Encryption is becoming more and more recommended and less and less for the tinfoil hat wearing type. It’s not uncommon to hear of people in the tech world encrypting their harddrives just for the purpose of extra security. I personally encrypt my laptop; both the Windows side I keep for image and audio/video editing, and the GNU/Linux side I use for everything else.
But, while popularity of full disk encryption is on the rise, it’s from my experience that many people actually understand it beyond, “It means that if someone gets my laptop, they can’t access my files,” which is only half correct; full disk encryption will protect you from an adversary accessing your files if your machine is off at the time it falls into the wrong hands.
All GNU/Linux operating systems that I am aware of, support the use of dm-crypt to do full disk encryption, since it’s built directly into the Linux kernel itself as of kernel 2.6. However, not all graphical installation utilities included with some distributions give full disc encryption as an option.
To install the dm-crypt tools if they are not already available use
- apt-get update
- apt-get install cryptsetup
When encrypting your system at the initial install, one of two ciphers will be used, depending on your distribution:
- aes-xts-plain64:sha256 (More common nowadays)
- aes-cbc-essiv:sha256 (More common in older distribution versions)
Both of these utilize AES, which is the very same cryptography used when we talk about SSL, TLS, and programs like Veracrypt also utilize it. The hashing algorithm is SHA-256, which is also industry standard. Neither AES nor SHA-256 are known to have any holes in them, or to have been broken, so if you select to encrypt your install; you can be assured that your setup is reasonably safe.
Strong Passwords are key
With that being said, you absolutely MUST ensure you use a secure password. Passwords such as, “password123” can be figured out within minutes or even seconds by amateurs, never mind adversaries with know how, or botnets, or supercomputers. A good example of a secure password would be something like, “!gh$mXjkKE4%72#Mxnb%$k3@!” Which would be next to impossible to crack before you died old age.
Note: The secure password protects your encrypted partition or drive. Since you cannot save the password to a password manager on the drive, you either need to memorize it, or use another means to remember it (another password manager on your smartphone for instance).
Now, this leaves a question of how does one create a secure password like the example, that you can actually remember? I’ll teach you my method; it may not work for you, but it might!
First, think of a song that you REALLY enjoy. Let’s say the song is “Michael Jackson – Dirty Diana.” Pick any part of the song that stands out in your mind, I selected:
Diana walked up to me,
She said I’m all yours tonight
At that I ran to the phone
Sayin’ baby I’m alright
I said but unlock the door.
Because I forgot the key.
She said he’s not coming back
Because he’s sleeping with me
Now, we want to take the first letter of each word, and add symbols and capital letters. How I like to do this is rotate each ‘sentence’ into caps/nocaps. After each sentence, I also add a symbol. An example of this could be:
[email protected]#sbia$ISBUTD%biftk^SSHNCB&bhswm*
As you can see, the song Dirty Diana now became a highly secure password, and easy to remember; each sentence has been either capitalized or not, and I’ve added a symbol after each sentence, in order, down the keyboard number keys. If you can remember the song, you can remember this password.
This password is secure. Could it be more secure? Probably, is anyone ever going to manage to brute-force that? I’d be willing to bet everything I own, not.
This method may or may not work for your memory, but perhaps it will spark another method for you!
Final Words
I personally recommend everyone encrypt their hard disks. There is a negligible performance hit that on modern hardware you likely won’t even feel, but it adds a lovely layer of extra security on your devices. Even if you “Have nothing to hide,” why wouldn’t you take extra security measures when they are available to you? But remember, you could use every encryption method in the book, but if you use weak passwords, it won’t matter!
How about you, do you encrypt? Do you have another method for creating strong passwords?