On Wednesday 15 April 2015 13:53:20, Stephen R Guglielmo wrote :
> Hi list,
> 
> I have a USB external HDD that I would like to encrypt with a
> passphrase. After looking into filesystems, I decided to go with Ext4.
> What's the recommended way of encrypting a drive? Do I partition it
> first, then encrypt that partition?
> 
> Internet searches lead me to LUKS & cryptsetup. However, the blog and
> forum posts I've read are a bit old. I'm running Jessie.

I followed this procedure on Monday and got an encrypted USB disk with LUKS:

http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-
cryptsetup-command/

It contains a neat trick to monitor the progress when filling the partition 
with zeros:

pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M

It is convenient to monitor the progression as it took more than 4h to fill a 
1TB USB3 disk.

I understand that filling the encrypted partition (/dev/mapper/backup2) with 
zeros is equivalent to filling the unencrypted partition (/dev/sdb1) with 
random data as explained by other procedures.

There is one thing I didn't do as described. I initialized the LUKS partition 
with this command

cryptsetup -y --use-urandom -v luksFormat /dev/sdb1

It use /dev/urandom instead of the default /dev/random to generate the master 
key. The documentation says it is better to use urandom as random may block if 
the computer entropy is low.

Frederic


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/201504151417.48084.frederic.marc...@wowtechnology.com

Reply via email to