[SATLUG] Encrypted Root Partition

David Kowis dkowis at shlrm.org
Fri Mar 21 23:16:55 CDT 2008

Hash: SHA512

I've done it!

You all must share in my jubilation!

Following this guide:

Now I didn't use Gentoo, I used Source Mage. That guide isn't completely
gentoo specific. Most things in there apply to any distro that provides
a tarball chroot of their install. The initscript for the initramfs was
the most useful part. It provides me with an easy way to enter the
passphrase and decrypt the root partition.

So I've got a twofish encrypted / and swap. There's even support for
software suspend2 (which is now called tuxonice).

The second longest part of this was doing all the steps by hand. The
first longest part was filling the drive with entropy so that it cannot
be seen where the encryption begins and ends.

I've not noticed a lot of slowdown either. This is a Dell Latitude C640
that I got from work. It's got a Pentium 4m 1.8Ghz cpu. Maybe I'm just
biased by my old craptop (Dell Latitude somethingorother pentium 3
1ghz). I'll run some hd benchmarks or something in a while to see how
much slower it is. Twofish is supposed to be pretty quick from what I

~From the limited reading I've done, twofish is also seen as better than
AES. There's a few known cryptanalsys attacks against AES. They haven't
completely broken it yet, but they've gotten through 9 of the 14 rounds
of AES.[1] That's a little too close for me :/ Twofish has no known
cryptanalsys attacks. And Bruce Schneier[2] co-wrote it, and it's based
on blowfish.

"Bruce Schneier found the inverse of the constant zero function." [3]

[1] http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
[2] http://en.wikipedia.org/wiki/Bruce_Schneier
[3] http://geekz.co.uk/schneierfacts/
- --
David Kowis
|       www.ronpaul2008.com      |    www.sourcemage.org         |
|      Ron Paul for President!   |   SourceMage GNU/Linux        |

"Political Correctness is a doctrine, fostered by a delusional,
illogical, liberal minority and rabidly promoted by an unscrupulous
mainstream media, which holds forth the proposition that it is entirely
possible to pick up a turd by the clean end."
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the SATLUG mailing list