don't. Most of these laptops are single-user standalone laptops which are out on the road a lot.

Is ecryptfs and the encrypted Private directory good enough or are there better, more secure, options? If somebody got hold of the laptop, how easy would it be for them to gain access to the encrypted files?

Similar questions for encrypted lvm, truecrypt and any other solution I may not be aware of.

Encrypting my laptop hard drive

I've considered encrypting my laptop hard drive for a while now, but the only thing holding m back is my Microsoft SQL Server 2008 installation. I use my laptop for development and also have some private information on the laptop that I want to keep private, but at the same time I also don't want to impair my ability to develop applications. (I'm currently running 64-bit Windows 7 on an Asus i5 laptop.)

I had thought of creating a new partition that would not be encrypted and copying my SQL data files to that drive - as there would only be non-sensitive dummy data in those databases. Therefore my database server would not have to slog through an encrypted partition to read/write the files.

Has anyone had any experience with encrypting the drive of a development laptop without any significant hit on performance?

LVM Encrypted Physical Volume versus Encrypted Logical Volume. Am I safe?

I'm somehow new to disk encryption techniques in Linux, but I have the basic notions about encryption. Here my conditions:

• I need to have "full disk encryption", including "/", not just "/home".
• I don't need /home on a separate partition, I prefer just a single "/" and swap
• I need suspend/hibernate to work (yes, I know suspend is not safe, but I need it to work in rare cases where people won't steal my laptop)
• I want to do this using modern Linux distribution installers, so my option is basically LVM
• I know I'll need an unencrypted /boot partition

But the thing is: using distribution installers, I have the option to encrypt the Physical Volume (PV) but also to encrypt the Logical Volumes (LVs) inside the PV.

• Which one is better?
• If I just have encrypted Physical Volume, am I safe? Or does it just encrypt some kind of metadata (like a table containing pointers to the inner partitions) and not the file systems inside it?
• Is there any case where I'll want to have PV encryption + LV encryption? Explain.

LVM has many different abstractions (PV, VG, LV, PE), I'm afraid that by encrypting something I might be only encrypting some kind of metadata table and not the actual contents of my files. I tried googling this, but the howtos usually explain how to format your partitions but not the details I'm asking. I have the feeling that people just want to type some soft of password, even if they don't know what is actually being encrypted. The Linux Distribution installers don't help either (the only one that cares about writing random stuff to the disk before encrypting is Debian!).

What I did:

• Using OpenSuse installer, I created a physical partition on my disk and marked it as "encrypted". Then, I used it to create an LVM Group, and, inside it, I created unencrypted / and swap. Is this safe?

I'm still waiting the installation to finish. I'll need to discover how to try to break it after.

Thanks in advance.

Does full Volume encryption put an SSD into a fully used state?

SSDs, particularly of the common MLC variety, have a limited number of writes before the memory cells wear out. Through the use of wear leveling algorithms this is effectively worked around so that the drive has a useful lifespan. The other side of the wear leveling is that it improves performance by writing to unused blocks rather than the much slower operation of reading, erasing, writing to an existing used block. But these algorithms rely on their being unused blocks available.

So the question is what happens if you encrypt the entire drive with something like BestCrypt or TrueCrypt? Both of these will write what looks like random data to the entire drive. Will this effectively put the drive into a fully used state and how will this effect the wear leveling and performance of the drive?

I know that some drives do reserve some of their capacity for this very reason. Where you see a drive advertised as a 60 or 120GB drive it is probably a 64 or 128GB drive with some of its capacity reserved and unavailable for your use. But do the drives that advertise themselves as 64/128/256GB also reserve space in this way or do that rely purely on the drive never being completely filled to have available blocks for wear leveling?

...

I am probably worrying about something that really isn't going to be a problem in practice. But I am rather curious about how smart the wear leveling algorithms are. Do they allow for continuous read/modify/write to a drive that appears to be completely full?