On Sun, Jun 7, 2020 at 4:08 AM Dale <rdalek1...@gmail.com> wrote: > > I still don't think I'm ready to try and do this on a hard drive. I'm > certainly not going to do this with /home yet.
If you have a spare drive or just a USB stick lying around, set it up on that. Then you can test that it mounts on boot and prompts for a password and all that stuff. Or you can use a loopback filesystem using a file on your hard drive. That is pretty safe as long as you don't enter "/bin/bash" as your loopback filename or whatever. I'm not sure if that will correctly mount itself automatically at boot though, as I'm not sure if the various service dependencies are set up to handle it (the drive containing the file has to be mounted first). > I notice that one can use different encryption tools. I have Blowfish, > Twofish, AES and sha*** as well as many others. I'd stick with AES. If you're trying to keep the NSA out of your hard drive and you think they're part of a conspiracy to get people to use AES despite having cracked it, then I don't know what to tell you because they're probably going to get you no matter what you do... :) AES is probably the most mainstream crypto system out there and is considered very secure. It is also widely supported by hardware and all recent Intel/AMD CPUs. 128-bit keys are the most standard. Linux supports 256-bit though if you use that I'm not sure if hardware-acceleration is available. -- Rich
