What is Digg?33 Comments
- scrubadub, on 10/12/2007, -0/+4I'm glad it's getting out to people. It's using device mapping encryption that will work with (just about) any linux box. If you have a 500mhz cpu there's no huge reason to not use encryption. And unlike windows crappy encryption, you can encrypt the entire root filesystem, not just non system files / folders
http://gentoo-wiki.com/SECURITY_Encrypting_Root_Filesystem_with_DM-Crypt_with_LUKS - mooninite, on 10/12/2007, -0/+4What's cool about this is that you could have your setup everywhere! Especially with the new 4gig and 8gig thumb drives that are coming out. You could move from computer to computer with the exact same OS and files... lets see Windows do that on a flash drive.
- jeranon, on 10/12/2007, -0/+4Very nice... testing on my Thumby... I'll keep y'all posted...
- eklitzke, on 10/12/2007, -0/+4It's cut and paste. It can't get much simpler than that. If you're used to Windows, you can copy and paste in *nix systems by highlighting the text you want to copy, and then middle clicking somewhere (e.g. in a terminal) to paste.
EDIT: I meant to reply to the comment above (by synaesthesia) - synaesthesia, on 10/12/2007, -1/+4Apparently my definition of simple varies from the original poster's. All the same, it does look interesting.
- acousticiris, on 10/12/2007, -0/+3This is a fantastic idea, not from the perspective of being able to "take your setup with you" (which, realistically, the doc explains how to install a pretty limited configuration), but being able to take a subset of your configuration along with you is great.
I'm glad that the authors had the foresight to "think security first" with regard to encrypting the root partition. My thumb drive is on a key chain with my car-keys. I use it for transferring information from place to place, and keep my PasswordSafe, and a subset of emergency financial information (800 numbers to my bank cards, accounts, et. al.).
Most people don't even *think* about what they're storing and where they're storing it, so just encrypting the volume at the outset prevents the irregular heart-beats that follow the realization that the thumbdrive you lost on your way to work has enough on it for someone else to *become* you.
I have lost two drives in the last three years because the plastic clip breaks out of wear. Up until a couple of days ago, I used a proprietary application to encrypt my data (TrueCrypt now solves that). I'd imagine at this point I will forgo all of that...
This is a very well written HOWTO. Windows users will probably be scared away by seeing shell commands they don't recognize, but it appears that anyone could follow it...just cut/paste. - lowkey, on 10/12/2007, -0/+3For more information on LUKS (Linux Unified Key Setup) see: http://luks.endorphin.org/
- lowkey, on 10/12/2007, -0/+3Yes, the howto explains just enough to get the base system installed. After that it is easy to use apt-get to install anything you may need or want.
For example, to install X11, KDE and firefox just run:
apt-get install x-window-system xserver-xorg kdebase firefox
Or add tor privoxy for a personal anonymous proxy:
apt-get install tor privoxy
Then point your web browser at the proxy at localhost port 8118.
All of Debians 15,000 packages are available to the user now. So its hardly a subset, the only limit on what you can install is the size of your drive.
- webcrumb, on 10/12/2007, -0/+2Windows PE will run fine from a thumb drive - I have mine on a 1GB thumb and a 60GB USB 2.5" HDD. Does almost as much as a full Windows install (i.e. it will run Firefox et al and OpenOffice.org), and is lightning fast. Do a search for Bart's PE, or go here: http://www.nu2.nu/pebuilder/
- barbobot, on 10/12/2007, -0/+2does bartpe support encryption?
- lowkey, on 10/12/2007, -0/+2Yaird - Yet Another Mkinitrd
For more infor: http://yaird.alioth.debian.org/ - eklitzke, on 10/12/2007, -0/+2If they did so you would be stuck with a thumb drive that was only formatted as big as the one in the example (e.g. 256 MB regardless of how big your thumb drive actually is).
- lowkey, on 10/12/2007, -1/+3It can be that easy and there are other projects that do just that.
But the data isn't encrypted and upgrading or customizing is a major task. - webcrumb, on 10/12/2007, -0/+1"does bartpe support encryption?"
Yes, you can add TrueCrypt and store everything important inside an encrypted file or partition.
I should also have added that WinPE supports NTFS read/write, which is very useful for recovery and "last-minute backup." ;) - lowkey, on 10/12/2007, -0/+1Download and install VMWare Player. Then download a Debian image file and run it. You should be able to perform the install from within the VMWare environment.
Good Luck. - STDOUBT, on 10/12/2007, -0/+1FTA:"NOTE: This howto will only work if your device has been detected as /dev/sda because of how mkinitrd.yaird works." ...."mkinitrd.yaird"? -Never heard of that.
I'm familiar with the original Debian how-to, what I have yet to find is a concise how-to for
installing an OS on a *hard drive* encrypted at time of install. Not just the root, but the whole thing. - barbobot, on 10/12/2007, -0/+1Does bartpe support ext2 filesystems?
- Krellan, on 10/12/2007, -0/+1I have found it useful to just install Knoppix onto a 1GB thumbdrive.
The 700MB CD-ROM image fits rather nicely, giving just under 300MB of free space remaining on the thumbdrive.
Knoppix doesn't use encrypted partitions, instead, it uses a large file that contains an encrypted filesystem. This actually works out better for installations designed to be portable, like USB keys. The reason is that device letters can often change on various computers, depending on what other drives are installed: for example, sda, sdb, sdc....
By using a file instead of a partition, Knoppix can just search for this file, on all devices it can see. It saves having to directly mount a device, and then having that mount fail because the location changed. Also, the size of this file can be changed without having to repartition/reformat!
Also, the main Knoppix CD-ROM data doesn't need to be encrypted, as there's no secrets there, and it remains read-only. So, you get a little better speed, as the entire USB key doesn't need to be encrypted.
Here's my writeup of how to get Knoppix nicely installed to a USB key:
http://www.knoppix.net/forum/viewtopic.php?t=23558
This is slightly different from the method described on the FAQ, for various reasons I mention in the forum. - webcrumb, on 10/12/2007, -0/+1"Does bartpe support ext2 filesystems?"
It does, but read-only: http://www.bootcd.us/BartPE_Plugin_Details/58/Explore2fs.html - Kahnza, on 10/12/2007, -1/+2Those are simple instructions? Looks like about 10 pages. Why can't you just copy the contents of a Knoppix CD to a USB drive and boot from it? Why can't it be that easy?
- barbobot, on 10/12/2007, -0/+1its working fine now
- davs, on 10/12/2007, -0/+1this tutorial is absolutely fantastic. easy to follow .. nice find.
- Kahnza, on 10/12/2007, -1/+1No different than Knoppix is now. But running it off a USB drive would/should be just like running it off a normal HD.
- dusoft, on 10/12/2007, -1/+1page does not exist, please report, too.
- Vineman, on 10/12/2007, -1/+1Page is gone now :(
- barbobot, on 10/12/2007, -1/+1irc.chatjunkies.org #linuxhelp if you need help setting it up lowkey hangs out in there
- Sheco, on 10/12/2007, -0/+0From the article:
"The first thing we want to do is remove any old data from the drive. To do this, we'll use the shred tool which overwrites the media with progressive cycles of random and nonrandom data to make recovery of any old data near impossible. As a final step, shred will overwrite everything with zeros."
Wouldnt that eat away the life of an usb flash drive? - antdude, on 10/12/2007, -1/+1404!
- tiger275, on 10/12/2007, -0/+0Anyone ever done this while running inside XP? I don't have a Linux box to start the install from. How would I start and get far enough that these instructions would take over?
- Sk3pt1k, on 10/12/2007, -0/+0Yes it would. However, it's really worse than that. Flash drives use "wear-leveling" algorithms that distribute writes to cells randomly, updating the flash device's map to look at the new cell for the info. "Shred" tools presume that when they issue a write command to a sector, that a physical sector is being accessed repeatedly. However, if that shred tool issues 35 commands to overwrite a certain sector, the flash drive will likely overwrite 35 random cells, not one cell 35 times. Hell, it may not even overwrite the original cell containing the info even once! The flash drive will just update its cell look-up table to point to the newest cell written to. Therefore, it's best to encrypt the entire drive because erasing files just doesn't really work on flash drives. The data, or some portion of it, is likely still sitting there after you "shred" a file.
- dadzilla, on 10/12/2007, -1/+0Couldn't someone create this as a disk image which could be cloned onto a freshly formatted thumb drive?
- en3r0, on 10/12/2007, -5/+3Great resource! Tis a good find.
__________
-en3r0
http://virtenu.com
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is