<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Thank you for your help.<br><br><div>> Date: Fri, 28 Feb 2014 21:55:28 -0600<br>> From: goeko@Goecke-Dolan.com<br>> To: tclug-list@mn-linux.org<br>> Subject: Re: [tclug-list] Do strong root passwords prevent alternative access?<br>> <br>> With Xubuntu 13.10 I setup partition encryption, with it's own <br>> passphrase via the installation gui. Asks for passphrase then boots and <br>> asks for login.<br>> <br>> I am pretty sure it has been possible to do partition encrypting for a <br>> while, I don't believe it has been in the gui installer until recently.<br>> <br>> Here is an article that tells how to do partition encryption in Ubuntu <br>> 12.04...<br>> <br>> http://newspaint.wordpress.com/2012/09/21/full-disk-encryption-on-xubuntu-precise-12-04/<br>> <br>> Now not full disk.. but full partition (Although I haven't tested <br>> it...hummm.). Not sure that encrypting the boot partition will gain you <br>> a whole lot more security ?<br>> <br>> ==>brian.<br>> <br>> <br>> On 02/28/2014 08:18 AM, Jeremy MountainJohnson wrote:<br>> > Ultimately, the length and complexity of the password / use of keys is<br>> > what makes encryption good. Nearly all the common encryption<br>> > algorithms out there are crackable if physical control is compromised<br>> > and weak keys are used. Speaking from experience, all but one below<br>> > I've been able to crack years ago with a decent gpu / distributed<br>> > processing and weak pass-phrase (less than 12 chars). Keep in mind,<br>> > more chars is not always correlated to success of encryption, refer to<br>> > targeted dictionary attacks, rainbow tables, and the chair to keyboard<br>> > factor.<br>> ><br>> > * Ubuntu (and I believe Debian) give ecryptfs option for home<br>> > directories (folder level encryption) via the gui installer. Tied to<br>> > your user account password, which is it's weakness, strong pw hashes /<br>> > salting help a lot for exposed passwd and shadow files<br>> > * TrueCrypt can also do a home directory or simple container in Linux,<br>> > with pass-phrase and various keys, but not full disk encryption unless<br>> > on Windows<br>> > * Several paid options out there, often for enterprise, McAfee is a<br>> > common one, handle full disk, complex encryption for nearly all<br>> > platforms<br>> > * More manual options include dm-crypt + LUKS, with pass-phrase and<br>> > various key options (similar to a more manual and CLI like Windows<br>> > BitLocker). Does the job well, but tough upfront learning curve<br>> ><br>> > --<br>> > Jeremy MountainJohnson<br>> > Jeremy.MountainJohnson@gmail.com<br>> ><br>> ><br>> > On Fri, Feb 28, 2014 at 3:59 AM, gregrwm <tclug1@whitleymott.net> wrote:<br>> >> agreed. afterall anything is possible. but little is likely.<br>> >><br>> >> you can be as paranoid as you like. or, you can try relaxing a bit.<br>> >><br>> >> but logic can't cure paranoia. humor perhaps has a better chance. hence<br>> >><br>> >> "just because you're paranoid doesn't mean they're not out to get you!"<br>> >><br>> >><br>> >> _______________________________________________<br>> >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>> >> tclug-list@mn-linux.org<br>> >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list<br>> >><br>> > _______________________________________________<br>> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>> > tclug-list@mn-linux.org<br>> > http://mailman.mn-linux.org/mailman/listinfo/tclug-list<br>> ><br>> <br>> _______________________________________________<br>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>> tclug-list@mn-linux.org<br>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list<br></div> </div></body>
</html>