On Wednesday 15 April 2015 13:53:20, Stephen R Guglielmo wrote : > Hi list, > > I have a USB external HDD that I would like to encrypt with a > passphrase. After looking into filesystems, I decided to go with Ext4. > What's the recommended way of encrypting a drive? Do I partition it > first, then encrypt that partition? > > Internet searches lead me to LUKS & cryptsetup. However, the blog and > forum posts I've read are a bit old. I'm running Jessie.
I followed this procedure on Monday and got an encrypted USB disk with LUKS: http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks- cryptsetup-command/ It contains a neat trick to monitor the progress when filling the partition with zeros: pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M It is convenient to monitor the progression as it took more than 4h to fill a 1TB USB3 disk. I understand that filling the encrypted partition (/dev/mapper/backup2) with zeros is equivalent to filling the unencrypted partition (/dev/sdb1) with random data as explained by other procedures. There is one thing I didn't do as described. I initialized the LUKS partition with this command cryptsetup -y --use-urandom -v luksFormat /dev/sdb1 It use /dev/urandom instead of the default /dev/random to generate the master key. The documentation says it is better to use urandom as random may block if the computer entropy is low. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201504151417.48084.frederic.marc...@wowtechnology.com
