[opensuse] how to password protect a portable harddrive for data exchange between windows and Linux?
I haven't worked with Windows in 10+ years, but now I occasionally have the need to transfer data (usually large amounts) from a customer Windows (XP or newer) machine to our local Linux machines - usually on a portable 2Tb USB-connected harddrive. This is generally done ad-hoc, so no real time or possiblity to prep the source Windows system with software etc. Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-) All pointers appreciated. -- Per Jessen, Zürich (16.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/12 17:32, Per Jessen wrote:
I haven't worked with Windows in 10+ years, but now I occasionally have the need to transfer data (usually large amounts) from a customer Windows (XP or newer) machine to our local Linux machines - usually on a portable 2Tb USB-connected harddrive. This is generally done ad-hoc, so no real time or possiblity to prep the source Windows system with software etc.
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
All pointers appreciated.
Aren't there external HDDs available which have password protection? I think Western Digital have such HDDs. BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.5.0-2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Basil Chupin wrote:
On 07/08/12 17:32, Per Jessen wrote:
I haven't worked with Windows in 10+ years, but now I occasionally have the need to transfer data (usually large amounts) from a customer Windows (XP or newer) machine to our local Linux machines - usually on a portable 2Tb USB-connected harddrive. This is generally done ad-hoc, so no real time or possiblity to prep the source Windows system with software etc.
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
All pointers appreciated.
Aren't there external HDDs available which have password protection? I think Western Digital have such HDDs.
I think the password feature is built into the harddisks these days, but does it work with Windows out-of-the-box? I am hoping for a scenario like this: (0. prep harddisk) 1. send harddisk to customer 2. customer connects disk and copies over data 3. harddisk is sent back to me. 4. copy data to local Linux systems Data should be protected against theft and prying eyes while in transit (2-4). The amount of effort in step 0 and 4 is not critical. -- Per Jessen, Zürich (16.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/12 17:54, Per Jessen wrote:
Basil Chupin wrote:
I haven't worked with Windows in 10+ years, but now I occasionally have the need to transfer data (usually large amounts) from a customer Windows (XP or newer) machine to our local Linux machines - usually on a portable 2Tb USB-connected harddrive. This is generally done ad-hoc, so no real time or possiblity to prep the source Windows system with software etc.
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
All pointers appreciated. Aren't there external HDDs available which have password protection? I
On 07/08/12 17:32, Per Jessen wrote: think Western Digital have such HDDs. I think the password feature is built into the harddisks these days, but does it work with Windows out-of-the-box?
Only way to find out is to give the distributor a call :-) , but I don't see why it shouldn't work as the password is built-in into the controller on the HDD. [....] BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 & kernel 3.5.0-2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2012-08-07 10:00, Basil Chupin wrote:
On 07/08/12 17:54, Per Jessen wrote:
Only way to find out is to give the distributor a call :-) , but I don't see why it shouldn't work as the password is built-in into the controller on the HDD.
in Linux, look at man hdparm, the "ATA Security Feature Set" section. If it works (I have never tried it) in linux is a CLI command and mount it. In Windows you need a program (?) to access the same features. I would like to know of people using this feature, that they tell their experiences with it... -- Cheers / Saludos, Carlos E. R. (from 12.1 "Asparagus" GM (bombadillo)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Aug 7, 2012 at 7:19 AM, Carlos E. R.
On 2012-08-07 10:00, Basil Chupin wrote:
On 07/08/12 17:54, Per Jessen wrote:
Only way to find out is to give the distributor a call :-) , but I don't see why it shouldn't work as the password is built-in into the controller on the HDD.
in Linux, look at man hdparm, the "ATA Security Feature Set" section. If it works (I have never tried it) in linux is a CLI command and mount it. In Windows you need a program (?) to access the same features.
I would like to know of people using this feature, that they tell their experiences with it...
The ATA security feature is a access control feature, not a encryption feature. I have seen it used on laptops a number of times, but in general if a company wants to have their info encrypted, they don't use the ATA access control feature. I don't recall ever seeing ATA access control used on a desktop computer or on an external disk, and I see a few hundred client drives each year (lots of random clients, so it's a reasonable sample.). fyi: to bypass the access control is not trivial, but there are definitely commercial tools you can buy to do it (~$10K per my understanding) or you can have a data recovery company do it as a service. (Not sure what they charge). Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-08-07 19:49, Greg Freemyer wrote:
On Tue, Aug 7, 2012 at 7:19 AM, Carlos E. R. <> wrote:
I would like to know of people using this feature, that they tell their experiences with it...
The ATA security feature is a access control feature, not a encryption feature.
Ah! That was my most important doubt.
I have seen it used on laptops a number of times, but in general if a company wants to have their info encrypted, they don't use the ATA access control feature.
Make sense. But it can be used as a deterrent against normal thieves, they can not sell the hardware as it costs a lot to recover.
I don't recall ever seeing ATA access control used on a desktop computer or on an external disk, and I see a few hundred client drives each year (lots of random clients, so it's a reasonable sample.).
Interesting. But it can be used, anyway, can it? A friend of mine used some software to erase a disk, and aparently it used the security delete feature with password. He got tired of waiting, killed the software, and the disk was not usable. Fortunately restarting that software got around it, the password they used was fixed and published (or hacked, I don't remember)
fyi: to bypass the access control is not trivial, but there are definitely commercial tools you can buy to do it (~$10K per my understanding) or you can have a data recovery company do it as a service. (Not sure what they charge).
A fair bit, surely. - -- Cheers / Saludos, Carlos E. R. (from 12.1 "Asparagus" GM (bombadillo)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAhWMYACgkQU92UU+smfQVcfwCbB2o55YuI5zlIHRGRSaYLQZZI J6IAn1A3EkDV+14l8ht6mhZ4FN7jQ5d1 =QKXQ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Aug 7, 2012 at 2:04 PM, Carlos E. R.
I have seen it used on laptops a number of times, but in general if a company wants to have their info encrypted, they don't use the ATA access control feature.
Make sense.
But it can be used as a deterrent against normal thieves, they can not sell the hardware as it costs a lot to recover.
Depends if they are stealing hardware or data. hdparm can clear the access control password, but it wipes the data in the process! So a diligent hardware thief has only a small inconvenience. For a data thief, it certainly is a deterrent. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-08-07 20:30, Greg Freemyer wrote:
On Tue, Aug 7, 2012 at 2:04 PM, Carlos E. R. <> wrote:
But it can be used as a deterrent against normal thieves, they can not sell the hardware as it costs a lot to recover.
Depends if they are stealing hardware or data. hdparm can clear the access control password, but it wipes the data in the process!
I thought it could not be removed unless you knew the password.
So a diligent hardware thief has only a small inconvenience. For a data thief, it certainly is a deterrent.
There is a master password and a user password. Is there a difference if you set the master password? Another doubt I have. If I define a password for the main HD, how do I boot the system? Or do you need a special BIOS that requests the password from the user? - -- Cheers / Saludos, Carlos E. R. (from 12.1 "Asparagus" GM (bombadillo)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAhd6gACgkQU92UU+smfQWuhgCeITk/6G5PQ/HFfYM/q7rF3bSV BicAn2/L6aEUXdLxTT0G8YmGtEdDJnGA =MP3J -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/07/2012 09:32 AM, Per Jessen wrote:
I haven't worked with Windows in 10+ years, but now I occasionally have the need to transfer data (usually large amounts) from a customer Windows (XP or newer) machine to our local Linux machines - usually on a portable 2Tb USB-connected harddrive. This is generally done ad-hoc, so no real time or possiblity to prep the source Windows system with software etc.
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
All pointers appreciated.
A collegue told me that he got it to work between Ubuntu and XP with Truecrypt, so with OpenSuSE it should also work. HTH, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bernhard Voelker wrote:
On 08/07/2012 09:32 AM, Per Jessen wrote:
I haven't worked with Windows in 10+ years, but now I occasionally have the need to transfer data (usually large amounts) from a customer Windows (XP or newer) machine to our local Linux machines - usually on a portable 2Tb USB-connected harddrive. This is generally done ad-hoc, so no real time or possiblity to prep the source Windows system with software etc.
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
All pointers appreciated.
A collegue told me that he got it to work between Ubuntu and XP with Truecrypt, so with OpenSuSE it should also work.
Thanks Berny, someone already wrote to me off-line and suggested Truecrypt. It looks like a good possibility. -- Per Jessen, Zürich (17.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
I haven't worked with Windows in 10+ years, but now I occasionally have the need to transfer data (usually large amounts) from a customer Windows (XP or newer) machine to our local Linux machines - usually on a portable 2Tb USB-connected harddrive. This is generally done ad-hoc, so no real time or possiblity to prep the source Windows system with software etc.
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
All pointers appreciated.
Take a look at TrueCrypt. In openSUSE, there's a package called "RealCrypt" which is a modified version of TrueCrypt http://www.truecrypt.org/ realcrypt - Free Open-Source Disk Encryption Software Based on TrueCrypt, freely available at http://www.truecrypt.org/. RealCrypt is mainly just a rebrand to allow for modifications to take place, functionality remains all the same. Main Features: - Creates a virtual encrypted disk within a file and mounts it as a real disk. - Encrypts an entire hard disk partition or a storage device such as USB flash drive. - Encryption is automatic, real-time (on-the-fly) and transparent. - Provides two levels of plausible deniability, in case an adversary forces you to reveal the password: 1) Hidden volume (steganography). 2) No RealCrypt volume can be identified (volumes cannot be distinguished from random data). - Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish. Mode of operation: LRW (CBC supported as legacy). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue Aug 07 2012 04:32:51 GMT-0300 Per Jessen wrote:
I haven't worked with Windows in 10+ years, but now I occasionally have the need to transfer data (usually large amounts) from a customer Windows (XP or newer) machine to our local Linux machines - usually on a portable 2Tb USB-connected harddrive. This is generally done ad-hoc, so no real time or possiblity to prep the source Windows system with software etc.
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
All pointers appreciated.
Try Truecrypt, it works both on Linux/Windows: www.truecrypt.org Cheers, -- Marco Calistri http://mcalistri.blogspot.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/07/2012 12:32 AM, Per Jessen wrote:
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
Some kind of prep would be necessary if the Windows box is not already set up for encryption. I haven't tried using the disk's encryption system with Linux. I don't feel it's ready for primetime yet and there is the question of trust wrt backdooring or a vendor's key allowing unauthorized access. Vendor implementations seem to block it's use with Linux as well. It may be possible to use Truecrypt or Realcrypt without installing it on the windows box. Alternatively, booting from a Linux live CD or USB stick would avoid having to change the Windows system. I would usually recommend Knoppix since it seems to work on more systems than Ubuntu and derivatives but IIRC truecrypt/realcrypt is not in the latest releases. It's going to take a few hours to set up a large disk for use with Truecrypt. 500Gb USB HD takes about 3.5 hours typically on a 4GHz/4Gb box running X and Linux and doing nothing else. That's the main drawback of using Truecrypt over hardware disk encryption. jd -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
j debert wrote:
On 08/07/2012 12:32 AM, Per Jessen wrote:
Is there a way to encrypt or password protect such a harddrive/ filesystem such that it is accessible from Windows and Linux both? (with very few or no changes on the Windows source system). If the same systems would work the Macs too it would be great :-)
Some kind of prep would be necessary if the Windows box is not already set up for encryption.
I haven't tried using the disk's encryption system with Linux. I don't feel it's ready for primetime yet and there is the question of trust wrt backdooring or a vendor's key allowing unauthorized access. Vendor implementations seem to block it's use with Linux as well.
It may be possible to use Truecrypt or Realcrypt without installing it on the windows box.
Alternatively, booting from a Linux live CD or USB stick would avoid having to change the Windows system. I would usually recommend Knoppix since it seems to work on more systems than Ubuntu and derivatives but IIRC truecrypt/realcrypt is not in the latest releases.
It's going to take a few hours to set up a large disk for use with Truecrypt. 500Gb USB HD takes about 3.5 hours typically on a 4GHz/4Gb box running X and Linux and doing nothing else. That's the main drawback of using Truecrypt over hardware disk encryption.
Thanks jd and everyone else who've chipped in - Truecrypt/Realcrypt seem to be getting the majority of votes, but for now, I'll quite likely go with ZIP-files with password. There's built-in support for those as of Win XP, and I expect they won't be an issue an Macs either. It may not be the strongest/most secure solution, but it's sufficient to ward off anyone who accidentally gets hold of the data. -- Per Jessen, Zürich (15.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Basil Chupin -
Bernhard Voelker -
Carlos E. R. -
Greg Freemyer -
j debert -
James Knott -
Marco Calistri -
Per Jessen