Disk Encryption: LUKS

Photo by Dayne Topkin on Unsplash

I know a lot of folks who setup a root password on Linux or account password on Windows without encrypting their drives, anyone can easily bypass these password with something as simple as a live boot disk. The weakest link in the chain is TOO WEAK to be reasonably secure.

So, here I will discuss a simple tool called cryptsetup to encrypt drives on Linux.

We need to encrypt our internal HDD (root) and external HDD that contain your data.

1. Install-time root encryption

I was capturing screenshots for writing this blog when I found an easy to follow tutorial by CryptoDad:

- Part 1: https://www.youtube.com/watch?v=etzJAG_H5F8
- Part 2: https://www.youtube.com/watch?v=yJdBIigQcVw
- Part 3: https://www.youtube.com/watch?v=JyA4owRVUls

2. Pendrive / External HDD encryption

NOTE: Remember to move device data elsewhere before starting with these steps. All data in the device will be deleted.

1. Let's install cryptsetup:

Debian & it’s derivatives:

sudo apt update
sudo apt cryptsetup

Fedora & it’s cousins:

sudo dnf install cryptsetup-luks

2. Find the partition:

Identify the path to the partition you want to encrypt:

sudo blkid
Say, I want to encrypt the device with labelled “ATFS”, then, I’ll note path “/dev/sdb1” in the image.

3. Secure delete partition:

Before encryption, I would recommend you to shred everything from the device:

shred -vzn 2 /dev/sdb1
# v - Verbose
# z - Add a final overwrite of 0s to hide shredding
# n 2 - Make 2 passes

4. Encrypt!

sudo cryptsetup -key-size 512 -hash sha512 -v luksFormat /dev/sdb1 --verify-passphrase

5. Open encrypted drive:

sudo cryptsetup luksOpen /dev/sdb1 <NAME>

6. Create ext4 filesystem:

sudo mkfs.ext4 /dev/mapper/<NAME>

Now you are good to go, enjoy your encrypted external HDD / pendrive.

Note: You can close LUKS partition when you are done:

sudo cryptsetup luksClose /dev/mapper/<NAME>

If you have any questions or you think I should clarify some step in more detail, please reach out to me on Twitter.

Hope this makes disk encryption more accessible for you.

Stoic. Existentialist. Optimistically Nihilist. Snowdenist. Friendly. Confident. Perfectionist. Creative. Playful. Programmer. Philosopher.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

FROM OSINT PROJECT TO MAKING MILLIONS HACKING DATABASES FOR BUG BOUNTY

The Lookout: Five Guides For Not Being Blocked While Scraping The Web

Cybersecurity 101: Is There Really Such a Thing As e-Privacy?

Disconnect Visualize Page: H&M Canada

AADHAR DATA LEAKED

“Non-Fungible Apes” Collection Role Requirements for NFT HODLing Program

InfoSecSherpa’s News Round Up for Tuesday, September 7, 2021

{UPDATE} High Ground Sports Bike City Hack Free Resources Generator

How to hide your IP address.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
atb00ker

atb00ker

Stoic. Existentialist. Optimistically Nihilist. Snowdenist. Friendly. Confident. Perfectionist. Creative. Playful. Programmer. Philosopher.

More from Medium

Integrating Lua with C: Part 7

Building a Wordle Solver

A narrow escape from a storage disaster