-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Richard M. Conlan wrote: > Any recommendations of good dongle-based hard-drive encryption software? >
Your best bet for dongle-based encryption in linux would be to use dm-crypt luks. A good, general guide: http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS And then this link will demonstrate how to store the keys on your usb dongle (last question): http://luks.endorphin.org/faq I used this to encrypt my computers. I stored the keys for my drives on the dongle. But I also encrypted the dongle. So I used the gentoo wiki guide and changed some things around so the initrd image would decrypt my dongle then cat the keys to cryptsetup. One really good pass phrase on one encrypted dongle will decrypt all my drives. I also made an encrypted backup of the passphrases onto a floppy and stored them outside of my property. Hope this helps. It is, at least, one suggestion. Sincerely, Doug > ~RMC > > Paul de Vrieze wrote: >> On Friday 17 February 2006 23:49, Robert Larson wrote: >>> On Friday 30 September 2005 02:02 pm, J.A. wrote: >>>> I have a separate gateway/firewall (in.thesame.net) but I forgot the >>>> user name and password. It was setup with openna.com security >>>> procedures about four years ago. >>> openna.com mentions nothing (I didn't see it) about securing your BIOS >>> or boot loader. This means that you can download knoppix and boot it >>> (assuming you have a bootable cdrom, you may need to change bios >>> settings). >> >> Don't forget the padlock on the case. Otherwise the bios can be reset, >> including the password. Also be aware that most bios passwords can >> easilly be cracked, so don't make it equal to another password. >> >> Of course a padlock is not going to stop the really determined. One >> can easilly open the case in a different way, or just cut the padlock >> away. If you want real "security" the only way to go is to encrypt >> your harddisk. (This means you need to type the passphrase for the key >> at bootup, or have a dongle) >> >> Paul >> - -- How do I know the past isn't fiction designed to account for the discrepancy between my immediate physical sensations and my state of mind? /~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net> \ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu) X Against HTML Key fingerprint: / \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFD+ehXkqDBd8TkShkRA1HAAJ9df1VhUa+Enk1vHqCpaQpMXeEyNwCgsIYY CtACPC/ExqEpmfvKepoqVmI= =gp3m -----END PGP SIGNATURE----- -- gentoo-security@gentoo.org mailing list
