evur<p>Reinstalling NixOS, but with LUKS this time 🔒❄️ </p><p><a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a> <a href="https://mastodon.social/tags/nixos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nixos</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
norden.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Moin! Dies ist die Mastodon-Instanz für Nordlichter, Schnacker und alles dazwischen. Folge dem Leuchtturm.
Administered by:
Server stats:
3.5Kactive users
norden.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#luks
4 posts · 4 participants · 0 posts today
Christian Pietsch<p><span class="h-card" translate="no"><a href="https://framapiaf.org/@marczz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>marczz</span></a></span></p><p><strong>Why you should use full-disk encryption</strong></p><p>If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.</p><p><strong>You will fail to delete drives properly</strong></p><p>Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like <code>shred</code> don't work. <code>hdparm</code> may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.</p><p><strong>The law demands it</strong></p><p><a href="https://fedifreu.de/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> and similar data protection and privacy laws require you to store no <a href="https://fedifreu.de/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.</p><p><strong>Law enforcement makes "mistakes"</strong></p><p>I'm a board member of <span class="h-card" translate="no"><a href="https://fedifreu.de/@Artikel5eV" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Artikel5eV</span></a></span>, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.</p><p>There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.</p><p>You already mentioned that ordinary thieves can also be a problem.</p><p><strong>Encryption is available for free</strong></p><p>So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. <a href="https://fedifreu.de/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> is reliable free and open-source software for HD encryption. If you are not using Linux, check out <a href="https://fedifreu.de/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VeraCrypt</span></a>. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.</p><p><a href="https://fedifreu.de/tags/storageEncryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>storageEncryption</span></a> <a href="https://fedifreu.de/tags/hardDiskEncryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardDiskEncryption</span></a> <a href="https://fedifreu.de/tags/encryptAllTheThings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryptAllTheThings</span></a></p>
marczz<p><span class="h-card" translate="no"><a href="https://fedifreu.de/@chpietsch" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>chpietsch</span></a></span> I was wondering if enabling <a href="https://framapiaf.org/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> on a running server has really a benefit. Of course if thieves enter your place, unplug the server and take it the disk is protected. But this scenario is not so usual. Most often the attacker get access to your live server. Once the server is booted and the disk is unlocked, all data on the encrypted volume is accessible to anyone with access to the system. This makes encryption ineffective against attackers who compromise a running server.</p>
Christian Pietsch<p>Lately I've been doing more <a href="https://fedifreu.de/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> again due to the current situation. Of course, I'm paying particular attention to power consumption and noise. After good experiences with the <a href="https://fedifreu.de/tags/ARM64" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ARM64</span></a> architecture, even with power-hungry applications such as <a href="https://fedifreu.de/about" rel="nofollow noopener noreferrer" target="_blank">Mastodon</a>, I'm now using the smartphone technology for my homeservers, too.</p><p>There are <a href="https://fedifreu.de/tags/SBCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SBCs</span></a> with more open hardware, but the <a href="https://fedifreu.de/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaspberryPi</span></a> is widely available, well documented, powerful and inexpensive. And it is available with up to 16 GB of RAM.</p><p>Anyone operating a server on the Internet must install <a href="https://fedifreu.de/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> updates quickly. However, many people forget to restart running software so that the new version runs instead of the old one. The <a href="https://fedifreu.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>needrestart</span></a> tool helps with this on Debian-based Linux systems, which unfortunately is usually not pre-installed.</p><p>On my Raspberry Pi 4, <code>needrestart</code> always runs correctly (automatically after <code>apt upgrade</code>). On my Raspberry Pi 5, however, I first had to create a configuration file as described by the main developer here:<br><a href="https://github.com/liske/needrestart/blob/master/README.raspberry.md" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/liske/needrestart/b</span><span class="invisible">lob/master/README.raspberry.md</span></a><br>Previously, the tool <em>always</em> claimed that a reboot was necessary because it thought an outdated Linux kernel was running.</p><p>Next, I want to activate <a href="https://fedifreu.de/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> hard drive encryption on both raspis. Unfortunately, this is not as easy under <a href="https://fedifreu.de/tags/Raspbian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Raspbian</span></a> or <a href="https://fedifreu.de/tags/RaspberryPiOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaspberryPiOS</span></a> as on other Debian systems. If you have managed this: Please let me know how you did it!</p><p><a href="https://fedifreu.de/tags/rpi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rpi</span></a> <a href="https://fedifreu.de/tags/rpi5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rpi5</span></a> <a href="https://fedifreu.de/tags/raspi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>raspi</span></a> <a href="https://fedifreu.de/tags/raspberrypi5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>raspberrypi5</span></a> <a href="https://fedifreu.de/tags/homeserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homeserver</span></a> <a href="https://fedifreu.de/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://fedifreu.de/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhost</span></a> <a href="https://fedifreu.de/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a></p>
Khurram Wadee ✅<p>My experience with <a href="https://mastodon.org.uk/tags/FlashDrives" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FlashDrives</span></a> recently has been mixed. I have no problem in encrypting them with <a href="https://mastodon.org.uk/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a>, using <a href="https://mastodon.org.uk/tags/cryptsetup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptsetup</span></a> or with formatting a partition with <a href="https://mastodon.org.uk/tags/Btrfs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Btrfs</span></a>, for instance, using <a href="https://mastodon.org.uk/tags/gparted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gparted</span></a> and doing other tinkering with <a href="https://mastodon.org.uk/tags/Gnome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gnome</span></a> <a href="https://mastodon.org.uk/tags/disks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disks</span></a>. But the problem has been with the actual drives themselves. The cheaper ones seem to have quite a few bad sectors, etc. and so they’re not really reliable for medium term storage.</p><p>1/2</p><p><a href="https://mastodon.org.uk/tags/Hardware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hardware</span></a> <a href="https://mastodon.org.uk/tags/StorageDevices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StorageDevices</span></a> <a href="https://mastodon.org.uk/tags/Unix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Unix</span></a> <a href="https://mastodon.org.uk/tags/GNU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GNU</span></a> <a href="https://mastodon.org.uk/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.org.uk/tags/Fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedora</span></a></p>
conscientious objector🇨🇭🪂<p><a href="https://swiss.social/tags/Corona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Corona</span></a> Infektionen sind ein Problem für MS Patienten. </p><p>Case Report vin 2024 aus <a href="https://swiss.social/tags/Luzern" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Luzern</span></a> </p><p><a href="https://swiss.social/tags/SRF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SRF</span></a>: Das ist nicht relevant für die Öffentlichkeit, da chronisch Erkrankte irrelevant sind. Geht ins Restaurant! Das Plexiglas war teuer! </p><p><a href="https://www.cureus.com/articles/334436-highly-aggressive-multiple-sclerosis-relapse-during-pregnancy-following-sars-cov-2-infection-a-case-report-and-literature-review#!/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cureus.com/articles/334436-hig</span><span class="invisible">hly-aggressive-multiple-sclerosis-relapse-during-pregnancy-following-sars-cov-2-infection-a-case-report-and-literature-review#!/</span></a></p><p><a href="https://swiss.social/tags/Luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Luks</span></a> <a href="https://swiss.social/tags/Schweiz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Schweiz</span></a> <a href="https://swiss.social/tags/SRF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SRF</span></a></p>
Andrej Shadura<p>Each time I needed to migrate my data to a new SSD with LVM and LUKS, I struggled a lot, until I figured this out properly. I have documented all necessary steps in this document:</p><p><a href="https://gist.github.com/andrewshadura/58098ea35471f2067bf9e5a33aec0c35" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/andrewshadura/</span><span class="invisible">58098ea35471f2067bf9e5a33aec0c35</span></a></p><p><a href="https://mastodon.social/tags/lvm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lvm</span></a> <a href="https://mastodon.social/tags/lvm2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lvm2</span></a> <a href="https://mastodon.social/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a></p>
Ben<p>One big plus for the <a href="https://vmst.io/tags/hetzner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hetzner</span></a> cloud is that you can install you vm from an <a href="https://vmst.io/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> ISO so you can <a href="https://vmst.io/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> <a href="https://vmst.io/tags/encrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypt</span></a> the disk with your own keys.</p><p>First comes the new bastion host, then a fresh <a href="https://vmst.io/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a> instance and 2 <a href="https://vmst.io/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> Servers will follow.</p><p>And their <a href="https://vmst.io/tags/StorageBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StorageBox</span></a> allows for <a href="https://vmst.io/tags/Borg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Borg</span></a> and <a href="https://vmst.io/tags/Restic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Restic</span></a> backups.</p><p><a href="https://vmst.io/tags/EncryptAllTheThings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EncryptAllTheThings</span></a> <a href="https://vmst.io/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://vmst.io/tags/unplugtrump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unplugtrump</span></a></p>
Dirk Wouters<p>Arch Linux mit vollständiger Festplattenverschlüsselung </p><p>GRUB Bootloader zusammen mit LUKS2 und BTRFS Dateisystem Die Einrichtung von Arch Linux mit vollständiger Festplattenverschlüsselung durch LUKS2 bietet ein hohes Maß an Sicherheit für Benutzerdaten und Systemintegrität. LUKS2 (Linux […]</p><p><a href="https://mastodon.social/tags/arch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>arch</span></a> <a href="https://mastodon.social/tags/btrfs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>btrfs</span></a> <a href="https://mastodon.social/tags/grub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>grub</span></a> <a href="https://mastodon.social/tags/installation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>installation</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a> <a href="https://mastodon.social/tags/luks2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks2</span></a> <a href="https://mastodon.social/tags/verschl%C3%BCsselung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>verschlüsselung</span></a></p><p><a href="https://dirkwouters.de/arch-linux-mit-vollstaendiger-festplattenverschluesselung/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dirkwouters.de/arch-linux-mit-</span><span class="invisible">vollstaendiger-festplattenverschluesselung/</span></a></p>
SPdevALK 🐘️ ☑️<p><span class="h-card" translate="no"><a href="https://mastodon.green/@funkybuddha" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>funkybuddha</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@gooba42" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gooba42</span></a></span> wow, spoke too soon… recent <a href="https://mas.to/tags/debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>debian</span></a> trixie kernel 6.12.17 wrecked my <a href="https://mas.to/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a> boot sequence. No mentioning of anything <a href="https://mas.to/tags/fde" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fde</span></a> <a href="https://mas.to/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a> or disk encryption changes in the release notes…</p>
Codeschubse, Fediverse Bat<p>n <a href="https://ohai.social/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a>-Passwort, kann man das nachträglich ändern?</p>
boredsquirrel<p><span class="h-card" translate="no"><a href="https://norden.social/@jze" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jze</span></a></span> </p><p>Cool! Erzähl mal, wie sieht das System aus? Welche Distro, was für Sicherheitsanpassungen, Software?</p><p>Gibt es <a href="https://tux.social/tags/RemoteManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteManagement</span></a>, <a href="https://tux.social/tags/Ansible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ansible</span></a> etc?</p><p>Wie sehen nutzeraccounts aus? Separater adminuser?</p><p>Wie kommt da Software rauf, aus welchen Quellen? Wie abgesichert?</p><p><a href="https://tux.social/tags/Antivirus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Antivirus</span></a>? Andere Sicherheitssoftware?</p><p><a href="https://tux.social/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a>? Was für Vorgaben?</p><p>Finde das Thema super interessant und beschäftige mich viel mit Wartung, und wie es besser und sicherer sein könnte.</p><p><a href="https://tux.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://tux.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://tux.social/tags/DigitaleSouver%C3%A4nit%C3%A4t" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitaleSouveränität</span></a></p>
Verband Angiodysplasie Schweiz<p>Zum ersten Mal war der Verband Angiodysplasie Schweiz beim "Rare Disease Day" im Luzerner Kantonsspital vertreten – und es mit war eine total bereichernde Erfahrung! 💛 🫂 </p><p>Ein riesiges Dankeschön an ProRaris für die grossartige Organisation dieser besonderen Veranstaltung. </p><p><a href="https://angiodysplasie.ch/unser-erster-tag-der-seltenen-krankheiten-in-luzern/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">angiodysplasie.ch/unser-erster</span><span class="invisible">-tag-der-seltenen-krankheiten-in-luzern/</span></a></p><p><a href="https://swiss.social/tags/chronicillness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chronicillness</span></a> <a href="https://swiss.social/tags/RareDiseases" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RareDiseases</span></a> <a href="https://swiss.social/tags/SelteneErkrankung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelteneErkrankung</span></a> <a href="https://swiss.social/tags/rarediseaseday2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rarediseaseday2025</span></a> <a href="https://swiss.social/tags/angiodysplasie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>angiodysplasie</span></a> <a href="https://swiss.social/tags/angiodysplasia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>angiodysplasia</span></a> <a href="https://swiss.social/tags/schweiz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>schweiz</span></a> <a href="https://swiss.social/tags/Switzerland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Switzerland</span></a> <a href="https://swiss.social/tags/Luzern" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Luzern</span></a> <a href="https://swiss.social/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a> <a href="https://swiss.social/tags/ProRaris" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProRaris</span></a></p>
Khurram Wadee ✅<p>I managed to create an <a href="https://mastodon.org.uk/tags/encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypted</span></a> <a href="https://mastodon.org.uk/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.org.uk/tags/Filesystem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Filesystem</span></a> on a <a href="https://mastodon.org.uk/tags/USBStick" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USBStick</span></a>. The reason I wanted this is that I want to back up some directories, which contain secure information and also <a href="https://mastodon.org.uk/tags/NTFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NTFS</span></a>, the one that comes on most drives, doesn’t know how to handle <a href="https://mastodon.org.uk/tags/SymbolicLinks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SymbolicLinks</span></a> properly. I don’t need or want to share the stick with any non-Linux machines.</p><p><a href="https://mastodon.org.uk/tags/GNU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GNU</span></a> <a href="https://mastodon.org.uk/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreeSoftware</span></a> <a href="https://mastodon.org.uk/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a></p>
Milan<p>jetzt meldet sich noch ein anderer bekannter der <a href="https://social.tchncs.de/tags/solus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>solus</span></a> updates gefahren hat und jetzt beim boot sein <a href="https://social.tchncs.de/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a> nicht mehr entschlüsseln kann wtf.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://datasci.social/@agu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>agu</span></a></span> 1,2kg is a pretty steep target, but feasible unless you want a 15" 4k monster with dedicaded GPU.</p><ul><li>As with toolfree-swappable storage, that is <a href="https://infosec.space/@kkarhan/112038807117354195" rel="nofollow noopener noreferrer" target="_blank">easy to solve</a> too.</li></ul><p>I'd recommend to use either <a href="https://infosec.space/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a>-encrypted <a href="https://infosec.space/tags/btrfs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>btrfs</span></a> or <a href="https://infosec.space/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VeraCrypt</span></a>-encrypted <a href="https://infosec.space/tags/ext4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ext4</span></a> for portable storage...</p>
Liane M. Dubowy<p>Mein Backup der wichtigsten Sachen habe ich immer dabei – auf einem USB-Stick am Schlüsselbund. Der ist natürlich verschlüsselt, damit im schlimmsten Fall die Daten nicht in falsche Hände geraten. Hier mal ein sehr einfacher Weg, einen Stick oder eine externe SSD/Festplatte unter <a href="https://social.tchncs.de/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> zu verschlüsseln:</p><p><a href="https://youtu.be/bsKOfxbVnjo" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/bsKOfxbVnjo</span><span class="invisible"></span></a></p><p><a href="https://social.tchncs.de/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://social.tchncs.de/tags/dm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dm</span></a>-crypt <a href="https://social.tchncs.de/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a></p>
Multi Purr Puss :verified:<p>In one of your recent stream VODs, <span class="h-card" translate="no"><a href="https://infosec.exchange/@tomlawrence" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tomlawrence</span></a></span>, someone asked, whether they could run <a href="https://layer8.space/tags/ZFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZFS</span></a> on <a href="https://layer8.space/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> - i can answer that; YES*, with an *asterisk.</p><p>I did this for quite some time, until i've decided that it's rather inconvenient to type in my password on every reboot. Now, i'm running LUKS on ZVOLs, in <a href="https://layer8.space/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu</span></a> / <a href="https://layer8.space/tags/qemu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>qemu</span></a> / <a href="https://layer8.space/tags/libvirt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>libvirt</span></a>.</p><p>It's a small home server, and i need a few "privacy insensitive" VMs to auto-start after power-fail.</p><p>All one needs is a block dev, zpool create, done! 😉 …technically</p>
Torsten :verified: :verified:<p>"What makes this attack particularly concerning is its practicality in real-world scenarios. Unlike previous attacks against full-disk encryption requiring precise file location knowledge, CrashXTS succeeds through controlled randomization of encrypted data."</p><p>Benutzt die <a href="https://norden.social/tags/Verschl%C3%BCsselung" class="mention hashtag" rel="tag">#<span>Verschlüsselung</span></a> unter <a href="https://norden.social/tags/Linux" class="mention hashtag" rel="tag">#<span>Linux</span></a> nicht auch <a href="https://norden.social/tags/XTS" class="mention hashtag" rel="tag">#<span>XTS</span></a>?</p><p><a href="https://norden.social/tags/AES" class="mention hashtag" rel="tag">#<span>AES</span></a> <a href="https://norden.social/tags/LUKS" class="mention hashtag" rel="tag">#<span>LUKS</span></a><br /><a href="https://www.cyberkendra.com/2025/01/microsoft-patches-critical-bitlocker.html" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">cyberkendra.com/2025/01/micros</span><span class="invisible">oft-patches-critical-bitlocker.html</span></a></p>
Lord Kusuriya :tower:<p>This is a good write up on why you probably should use a TPM pin if you store your LUKS keys in your TPM, and probably implement PCR15 if you can too <a href="https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">oddlama.org/blog/bypassing-dis</span><span class="invisible">k-encryption-with-tpm2-unlock/</span></a></p><p><a href="https://hackers.town/tags/tpm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tpm</span></a> <a href="https://hackers.town/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://hackers.town/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://hackers.town/tags/luks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>luks</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload