This method is good enough to prevent low entropy attack.
Main requirements:
1. Linux Ubuntu Hardy Heron
2. Cryptsetup
3. cryptmount
1.Prepare your kernel for encryption capability:
- apt-get install cryptsetup
- modprobe aes-i586
- modprobe dm-crypt
- modprobe dm-mod
2. Prepare a hard disk partition, for example I use /dev/sda2. Fill it with random data, to make it much harder for an attacker to breach.
dd if=/dev/urandom of=/dev/sda2
This process will take lots of time, about only 1.5 M/s write troughput, so 30GB partition might take around 6 hours to finish. It’s your call, wether leave it or fill it.
But if you don’t fill it with random data, an Attacker could possibly guess where is your actual data resides on the encrypted file system.
3. Use cryptsetup to make a new password:
cryptsetup -y –cipher aes-cbc-essiv:sha256 –key-size 256 luksFormat /dev/sda2
4. Make a new mapper device:
# cryptsetup luksOpen /dev/sda2 fortress
5. Create a new file system in /dev/mapper/fortress
#mkfs.ext3 /dev/mapper/fortress
6. Mount this new device:
# mount /dev/mapper/fortress /media/fortress/
To unmount this partition:
# umount /dev/mapper/fortress
# cryptsetup luksClose fortress
Be sure to recognize the weaknesses of this encryption, if they are exist….
Isih kelingan ngapdet blog tho?
Comment by -=«GoenRock®»=- — July 30, 2008 @ 3:46 pm
iyo kelingan ngupdate blog…
Comment by arifah — February 10, 2009 @ 11:51 am