jump to navigation

Create an encrypted partition/usb disk December 2, 2009

Posted by claudio in Uncategorized.
Tags: , ,
2 comments

Update 2010/04/30: Addition for the new KB drives.
Update 2012/03/18: up to date with Ubuntu 11.10.

If you are like me and use a laptop as your main computer, you will run out of space very soon. USB disks are a great alternative to store your photography or music collection or, simply, files you don’t use everyday. I always keep backups off-site (a USB disk) and I want to have those encrypted. This is what I did (open a shell):

  1. Install the cryptography software:
    sudo apt-get install cryptsetup
  2. Write some random data to your disk (we will assume it’s called /dev/sdx, type “dmesg” after inserting the disk to figure out the device, or if it’s windows formatted and automounted have a look at the output of “mount”):
    sudo dd if=/dev/random of=/dev/sdx bs=4K
    This will taken a long time, at least a few days (create some IO). A good -shorter- compromise (a day) will be:
    sudo badblocks -c 10240 -s -w -t random -v /dev/sdx
  3. Create a new Linux partition table with cfdisk (create new partition table if asked, chose New and assign all the disk, use a primary partition).
    sudo cfdisk /dev/sdx
  4. Setup a partition using fdsik (compatible with the new 4KB block size drives):
    sudo fdisk -uc /dev/sdxCommand (m for help): d
    Selected partition 1Command (m for help): n
    Command action
    e   extended
    p   primary partition (1-4)
    p
    Partition number (1-4): 1
    First sector (2048-2930277167, default 2048):
    Using default value 2048
    Last sector, +sectors or +size{K,M,G} (2048-2930277167, default 2930277167):
    Using default value 2930277167

    Command (m for help): t
    Selected partition 1
    Hex code (type L to list codes): 83

    Command (m for help): p

    Disk /dev/sdx: 1500.3 GB, 1500301910016 bytes
    81 heads, 63 sectors/track, 574226 cylinders, total 2930277168 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0x4fabbfc4

    Device Boot      Start         End      Blocks   Id  System
    /dev/sdx1            2048  2930277167  1465137560   83  Linux

    Command (m for help): w
    The partition table has been altered!

    Calling ioctl() to re-read partition table.
    Syncing disks.

  5. Create the encrypted partition. Make the paraphase long and difficult to guess:
    sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdx1 -c aes-cbc-essiv:sha256
  6. Create a filesystem (I am using ext4, the chose device and label name is “disk5″, change it to your taste):
    sudo cryptsetup luksOpen /dev/sdx1 disk5
    sudo mkfs.ext4 /dev/mapper/disk5 -L disk5
    sudo cryptsetup luksClose disk5
  7. Mount it going to “Computer” in Nautilus, double clicking the disk and inserting your paraphrase. I chose not let Gnome store the encrypting paraphrase for automounting as it would make encryption as weak as your system password (and we know how to retrieve/change those)…

That’s it!

Reset the Solaris root password June 13, 2008

Posted by claudio in Uncategorized.
Tags: , ,
add a comment

Forgetting the root password (or being replaced without you knowing it). Pretty silly when it happens, but it does happen. Follow this steps if you need to reset the root password of a Solaris system. (more…)

Follow

Get every new post delivered to your Inbox.

Join 127 other followers