[CS-FSLUG] Full Disk Encryption?
Greg Slade
grgaslists at rogers.com
Thu Nov 15 21:47:09 CST 2007
I have a machine that I'm planning to use as a Linux testbed. (I'm
thinking of installing Xubuntu, because it's pretty old: an IBM 266 MHz
Pentium II with 256 MB of RAM.) The plan is to learn Linux so I can
support Linux users on an encrypted E-mail network. Here's the thing,
though: in order to connect any computer to the network, that computer's
hard drive has to be encrypted. For Windows users, the network has
standardised on an application which encrypts the whole hard disk. You
can't even boot without the password. (The encryption utility leaves a
stub in the Master Boot Record, and when you enter the password
correctly, then it decrypts the disk so you can boot into Windows.)
However, it also has a "back door": if you have forgotten your password,
you can press a key, and get a string of characters. Then, you E-mail
(on another computer) or phone or fax, or otherwise transmit those
characters to your helpdesk, and leave your computer running. (If you
shut it down, you'll need to generate a new string.) The helpdesk uses
that string to generate a one-time password to get you back into your
computer. Unfortunately, this software only supports Windows, and not
even all versions of Windows, so Linux is right out.
What I need to know is, is there a Linux utility which can provide the
same features:
- secure full disk encryption, so you cannot boot without the password,
and mounting the drive in another machine won't help, because
everything's encrypted.
- a "back door" for the help desk to help those who have forgotten their
password. (In my experience, this is the single most common source of
help desk calls.)
Thanks in advance.
God bless,
Greg
More information about the Christiansource
mailing list