Linux (Ubuntu) full disk encryption

Discussion in 'privacy technology' started by Stifflersmom, Jan 4, 2013.

Thread Status:
Not open for further replies.
  1. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45
    I understand Truecrypt is popular for windows and Filevault on OS X, but can someone tell me how to employ full disk encryption on Ubuntu?

    I've seen a lot of recommendations from the privacy community to use Ubuntu but I haven't been able to find a full disk encryption utility.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Use LUKS encryption and LVM. The easiest way is using Debian-derived alternate install discs. AFAIK, Ubuntu and Xubuntu have them. You'll probably need to do manual partitioning, especially if you want RAID too. Google for instructions. It's OK to bail and start over, if you mess up. I don't recommend dual boot.
     
  3. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Are you installing Ubuntu 12.10? That installer comes with the option for full disk encryption. I think it's just general aes-256-cbc though but other ciphers are available manually.

    If using a previous Ubuntu version, you'll either need to use the alternate installer (can be a headache with partitioning) which automatically gives you logical volumes (which aren't necessary), or you can set up your encrypted volumes in the live session with cryptsetup. Here's a good guide to do that, and in aes xts.
    http://blog.markloiseau.com/2012/05/ubuntu-aes-xts-plain64/

    An easier option is to just encrypt /home, any Ubuntu installer can do that but again, aes-cbc.
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Used the alternate CD in 11.04. Encrypted LVM because that's what the guide I used had. Wasn't too difficult, took maybe 2 tries. One Tip, if you *do* want to Dual Boot (I used Win 7 as a decoy) is to specify an external SD or USB device as /boot. That way, you carry your bootloader on your person when not in use. There's no denying what LUKS is though, so there's no plausible deniability.

    PD
     
Loading...
Thread Status:
Not open for further replies.