On Thu, 27 Jan 2011 05:25:20 +0000 (UTC) T o n g <mlist4sunt...@yahoo.com> wrote:
> Thanks everyone who commented. > > On Thu, 27 Jan 2011 00:07:21 +0100, tv.deb...@googlemail.com wrote: > > >> - First very noob question, I don't want whole disk encryption, just > >> want to encrypt some selected already partitioned partitions. If > >> someone mount those encrypted partitions, will they shows up as empty > >> or, there are some hints that the partitions have been encrypted? > > > > Don't know what you mean exactly by "show up as empty", with ecryptfs > > the mountpoint will indeed be empty unless the crypted directory is > > open. . . > > My this question seems to have confused most people. What I wanted to > know is how would the partition appears to normal Joe. Now my > understanding is the following. are they correct? > > The encrypted partition will appear as unformatted -- with no files > system on it, if you just simply want to do 'mount /dev/sdx' (just like > how Linux partitions normally appear to Windows). Even if one read its > physical sections, they will appear as "random" numbers. Oh, wait, > cryptsetup, has a pretty standard header, so an expert can at least tell > that the partition is encrypted with cryptsetup, but whether he can > decipher or not is a different story. > > Is about correct? Pretty much, although I'm no expert. > Further, does disk encryption access the partition directly? I mean, does > the 'cryptsetup luksFormat /dev/sdxn' care what type of partition > (ext2/3, fat, etc) /dev/sdxn is? You seem to be confusing partitions with filesystems here. cryptsetup works on raw partitions - the filesystems go on top of the encrypted volume: /dev/sdxn -> luks volume -> filesystem > Now another question, which nobody seems to have noticed/mentioned. > > Since CBC encryption is a "recursive algorithm, the encryption of the n-th > block requires the encryption of all preceding blocks, 0 till n-1." [1] > Now, does it mean if my HD has a bad block in the middle, then all the > remaining data will be gone entirely? > > 1. http://clemens.endorphin.org/LinuxHDEncSettings This seems correct - Wikipedia also says that with CBC: "Note that a one-bit change in a plaintext affects all following ciphertext blocks." http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29 Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110127090252.3fbfae63.cele...@gmail.com
