Exploring Full Disk Encryption

I feel kind of guilty that i rarely post anything about linux (or computers in general) on this blog like i used to, so this is an update for the Linux people out there.

If you’ve never used linux before and are still using a Microsoft OS, then i encourage you to at least try the other options out there. Ubuntu 10.04 is my Operating System of choice for a number of reasons, including, Stability, Free/Open Source (no licencing fees), timely security updates, multiple language support, mega amount of customization options, and almost never any downtime (ie. crashes, BSOD, viruses, etc.). Ubuntu 10.04 is the best version of Ubuntu i’ve tried. 10.10 has been out for awhile, and does have a few improvements, but it’s not an LTS release, and it has a few changes that bugged me the last time i used it.

Anyway, i love the fact that Ubuntu now gives you an option of using an encrypted Home folder to keep your files safe. And it seems to work beautifully. But, I’m not really sure if that is a bullet proof method of securing ones data, and it does seem to put a strain on speed after awhile too. Really in my mind, Full Disk Encryption is the only way to ensure your data is safe, and should be faster because the encryption is done before the whole system loads. So i dived into the abyss, and decided to figure out how to do it. You will need to download the Ubuntu Alternate Install Disc, and upon installation you need to select “Guided Partitioning – use entire disk with LVM”. LVM stands for something called Logical Volume Management. I guess it’s a way IBM figured out how to partition hard drives for servers, but anyway we basically need to borrow this technology to encrypt both the main partition and swap partition inside an encrypted virtual partition.

When you choose a paraphrase for your encrypted partition, you really should try and come up with a catchy phrase that ends up being 20 letters. Any less than 20 letters, and I’m told someone could potentially brute-force your paraphrase. Okay, so i guess they still can, but it would take a really long time. After i installed my system i chose to set it up for automatic login. This way i only have to enter in one password when i want to use my computer.

If you are using a Windows or Mac OS, i would Really Really recommend you either switch to Ubuntu and set up some sort of encryption if you are worried about the security of your data, or investigate the options for Full Disk Encryption for your OS. The default configuration of a Mac is extremely vulnerable to people who have physical access to your system. A Windows machine has almost the same vulnerability, and possible worse. I know because I’ve tried accessing both types of systems that were not mine and easily succeeded. I’m told there is proprietary software for Mac to encrypt your partitions. For Windows, you can look into TrueCrypt.


3 thoughts on “Exploring Full Disk Encryption

    • I actually didn’t notice much performance difference between using Encrypted LVM and a basic install with no encryption. I suspect thats because the encryption happens before the system is loaded. However, a normal install with an encrypted home directory seemed to really slow my system down. So, i prefer this form of encryption over that one. When using a normal install with just the home folder encrypted, i guess it takes time to read/write with the special algorithm. I thought about using both encryptions together, but that just seems a little overboard and would eliminate the option for automatic login after the paraphrase. Let me know if i answered your question.

  1. All of us at tummy.com have been using encrypted drives for around 5 years now (my first blog posts about it are March 2006), and it’s now a required part of our workstation installs. To answer the question about performance, even on the laptops of that vintage (Pentium M 1.7GHz), there really wasn’t a noticeable performance hit in most situations. Part of that is because most drive access is random, and most hard drives on consumer machines aren’t really fast enough to keep up with the CPU anyway…

    My laptop today is just over 3 years old, a Core 2 Duo 2.5GHz, and has TONS of available resources for crypto, even on an Intel X25-M SSD.

    So, try out encrypted root. It’s great stuff.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s