Silk Road forums
Discussion => Security => Topic started by: generalm3sS on November 04, 2011, 07:18 pm
-
Well, Linux mint but the same thing :)
I just got myself a little MSI wind u230 cheap and put linux on it for 'business' on here and stuff that is critical. I was just wondering what programs and software etc you all would recommend for Linux Debian. I've never really had to bother with encryption and definitely don't have the experience on linux that i would like (Although i'm from the MS-DOS era :))
I know linux is pretty secure already but i wanted beef it up if possible and encrypt my data securely.#
Thanks in advance ;)
-
Truecrypt.
Full disk encryption, with the option for a second hidden, deniable operating system. Use one incredibly complex pass-phrase, and sleep tight knowing that your data is safe.
Keepass.
Use your second incredibly complex pass-phrase here. Then everything you sign up for can have 32, 64 or even more random character passwords. Hell, throwaway email accounts used for one time registrations still get 32 chars, because, why not?
Tor.
The browser bundle is always the best bet. To upgrade, simply save off your bookmarks, extract the new version, and import the old bookmarks. Once you're sure the new version has the correct info, toss out the old version.
sudo apt-get update && apt-get install
Run this daily, religiously. Or set it up as a task. There's no reason not to, and countless reasons in favour.
-
Ignore any advice if someone recommends you Truecrypt for Debian. First of all, Truecrypt can't do "full system encryption" on any Linux system.. its Windows only. Second... Debian has its own full system encrytpion built into the installer.. so use that.
When you install debian, see the advanced install options, and choose full system encryption. This means that all the partitions except the boot partition will be encrypted. You can't encrypt the boot partition, because your system BIOS will need to read off it. But this doesn't matter because no data data of any kind is stored there except the required boot loader (GRUB usually).
-
Ignore any advice if someone recommends you Truecrypt for Debian. First of all, Truecrypt can't do "full system encryption" on any Linux system.. its Windows only. Second... Debian has its own full system encrytpion built into the installer.. so use that.
When you install debian, see the advanced install options, and choose full system encryption. This means that all the partitions except the boot partition will be encrypted. You can't encrypt the boot partition, because your system BIOS will need to read off it. But this doesn't matter because no data data of any kind is stored there except the required boot loader (GRUB usually).
Thanks for this, It's what i got told by a friend and i think i will install Debian (not linux mint) as i dont really like mint too much. Think i prefer Ubuntu even and i think im more old scholl so debian sounds like a plan. Just as ive got most things sorted too :/
NVM, This is a must, Thanks for heads up, much appreciated ;)
-
Ubuntu has a encrypted system option with the installer too. Debian and Ubuntu are both good options.......
-
Also some bonus info and 1337 tip...
Debian/Ubuntu uses the same standard/grade encryption algorithms as available in Truecrypt. Given a strong password, its proven to be uncrackable by way of brute force so far to date. News about a popular US agency seizing a PC and cracking at it for a year was with no success.
However
The method to beat Truecrypt/Debian/Ubuntu encrypted partitions is to sneak into your home when you are away, and bug the boot partition. Then after you next login, the encryption keys have been snatched.
So, the super 1337 tip of you want it... when you're asked to create/select a boot partition, you can choose to make it on a USB, and just keep the USB with you on your keyring or whatever. Not essential, but if your laptop is going to be home alone a lot, and if you're hell bent on added level of obscurity, then this is worth doing.
-
Cheers man, I knew ubuntu was based on debian, and mint is based on ubuntu, have mint removed this option?
Another thing, if you use a USB drive, Does it ALWAYS have to be connected once booted? Thats super safe :)
-
Have you tried Tails yet, by any chance. I also use Debian, on home pc, but after trying first Privatix, then Tails and liberte linux, I ended with Tails...I like that Tails has zero data persistence and just erases everything...I just immediately run an apt-get update then install keypassx and upgrades and get rolling....keep my keepass and pgp files in storage online, I like swissdisk.com myself, but some prefer wuala or even dropbox...
...sounds like you're doing really good setting up your own system, tho, and this way you will have persistence, which Tails doesnt...I kind of wanted to install it on xpud ha ha...
and, fwiw, I use keepassx rather than keepass or keepass2 as keepassx, after update of Tails is available...
But anyway, that's probably the funnest part of being on SilkRoad...other than the obvious...is all the fun linux stuff going around, and some experts here have really helped me a lot, that's who got me started with tails and privatix...
-
i MAY LOOK INTO THAT ACTUALLY MATE, Sorry caps :/
Do you know if it will work if i also do the encryption thing with debian as lexusmiles said, or will the be confliction?
sorry for noobish questions and thanks ;)
-
Ignore any advice if someone recommends you Truecrypt for Debian. First of all, Truecrypt can't do "full system encryption" on any Linux system.. its Windows only. Second... Debian has its own full system encrytpion built into the installer.. so use that.
http://www.truecrypt.org/ and my laptop running Ubuntu on a deniable hidden o/s would beg to differ.
-
Ignore any advice if someone recommends you Truecrypt for Debian. First of all, Truecrypt can't do "full system encryption" on any Linux system.. its Windows only. Second... Debian has its own full system encrytpion built into the installer.. so use that.
http://www.truecrypt.org/ and my laptop running Ubuntu on a deniable hidden o/s would beg to differ.
In all fairness then generalm3sS, ignore advice that says you "can't" do the Truecrypt + Debian system encryption (or just ignore me altogether if you can...). I tried it not so long ago and must have misinterpreted the info available at: http://www.truecrypt.org/docs/system-encryption (you can see it only lists Windows OSs).
As the saying goes, "There's more than 1 way to skin a cat", and the system encryption on that link is probably not how you would approach the Linux setup...
So... Variety, please do accept my humblest apology.
So as to not waste this moment however... and after some research of my own.. I'm curious the general sequence of steps to get a bootable Linux / Truecrypt setup. I thinking:
(i) Install Linux
(ii) Install Truecrypt
... and then what????
For Windows its easy, just encypted the installed OS.. but for Linux I'm guessing its something like creating a truecrypt partition, installing truecrypt bootloader, getting bootloader to call grub after decryption, then installing a new linux on the truecrypt partition..? Or is there a way easier way???