rootninja

For basic dm-crypt mappings, there’s four operations: create, remove, status, resize. But create and remove are the old way of doing things. LUKS (Linux Unified Key Setup) is a a disk encryption specification for a method that facilitates compatibility and interoperability.

You’ll need to use a device that’s empty, or one you don’t mind wiping out, because this will not encrypt the existing data. You will use an encrypted mapping to transparently read and write encrypted data so that you and your applications don’t even need to worry about handling any encryption at all; it will just work, trust me. If you need to save data that’s already on the device, then copy it somewhere else, encrypt the storage device, and copy it all back after encrypting.

To figure out which devices are already encrypted:

Now create a new device:
I’m using UUIDs because I think they’re the best way to make sure you’re identifying the correct drive, especially when it’s a networked device. I mean how can you go wrong when the acronym even means “Universally Unique Identifier”. You can just use a regular old device name or label like “/dev/sda3″ or “/HOME” if you want.

If you didn’t add “–verbose –verify-passphrase” when you created it, like I just did, then you better get the passphrase right the first time, because it’s not going to hold your hand and ask twice. If you mess up, don’t just delete the mapping in /dev/mapper and start over because “cryptsetup status blog.rootninja.com” will still show it as active. If you need to start over, just use cryptsetup to remove the mapping and it will handle it for you. Then use the switches when you start over so you don’t mess it up again.

How to remove an encrypted mapping:

At this point you’ll have a new block device named “/dev/mapper/blog.rootninja.com”. You can check the status like this:

Now create a file system on your device using the encrypted mapping:

Don’t use -m 2 if you’re encrypting something heavily used such as /usr as it’s going to reserve only %2 of the blocks for special use super-user stuff, the default is 5%. dir_index makes it use hashed b-trees to sped up lookups in large directories. uninit_bg skips initialization of the block groups. (you’re going to write through the whole thing in a minute anyway, and this is for ext4 only, so if you’re not using ext4, leave this one out). sparse_super saves space by creating fewer superblock backup copies.

Since you’re operating on the encrypted blog.rootninja.com mapping, everything gets written out encrypted. Easy stuff huh… Now that the file system is on there, you should fill it out with garbage data. But instead of using urandom or random as a data stream, just write out zero’s to the encrypted name and let the encryption do its job!

And that’s it… You’re done. Here’s all the options to cryptsetup when you just run it from the command line with no arguments for the heck of it:

If your system was mounting /dev/sda3 (or /HOME, or whatever it was), in /etc/fstab, then change that to /dev/mapper/blog.rootninja.com and make your rc.local prompt you for the password to mount that home partition, or better yet, have it look for a key file on an external drive!. Think of it like one of those little RSA tokens you need on government laptops. If you keep it on your keychain, no one can even boot your machine unless they have your keys, literally.

Linux, security device, diy, encryption, howto, LUKS

This doesn’t look that hard to make!  Pedal powered electricity generator!  Charge your cell phone, laptop, or run a small appliance or two.  This would make a great alternative or supplement to an old gas generator.  When you lose power in a storm you know you’re not going to make it to the gym that week or it’s at the least going to disrupt your routine anyway, so why not stay in shape at home by peddling away!

Or you can buy prebuilt generators.  Mount any old bike on the stand and pedal away.

http://blog.rootninja.com/wp-content/uploads/2008/09/pedalpowered.jpg“>http://blog.rootninja.com/wp-content/uploads/2008/09/pedalpowered.jpg” alt=”" width=”300″ height=”225″ />

http://blog.rootninja.com/wp-content/uploads/2008/09/cyclech.jpg“>http://blog.rootninja.com/wp-content/uploads/2008/09/cyclech.jpg” alt=”" width=”300″ height=”225″ />

http://blog.rootninja.com/wp-content/uploads/2008/09/80×15_rootninja.jpg” alt=”_rootninja_” />

ooo! Shiny... bike, diy, electricity, generator, green, power