-2

How can I encrypt my entire drive in Ubuntu using TrueCrypt? This means every time i boot i need enter a password. Now I only see in TrueCrypt to create a volume or encrypt USB for example and use it as volume, but I want the whole drive to encrypt.

Marko M.
  • 1
  • 2
  • this requires a reinstall, as the partitioning of your drive needs to be changed. – ravery Nov 04 '17 at 10:44
  • @ravery to what my drive needs to be changed... Explain how to do it please. Thanks. – Marko M. Nov 04 '17 at 10:49
  • https://help.ubuntu.com/community/FullDiskEncryptionHowto – ravery Nov 04 '17 at 10:56
  • @ravery i know that article but i never saw in installation: Encrypt the new installation for security. – Marko M. Nov 04 '17 at 10:59
  • @ravery I just saw: Encrypt home folder thats all, and i never saw terminal in installation so i can enter all these commands... – Marko M. Nov 04 '17 at 11:00
  • the setup is done from LiveCD before installing. I have never encrypted myself so cannot give detailed help. I just know that you have to have an unencrypted boot partition so grub can boot and unlock the encrypted partition – ravery Nov 04 '17 at 11:03
  • still not know what to do :( – Marko M. Nov 04 '17 at 12:08
  • @MarkoM. I hope my answer settles the matter. You're right, you don't know what you're doing and I wager that stems from a fundamental misunderstanding about the purpose of encryption. First understand it then decide if you need it and in such case decide about about the best strategy for your specific case. Do not put the cart in front of the horse. –  Nov 04 '17 at 18:17

1 Answers1

4

First of all, please understand encryption, what it does and its purpose.*

Then decide if you really need it (I wager you don't because you don't understand yet its purpose). If you do then an encrypted /home should be enough.

In any case, never TrueCrypt. This as been thoroughly explained to you yesterday, don't know why you keep bringing this up. TrueCrypt is dead, VeraCrypt is its replacement but neither can be used for full drive encryption with a system partition inside. TC/VC are "designed" to create/manage encrypted containers (files) or non-system partitions. For a full drive encryption running Ubuntu you would need a native solution like LUKS and it can be easily set up during installation.

  • Encryption is used to secure your data is case you have your hardware stolen. That's it, nothing else to add. It doesn't give you any additional "protection" from online attacks or similar: If you're running the OS then everything is already decrypted. Reason why an encrypted /home should be enough for individuals looking for additional protection for their personal files (provided said files are all inside /home) but, again, that protection is limited to situations where the "attackers" have physical access to your computer. Of course, there are user case scenarios that justify a fully disk encryption because a lot can be inferred by forensics just by analyzing (unencrypted) system logs.
  • If you understand Encryption then you know you should never ask people or tell people why they should use encryption and for what purpose, this is meant to be PRIVATE. And yes I have been working with windows 7 and TrueCrypt for a lot of years, but because w7 is very outdated and TrueCrypt is not supported for new versions of windows I decided to step over to Ubuntu because its much more secure, updated etc, I am just new to this OS. And ofcourse I know about VeraCrypt and LUKS, but I not trust none of these. VC came after TC quited, LUKS is AES-CBN-SHA512 I dont like this encrypti – Marko M. Nov 05 '17 at 10:12
  • I like this encryption as I believe its the strongest for file system encryption now: Serpent-Twofish-AES + Whirlpool, TrueCrypt offers this and probably VeraCrypt too, BUT I do not trust veracrypt as I do not know if you followed the news in the past about when truecrypt ended and suddenly Vc showed up. – Marko M. Nov 05 '17 at 10:14
  • and TC is designed to also encrypt entire drive as well VC is, I know this for sure 100% for windows but for Linux I do not know. – Marko M. Nov 05 '17 at 10:16
  • @MarkoM. And why not simply use PGP to encrypt your files? I use it daily with a 8092Bit. And just because LUKS is made by a community does not mean you can not trust it, even the opposite, there are many more eyes on it as there ever where on truecrypt/veracrypt. Means holes are quicker fixed, means nobody will be easily sneak in unapproved code etc. – Videonauth Nov 05 '17 at 17:43
  • 2
    Counter with just encrypting /home: If someone pulls an evil maid attack on you, they can replace a binary (say /usr/bin/firefox) with something that copies all encrypted files over to somewhere decrypted. If you want safe encryption at rest, you need to use full-disk encryption. And yes, LUKS is currently the best way to do that. – Kaz Wolfe Nov 06 '17 at 04:08
  • The reason why i prefer truecrypt over other solutions is because the BSI - Bundesamt für Sicherheit in der Informationstechnik ( Federal Office for Information Security ) has analyzed TrueCrypt in one of it's studies and came to the conclusion that there are a few possible scenarios for attackes to steel the keys, but the overall conclusion was that it is safe to use. https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2015/Sicherheitsanalyse_TrueCrypt_19112015.html + this audit https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf – AlexOnLinux Jan 19 '18 at 16:37
  • @AlexOnLinux The VeraCrypt team audited and supposedly corrected at least some of those. TC shouldn't be used now, there's no point and no reasonable person would assume TC is safer than VC. This whole discussion was prompted by the OP's fundamental ignorance (and other thing I'd rather not mention because I'm already hearing the political correctness police sirens in the distance ;)). –  Jan 19 '18 at 16:45