|
2010-05-26
, 21:31
|
Posts: 292 |
Thanked: 131 times |
Joined on Dec 2009
|
#22
|
I've been using an encrypted partition ever since Jebba published his cryptsetup and modified kernel.
On my SD card, I have a tiny vfat partition for when I need to reflash (because of other reasons than encryption). The rest of the 16Gb I have in a separate encrypted partition... I'm using it all the time, no probs whatsoever.
All the pics etc. taken with the phone go there etc. and of course all data...
In my opinion this is a must, if you lose your phone or it gets stolen, it's painful, but at least your data is gonna be safe and unuseable.
|
2010-05-26
, 21:40
|
Posts: 292 |
Thanked: 131 times |
Joined on Dec 2009
|
#23
|
So, you're thinking about "plausible deniability"? (...)
I understand the need in that situation, but it's not related to actually finding out what's stored on the device.
|
2010-05-26
, 21:45
|
Posts: 726 |
Thanked: 345 times |
Joined on Apr 2010
@ Sweden
|
#24
|
If you don't know whether it is there or not, it would be harder to try to find out what's stored.
Example:
Attacker looking for photos taken by N900.
Situation A
Attacker finds a folder with a few encrypted files, each ranging from 800KB to 1.2MB
Situation B
Attacker finds only a file with a 1GB encrypted content. Further studies of this file shows that the data written there looks a lot like ramdom garbage.
Isn't it clear what situation is safer?
See above.
|
2010-05-26
, 21:50
|
Posts: 292 |
Thanked: 131 times |
Joined on Dec 2009
|
#25
|
I'm only talking about encrypted file systems and not files encrypted one by one. Situation A has, as far as I know, never been mentioned by me (apart form a suggestion for encryption of separate files before venturing into FS land).
|
2010-05-27
, 07:02
|
Posts: 451 |
Thanked: 334 times |
Joined on Sep 2009
|
#26
|
1) So you've only encrypted the SD card. The eMMC disk is still unencrypted?
2) When and how do you enter the password for the encrypted partition?
The Following User Says Thank You to 白い熊 For This Useful Post: | ||
|
2010-05-28
, 01:06
|
Posts: 292 |
Thanked: 131 times |
Joined on Dec 2009
|
#27
|
After the device boots, the first thing I do is open the terminal and cryptmount... the SD.
Jebba's kernel had a framebuffer enabled, so you'd be able to see prompts for the pass and enter it. Now however I'm using Titan's overclocking kernel, and would have to mess with recompiling and the initrd... No go for me.
If you do it, let us know here...
|
2010-06-02
, 19:40
|
Posts: 6 |
Thanked: 17 times |
Joined on Jun 2010
|
#28
|
The Following User Says Thank You to wirr For This Useful Post: | ||
|
2010-06-04
, 02:47
|
Posts: 451 |
Thanked: 334 times |
Joined on Sep 2009
|
#29
|
I'm currently running my n900 with encrypted swap, /home /home/user/MyDocs.
This is possible thanks to jebbas kernel, which allows for pw input on the framegrabber console.
|
2010-06-05
, 07:15
|
Posts: 6 |
Thanked: 17 times |
Joined on Jun 2010
|
#30
|
start on started sgx stop on starting shutdown console output script /etc/init.d/cryptdisks start initctl emit CRYPT_OK end script normal exit 0
start on CRYPT_OK
sfdisk -l Disk /dev/mmcblk0: 977024 cylinders, 4 heads, 16 sectors/track Units = cylinders of 32768 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls #blocks Id System /dev/mmcblk0p1 1 873600 873600 27955200 0 Empty /dev/mmcblk0p2 873601 939136 65536 2097152 0 Empty /dev/mmcblk0p3 939137 971904 32768 1048576 0 Empty /dev/mmcblk0p4 971905 974976 3072 98304 0 Empty
cat /etc/crypttab # <target name> <source device> <key file> <options> docs /dev/mmcblk0p1 none luks userdata /dev/mmcblk0p2 none luks swap1 /dev/mmcblk0p3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256 tmp1 /dev/mmcblk0p4 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256
cat /etc/fstab # autogenerated rootfs / rootfs defaults,errors=remount-ro,noatime 0 0 /dev/mapper/swap1 none swap sw 0 0 /dev/mapper/userdata /home ext3 rw,noatime,errors=continue,commit=1,data=writeback 0 0 /dev/mapper/docs /home/user/MyDocs vfat noauto,nodev,noexec,nosuid,noatime,nodiratime,utf8,uid=29999,shortname=mixed,dmask=000,fmask=0133,rodir 0 0 /dev/mapper/tmp1 /tmp ext3 defaults,noatime 0 0
The Following 4 Users Say Thank You to wirr For This Useful Post: | ||
On my SD card, I have a tiny vfat partition for when I need to reflash (because of other reasons than encryption). The rest of the 16Gb I have in a separate encrypted partition... I'm using it all the time, no probs whatsoever.
All the pics etc. taken with the phone go there etc. and of course all data...
In my opinion this is a must, if you lose your phone or it gets stolen, it's painful, but at least your data is gonna be safe and unuseable.