digg

Join DiggAbout

Donkeys and Elephants and Delegates,oh my!
Check out the most popular Elections 2008 content on Digg.

Ubuntu 7.10 Supports Install-Time Encryption

phoronix.com — If you have wanted to encrypt your Ubuntu installation on your hard drive quickly and easily, with Ubuntu 7.10 "Gutsy Gibbon" it's become even easier now that the alternate installer supports encrypting partitions. This Ubuntu encryption from the installer uses dm-crypt, partman, and partman-crypto.

Bury
show profanity settings
expand all
  • jy802, on 10/22/2007, -3/+21Just what I've been waiting for! My employer will be pleased.

    Now only if more government officials encrypted their drives, so we can stop hearing about laptops being stolen with sensitive information and personal records being exposed... Damn identity theft.
  • Darkhacker, on 10/22/2007, -0/+16Won't this severely impact performance? Does anyone have any estimate as to how much of a performance hit we are talking here?
    • phioust, on 10/22/2007, -1/+15I dont have any numbers... but reading big files ( movies, tv shows ) from disk is noticably slower and puts the cpu at 100% usage very quickly
      • vexx, on 10/13/2007, -0/+1I currently have this set up on my laptop with Debian and I don't even notice a performance decrease. I never have 100% CPU usage just for watching videos or even playing games. Not any that have high requirements (because I have integrated graphics), but Starcraft and Diablo 2 run just fine without any noticeable performance hit.
    • noahhoward, on 10/19/2007, -8/+4With the rate technology advances does it even matter anymore?
      • thcobbs, on 10/19/2007, -7/+5YES! I mean if I can't have my porn in .1124 seconds, it's not WORTH it!
    • thcobbs, on 10/12/2007, -9/+3Exactly.

      I've never understood the need of encrypting the entire drive unless its a data storage unit at a High Security complex. Just a simple encrypted partition to store important documents should really be sufficient.
      • jopsen, on 10/19/2007, -1/+9There's temporary files, configuration files, and cache everywhere else... The most safe thing todo when dealing with sensitive data is to encrypt the hole disk
        • EbilPhish, on 10/12/2007, -1/+1Not in UNIX systems there aint, you only have write access to your /home/username folder and /tmp. Possibly some system data in /var/ such as /var/log and printer spools etc... also /root if you ever use root for anything. Maybe more config files in /etc. In most use cases /home is enough provided you aren't worried about config setting being knowns and don't store passwords in /etc files.

          A majority of stuff is in /bin /usr/ /lib /share where nothing is writable, these shouldn't be encrypted since it will cause slowdowns for no reason.

          Swap space should also be encrypted but thats another partition anyway
      • sancho, on 10/19/2007, -1/+8What ends up happening is that people don't mount the encrypted volume on boot, then they want to save something sensitive, and they think, "Well, it will be okay just this once if I save it to an unencrypted partition. I'll move it over later." Security is hard and it is onerous, and unless a person is really dedicated to it, they're going to take shortcuts.

        Encrypting the whole drive may seem like overkill, but at least if you want to use the computer AT ALL, you're forced to mount it, meaning anything you save will be "secure."
        • EbilPhish, on 10/12/2007, -0/+2If your only using a normal user account then its not possible to store files in anywhere except /home/username there might be some tempory or cached files in /tmp, /var and the swap partition.

          Granted you could deliberately login as root and put them somewhere else but why would anyone do that unless it was on purpose.
          • sancho, on 10/13/2007, -0/+2On Windows, that's simply not the case.
      • williamdyer, on 10/19/2007, -3/+4Because our government is a bunch of snooping pigs. Until we can put them on trial, stay safe as you can.
    • MikeCerm, on 10/22/2007, -1/+7It will depend on the exact implementations, but there will probably be between 40% and 180% slowdown, if these benchmarks (of other FDE solutions) are to be believed.

      http://www.xml-dev.com/blog/index.php?action=viewt ...

      If you actually need the security of full-disk encryption, then the performance hit is worth it. If you're a regular person, TrueCrypt and KeePass are enough.
      • thcobbs, on 10/19/2007, -5/+1Honestly though... is this full disk encryption? Or is this "full install partition encryption with unencrypted boot partition?

        And if you WERE going to use full disk encryption, wouldn't you be using something like a RAID card that interfaced at a hardware level and encrypted the data on the back end?
        • MikeCerm, on 10/19/2007, -0/+5Is your argument purely semantic?

          Does it matter if you've got an unencrypted boot partition, if there's no sensitive data there? If you could encrypt that, your BIOS would still be unencrypted. If you have an encrypted BIOS, there has to be something unencrypted somewhere to decrypt that.
    • elusive, on 10/22/2007, -1/+8It is not noticeable for normal use. Full-drive encryption has been available for a long time now through the Debian installer with LUKS. I have used it since Etch was released on a laptop with no noticeable drawbacks.

      I prefer the full-drive encryption because I it is easier to manage and I don't have to worry about leakage into unencrypted areas. (swapfile, copies, etc.)
    • truegodofwar, on 10/22/2007, -0/+5I've encrypted my home partition and I don't notice any slowdown.
  • phioust, on 10/19/2007, -39/+0yay for ubuntu fanboys .... gentoo has had this since 2005
    http://gentoo-wiki.com/SECURITY_System_Encryption_ ...
    • Chakat, on 10/19/2007, -0/+31It's had it, but has anyone finished compiling things yet so they can actually use it?
    • Gerbil_Juice, on 10/19/2007, -0/+13How dare we be excited we're getting a useful new (for our distro of choice) feature.
    • Izacus, on 10/19/2007, -0/+22So did Ubuntu, but you had to set it up manually... just like in Gentoo.
    • jgtg32a, on 10/11/2007, -1/+7@Izacus
      It counts for Gentoo because you have to set everything up manually anyway. ;P
      • azprofessional, on 10/19/2007, -0/+15I think what he means is:

        Real 'nix users sit and code all day instead of going on dates. Ubuntu is for people who like going out, getting laid and not having to return to a pile of drivers to rewrite and a half working OS.

        Ubuntu is such a menace *shakes fist* how dare moderate computer users get excited about getting off the windows fix with an easy to use platform.

        Massive respect to anyone and everyone who worked to get Ubuntu this solid. I owe you all a round of beers anytime.
  • jrattner1, on 10/12/2007, -12/+6Too bad gentoo doesn't have the hardware support that ubuntu does though...sorry phioust better lucky next time :) Gentoo is weak sauce
    • Frankablu, on 10/11/2007, -1/+3Different distribution don't have different hardware support.
      They all support the exact same hardware as each other. (Newer versions of the Linux kernel obviously support more but that goes without saying)
      Some hardware may be more difficult to setup in different distributions however.
      • MasteRR, on 10/11/2007, -0/+4Wrong. Not every distro ships with every module. And some ship with different versions of different drivers. And not every distro has a "restricted driver manager". And then there are the closed source modules provided by vendors that only work on specific distros.
        • richbradshaw, on 10/12/2007, -1/+2Yeah, but in theory you can compile in those modules and compile drivers yourself.

          Obviously, there's little point nowadays.
      • atrain, on 10/12/2007, -0/+1Gentoo used to come with NOTHING, and you'd compile the kernel from scratch. Now, Gentoo comes with a kernel, but its useless to have a gentoo machine without building your own kernel. Most hardware drivers are in the kernels themselves, but most binary blob drivers gentoo distributes as well (eg: nvidia, ati, etc).
        Gentoo has a huge repository, definitely comparable to that of ubuntu.
      • atrain, on 10/12/2007, -0/+1Gentoo used to come with NOTHING, and you'd compile the kernel from scratch. Now, Gentoo comes with a kernel, but its useless to have a gentoo machine without building your own kernel. Most hardware drivers are in the kernels themselves, but most binary blob drivers gentoo distributes as well (eg: nvidia, ati, etc).
        Gentoo has a huge repository, definitely comparable to that of ubuntu.
    • phioust, on 10/12/2007, -9/+1wtf are you talking about? distros dont support "hardware". you show your true ignorance by saying such retarded things. Distros are wrappers around the kernel. Unless ubuntu is writing drivers themselves and not allowing other distros to use them, your argument of "ubuntu supports more hardware" is just retarded
      • sancho, on 10/12/2007, -0/+5Default configurations of different distributions support different hardware. For example, Ubuntu supports everything on my notebook by default, whereas with Debian -unstable, I have to do a bit of manual configuration to get my wireless adapter working. Same kernel, different distribution, different out-of-the-box support.
    • deroderugridder, on 10/11/2007, -2/+1you are an idiot..

      anyway, nothing beats my gentoo server in speed but for my workstations I use Ubuntu cause I'm too lazy to keep track of all the changes at desktoplevel
  • xelerated, on 10/12/2007, -0/+19From that gentoo wiki "It's worth pointing out that while this document was written for Gentoo based systems in mind, it should be generic enough to be used with other meta-distributions as well."

    So its not really gentoo thats had this, it was available for all systems. I think gentoo was a good idea, but im years past the "i want to compile my own crap for kicks" stage. I just want my system to WORK.
    • phioust, on 10/12/2007, -8/+1only stage 3 is supported now... so all you are compiling is applications you want to use unlike ubuntu which comes with 800mb of crap you are never going to use half of
      • McTendo, on 10/11/2007, -1/+4Homer: You know what you could do, Apu ...
        Apu: Shut up.
        Homer: You could fake your own death ...
        Apu: Shut up!
        Homer: All you need is a bomb...
        Apu: I can't believe you don't shut up!
  • Optimistic, on 10/11/2007, -2/+3I like Ubuntu (I use Debian which is quite similar), but why use it instead of just normal Debian?---Debian Testing had this months ago.
    • thcobbs, on 10/11/2007, -1/+3Where do you think Ubuntu got it from?

      Ubuntu is derived directly from the "Testing" with their own patching and re-branding.
      • Optimistic, on 10/11/2007, -1/+2Yes, I know Ubuntu is derived from Debian Testing---and that's my question. Why not just use Debian Testing? It has more packages as far as I know. Does Ubuntu have advantages that I don't realize?
        • thcobbs, on 10/11/2007, -1/+5Ubuntu has a paid staff maintaining, debugging, and issuing updates to their branch of the debian testing tree.

          Effectively, they let the community do all the "grunt work" and then polish it up for their release. And did I mention they offer support?
        • andycr512, on 10/11/2007, -0/+2Better out of the box hardware support. Debian had issues with a great deal of my hardware which Ubuntu had no problem with out of the box, and nobody in the IRC channel had anything more constructive to say than "Do you -really- need it to work?"
        • Fartag, on 10/11/2007, -0/+1I've run both and installed Debian on a desktop years ago, and a laptop fairly recently, Ubuntu inbetween those on another desktop. It seemed that Ubuntu won on easier install and initial setup, but it also seems like Debian wins (under Debian unstable) by the sheer number of updated packages streaming through. I think after setup they may be very similar aside from different repo sources, and maybe some minor things like using iceweasel instead of firefox on Debian (same thing from my vantage but it has a cool (pun intended!) iceweasel icon ..) but I may be missing something too since I've been concentrated mostly on Debian these days..
    • tofuoni, on 10/12/2007, -0/+3My view on Ubuntu is that it adds UI wizbang - kind of like what Mac OSX adds to BSD. I still use debian for my servers at home. I don't think the Ubuntu adds anything of substance to a server. But to answer your question, why use Ubuntu - my answer is that I use it when I want to build a desktop machine, when I need the extra wizbang that it adds to a desktop install.
  • Ademan, on 10/12/2007, -1/+2If only there was install-time LVM support on the desktop cd...
    • Icetype, on 10/17/2007, -0/+1I always use the server CD and then sudo apt-get install ubuntu-desktop. That way you get LAMP automagically. Gusty adds the option for a ton of other server services that you used to have to figure out how to setup yourself. 7.04 only had DNS and LAMP.
  • mgreenly, on 10/12/2007, -0/+4The reason you want this type of encryption and not just an encrypted data store is because it's extremely difficult to know exactly what fragments of your data applications will leave around in tmp directories or in cache. An encrypted store is good for storing data but not for using the data.
  • nabeelshana, on 10/12/2007, -2/+3available on opensuse10.3 too...
  • CarzorStelatis, on 10/22/2007, -2/+4Wonderful. Now if your hard drive develops a fault, not only is the data on the bad sectors inaccessible, but the whole damn thing is. Of course, this could be useful for some people (I'm thinking those accessing sensitive military/corporate data) so good on Ubuntu for giving us the _option_.
    • echelon309, on 10/12/2007, -1/+2Not true. As long as you still have the key, you can decrypt any readable and uncorrupted sector.
  • hacim, on 10/22/2007, -0/+7lets give credit where credit is due. The ubuntu installer is the Debian installer, and Debian developed and implemented install-time encryption and has had it for some time now. Ubuntu has just synced back up with its core (Debian) and thus is getting this feature.
  • SourceClosed, on 10/18/2007, -14/+1Already in Windows Vista Ultimate Edition. Nothing new. Buried.
    • kinghajj, on 10/18/2007, -0/+6Uh, no, not really. Vista requires that you have a TPM chip or (if you do some hacking) a flash drive. If person steals your entire computer, there's no real security. With Debian/Ubuntu, you have to input the password at boot, every time.
      • Coldkill, on 10/18/2007, -0/+4The guys a troll. Notice he's called SourceClosed....and in his profile it says his name is William Gates...
        • Icetype, on 10/18/2007, -0/+1Wow, a windows troll. Don't see too many windows fanboys anymore.
          • Tenoq, on 10/13/2007, -0/+2I think my sarcasm-o-meter is broken. Are you kidding?
  • Lammin, on 10/12/2007, -12/+0Linux is gay
  • darthchaosrspw, on 10/22/2007, -1/+8Who gives a damn if it's already been available for other OSes? It's available for Ubuntu now. Some people like Ubuntu. Some like openSUSE. Some like Mac OS X. Some like Windows. Who gives a damn?! All they want is an OS that just works. Ubuntu works for me. That's all that matters to me. If you want to use Windows, then by all means use Windows. If you want to use Mac OS X, then by all means use Mac OS X. If you want to use Linux, then use Linux. Nobody's forcing you to choose an OS. Just go with what you want. This fanboi crap is tiring.
  • Canadian0207, on 10/13/2007, -0/+5I've used Gutsy Gibbon beta, and this is the best version I've seen of Linux yet. I've been skeptical of Linux OS's until now. I can't wait for the official release of 7.10
    • darthchaosrspw, on 10/13/2007, -0/+1I like how Ubuntu 7.10 will have separate folders for Documents, Pictures, Videos, Music, and so on in your home folder upon installation of the OS. I liked how Linux Mint 3.0/3.1 did this. No longer will I have to right-click and create new folders for these. And the fast user switching from the taskbar? That's nifty as well. Ubuntu is already my favorite OS, but with all these improvements, Ubuntu could possibly end up becoming a SERIOUS Windows rival. Sooner or later, the corporate shills at FOX News and CNBC will have to admit that Ubuntu is a serious alternative. Unfortunately right now, on the corporate shills such as FOX News, free/libre open-source software is just as much a taboo subject as 9/11 Truth.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.