Skip to main content

Thread: drive encryption

-

how shut off? chose option encrypt drive when installed ubuntu studio 12.10. now, time need restart (such updates) takes forever restart. end manually shutting off pc , turning on. still takes 2 minutes before can enter password. don't this. thought idea, , is, don't it. there way shut off reinstalling os?

encrypting drive not process designed reversible. otherwise defeat reason encryption's existence (as security tool stops bad guys getting @ data). possible yank out encryption on files , whole directories, through brute force. basically, copy data backup in unencrypted form, delete encrypted directory, create replacement clear directory , copy data in. can't entire hdd because oses far more sensitive simple data. uuids, config files , dozens of other dependencies borked, option backup important data external medium , reinstall.

larger picture:

it's running joke among friends , family i'm paranoid when comes security, not encrypt whole drive unless being pursued martian secret police. encryption incurs significant computational overhead , if encrypt os (not data), every time os needs access system file, must decrypt/encrypt in addition read/write process itself. includes /tmp , caches held on hdd. moreover, , borked if must ever resort livecd recover or reconfigure part of os. , since password well-defended, there isn't advantage gained whole-disk encryption either.

better way:

why many people choose encrypt /home directory , leave / in clear. /home of sensitive data is, in vast majority of cases, enough encrypt /home. however, still creates issues. overhead still severe , pointless reasons. after all, why have encrypt 200gb of games? moreover, breaks things ability remotely ssh /home prior having physically logged in.

best way:

therefore, encryption tools come ubuntu allow encrypt directory want, in particular, special one--the private directory--normally found below own /home/user/. need to:
code:
sudo apt-get install ecryptfs-utils
once installed, do:
code:
man ecryptfs-setup-private
for instructions. this link read. once directory encrypted, dump sensitive data private. move e-mail in , symlink original directory. move private keys private while keeping .ssh directory clear. can remote ssh login no problems.

don't let current difficulties sour on encryption. if it's done properly, can safeguard , privatize data. unfortunately, can backup , reinstall @ point if want decrypt hdd, above guide afterwards.


Forum The Ubuntu Forum Community Ubuntu Official Flavours Support New to Ubuntu [ubuntu_studio] drive encryption


Ubuntu

Comments

Post a Comment

Popular posts from this blog

Some mp4 files not displaying correctly (CS6)

-
Image
a week ago in premiere pro cs6 world. one day updated windows, next day few .mp4 video files opened in premiere pro, played fine well, except fact display has green (sometimes multicolour, solid green block) bars in lower third of screen. see screenshot below.   these same files open/display fine in after effects, photoshop , vlc- , quicktime players. i'd read fromyears ago windows updates causing this, removed 1 of therecent kb's no avail. i did install adobemediaencodertrial_64-6.0.3-mul-adobeupdate and dynamiclinkmediaserverretail-1.0.1-mul-adobeupdate and reverted quicktime 7.6 but nothing makes difference.   in end, formatted c:\, reinstalled windows 7 ultimate 64bit , downloaded/installed 260 updates , reinstalled cs6 (and aforementioned ame , dlms updates , qt7.6) it's still same problem.   also tried exporting (part of) 1 of these files, see if wasn't display problem: exported file same properties original has green bars.   what else can do?   thanks in advanc
Read more

Thread: Samba is not authenticating with LDAP

-
hello everyone. i've setup hp proliant server running ubuntu precise 64bit. have server running precise has openldap server running on it. i'm trying samba server authenticate ldap server users able log samba using ldap credentials. followed directions on site: http://raerek.blogspot.com/2012/05/s...sing-ldap.html http://raerek.blogspot.com/2012/05/s...g-ldap_28.html i'm using mac running mountain lion connected samba share when message: "check server name or ip address, , try again. if continue have problems, contact system administrator." when go /var/log/samba/log.workstation [2013/04/02 21:56:33.187358, 0] auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed 'nt_status_unsuccessful' $ testparm load smb config files /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) minimum windows limit (16384) processing section "[oh-fileshare]&qu
Read more