This video just blew me away. i switched to Linux last week from Windows, and this OS which is user involved, is very interesting and fun working in a more hands-on fashion.
I would be interested in the remote key video. I've been in the industry for a long time and thought I was retired. Your videos keep me one foot inside the industry. I just needed a career to pay the bills and avoid IT burnout so I work a 9-5 and manage a few servers for customers.
I once encrypted a 2TB hard drive with a hidden partition. After being away for 2 years I have completely forgotten the password and all my data of 2 years are forever lost to me. Lesson learned, never try making a password out of a random subtitution cipher you came up with one random afternoon thinking that you'll remember the method after 2 years.
@MusicHub in hindsight, its easy to say, but this was a time when passwords managers were untrust worthy to me and I didn't really have a greater understanding of personal opsec lmao. Now I just host my passwords somewhere on my own
I seem to have hidden an entire hard drive. Any advice on how to get it to show itself? I can liveboot but now the machine functionally has no OS. I do have the encryption password
Would love to see an example of: 0. partiitioning with encryption inside a "live" system running from a (usb) .iso [x]ubuntu image, 1. running the live-installer, 2. performaing necessary post-live install steps.
Can you do a video showing how to boot from a flash drive then the flash drive unlocks the hard drive to boot? I'd like a plausible deniability situation where you could plug in a red flash drive to get to one operating system and a blue flash drive to get to another operating sytsem
if u hold down the ctrl key and roll your mouse wheel up... you will zoom into some mode where we can read the tiny letters instead of seeing a tiny thing and a bunch of background and white blank area. Squint-mode makes teaching harder. Would also be smart to change your base font to the most readable one possible like Ariel. Then your videos would be at least 20% more awesome!!! Many of us are OLD.
I assume, it generates a random key which is used to encrypt the data, so encrypting two drives with the same password, they would have different keys, which would be good in e.g. the case your first passphrase was as easy as ‚password‘ and you change it later to a 512 bit random whatever, so the evil hackers can’t decrypt it later after the change as a consequence of the first weak passphrase. So under the hood it should generate a random key, use this for encryption, then the password is just decrypting a part of the drive where the actual key is, so that part can be easily shredded and interchanged with a better password, is it like that?
Is there a central management server for LUKS to manage the keys? i want to use linux in my company but i need a centralized Management Server for the Clients. Does anyone have an idea?
Could you please create a video where it goes and grabs the password from else where so it can unlock itself. There is plenty of interest! If you have already created a video addressing that could you please link it.
Hi. Thanks for this. Gonna need to watch it a few times to properly digest it. I did a Linux Mint install with the goal to dual boot. However after a full encryption, I can't resize the partition to create a space for Windows 10. Seems like I need to level up my command line/ terminal kung fu to accomplish this task. Any advice?
@@LAWRENCESYSTEMS It took a while, but I figured it out. I installed Windows, resized it, then installed Mint. I was able to encrypt Windows with Bitlocker & the install of Mint.
What happens when you do an update and get a newer header can you not keep the older version as a backup? What are the chances of bothering becoming corrupt?
Hi Lawrence. I encrypted to hard drives on a live USB before i planned on doing a system install. The next morning it says that i don't have permission to view contents. I completely reformatted the disks to LUKS/ext4 now neither work. Please help me.
So I am running hyper-v with a few virtual machines. Should I leave the main hv boot drive decrypted and only encrypt the data drives? Right now I have it to encrypt on boot so the server itself can’t boot to prevent any physical access but it can get challenging to do updates remotely.
I am having a hard time installing an OS to this encrypted drive. It seems the drive has been 'unmounted' as is not showing up at all in BIOS. Any advice? Which utility are you using in this video?
Sir I have a live Kali LUKS encrypted persistence USB. I want to set up a nuke password on it. The "cryptsetup luksAddNuke ..." is no longer available and now 'cryptsetup-nuke-password' is used. Using that on the USB Kali says:- "update-initramfs is disabled and Kali is running on a readonly system". Can you help?
How does LUKs work? Is it just a container/ a partition that gets encryptet? Or is is possible to set up that while the system is booting u have to enter the pw ?
Does anyone know what happens if I "initialize" luks encrypted drive from windows? I assume it gonna break the header because non initialized drives on windows means they are missing partition table so it thinks it's empty hardware, which on linux is also true as all you will see from lsblk just the drive itself no partition tables until you use cryptsetup to map luks partition first
@@LAWRENCESYSTEMS any references to that sir? LUKS with 2FA (password and yubikey) i have tried with yubikey-luks-enroll, but not working for yubikey. i mean when i unlock the volumes thats not ask the yubikey
When installing Linux for the first time it gives you the option to encrypt the drive. So what's the point of this video? Does it mean that the installation encryption is weak or useless?
how it can encrypt so so so fast.. at 16gb with PGP ... it take several minutes .. this LUKS .. is douind it instantly .. is imposible to encryopt instantly somting...
After watching about 5 videos, yours was the only one that explained the details of how the full disk encryption works. I was finally able to install Ubuntu on my USB drive. Thank you. However, I had to create 2 volumes, 1 for the boot (unencrypted) and 1 for the OS (encrypted). Is this how it is supposed to be?Is it possible (or necessary) to encrypt the boot partition too?
overall nice tutorial but u lost me when u used the GUI to setup your luks encryption, CLI only tutorial would have been better so I didn't watch the whole thing.
I can see why the average person would prefer windows. Instead of having the option to just the disk I want to encrypt and set a password I'm faced with 20 minutes of gibberish and code.
2:10 "What's the easiest way to get around LUKS?"
Only appropriate response: "Good LUKS with that!"
Hah😂
I see what you did there!
This video just blew me away. i switched to Linux last week from Windows, and this OS which is user involved, is very interesting and fun working in a more hands-on fashion.
I did too, and I fucking loveee it! I can’t stop looking at my desktop and terminal!
Finally a video that actually explains the technology, rather than just spoonfeeding me commands to copy into the terminal.
I would be interested in the remote key video.
I've been in the industry for a long time and thought I was retired. Your videos keep me one foot inside the industry. I just needed a career to pay the bills and avoid IT burnout so I work a 9-5 and manage a few servers for customers.
Agreed I would love to see a good video on how to achieve that.
7:40 yes please make a video about that :)
Thank you
Ticked every checkbox in the lesson plan. Could/should be first video lesson in any Linux Certification syllabus. Great work.
I once encrypted a 2TB hard drive with a hidden partition. After being away for 2 years I have completely forgotten the password and all my data of 2 years are forever lost to me.
Lesson learned, never try making a password out of a random subtitution cipher you came up with one random afternoon thinking that you'll remember the method after 2 years.
@MusicHub in hindsight, its easy to say, but this was a time when passwords managers were untrust worthy to me and I didn't really have a greater understanding of personal opsec lmao. Now I just host my passwords somewhere on my own
I seem to have hidden an entire hard drive. Any advice on how to get it to show itself? I can liveboot but now the machine functionally has no OS. I do have the encryption password
@@a.athertonwrites what'd you use to encrypt it with?
@@araa5184 At some point I had a version of Arch which had an install wizard that led me to use LUKS
I would love to see more videos about this, especially the scripts you talked about.
Would love to see an example of:
0. partiitioning with encryption inside a "live" system running from a (usb) .iso [x]ubuntu image,
1. running the live-installer,
2. performaing necessary post-live install steps.
An update with encrypted /boot (grub2) would be nice.
I still use LUKS
Do you have a video showing how to backup a luks encrypted drive to a synology device or freenas?
underrated channel imho
Glad I came around to watching this at long last. Worthwhile 👍 Thank you.
Can you do a video showing how to boot from a flash drive then the flash drive unlocks the hard drive to boot? I'd like a plausible deniability situation where you could plug in a red flash drive to get to one operating system and a blue flash drive to get to another operating sytsem
Yay! Nice to see a video on LUKS, cheers.
if u hold down the ctrl key and roll your mouse wheel up... you will zoom into some mode where we can read the tiny letters instead of seeing a tiny thing and a bunch of background and white blank area. Squint-mode makes teaching harder. Would also be smart to change your base font to the most readable one possible like Ariel. Then your videos would be at least 20% more awesome!!! Many of us are OLD.
I assume, it generates a random key which is used to encrypt the data, so encrypting two drives with the same password, they would have different keys, which would be good in e.g. the case your first passphrase was as easy as ‚password‘ and you change it later to a 512 bit random whatever, so the evil hackers can’t decrypt it later after the change as a consequence of the first weak passphrase.
So under the hood it should generate a random key, use this for encryption, then the password is just decrypting a part of the drive where the actual key is, so that part can be easily shredded and interchanged with a better password, is it like that?
Wow thank you so much for this breakdown. This is more info than I was looking for but definitely what needed.
The ultimate guide! Lovely.
Do we have to "close" an encrypted container before reboot or computer shutdown?
Is there a central management server for LUKS to manage the keys? i want to use linux in my company but i need a centralized Management Server for the Clients. Does anyone have an idea?
Any tips on if luks won't detect the keyboard on a laptop?
Could you please create a video where it goes and grabs the password from else where so it can unlock itself. There is plenty of interest! If you have already created a video addressing that could you please link it.
how do you un mount and power down a luks protable SSD drive.
Hi. Thanks for this. Gonna need to watch it a few times to properly digest it. I did a Linux Mint install with the goal to dual boot. However after a full encryption, I can't resize the partition to create a space for Windows 10. Seems like I need to level up my command line/ terminal kung fu to accomplish this task. Any advice?
I never use dual boot, I just run Windows in a VM using VirtualBox
@@LAWRENCESYSTEMS It took a while, but I figured it out. I installed Windows, resized it, then installed Mint. I was able to encrypt Windows with Bitlocker & the install of Mint.
Great video on LUKS!
Superb tutorial, thank you for this!
Can I change the name of the container in /dev/mapper, on an installed distribution?
What happens when you do an update and get a newer header can you not keep the older version as a backup? What are the chances of bothering becoming corrupt?
is their any way to add luks encryption to a hard drive without formatting it?
Nop
I had to design own module for usb drive encryption using AES-256 algorithm.
Kindly suggest me where do I find relevant information about it.
Thnks
Hmmm a dedicated keyserver would be interesting... thanks
if you want to fully decrypt the drive so it goes back to normal how would you do that?
Hi Lawrence. I encrypted to hard drives on a live USB before i planned on doing a system install. The next morning it says that i don't have permission to view contents.
I completely reformatted the disks to LUKS/ext4 now neither work. Please help me.
Is it recommended to leave any free space after the disk encryption when encrypting ext4 with LUKS?
So I am running hyper-v with a few virtual machines. Should I leave the main hv boot drive decrypted and only encrypt the data drives?
Right now I have it to encrypt on boot so the server itself can’t boot to prevent any physical access but it can get challenging to do updates remotely.
I am having a hard time installing an OS to this encrypted drive. It seems the drive has been 'unmounted' as is not showing up at all in BIOS. Any advice?
Which utility are you using in this video?
Great informative video. Thanks! This helped me a lot.
Sir I have a live Kali LUKS encrypted persistence USB. I want to set up a nuke password on it. The "cryptsetup luksAddNuke ..." is no longer available and now 'cryptsetup-nuke-password' is used. Using that on the USB Kali says:- "update-initramfs is disabled and Kali is running on a readonly system". Can you help?
cant the disk be encrypted which has some data in it?
How does LUKs work? Is it just a container/ a partition that gets encryptet? Or is is possible to set up that while the system is booting u have to enter the pw ?
It can be used to setup a boot passwrod. Pop_OS! has this feature as part of the install and I think Ubuntu does as well.
@@LAWRENCESYSTEMS So "encryption while booting" is an option that the OS-Vendor needs to have build in?
Yes
Impressive overview. Thanks you so much for the share.
Does anyone know what happens if I "initialize" luks encrypted drive from windows? I assume it gonna break the header because non initialized drives on windows means they are missing partition table so it thinks it's empty hardware, which on linux is also true as all you will see from lsblk just the drive itself no partition tables until you use cryptsetup to map luks partition first
if you have a strong password can the hard drive be hacked and file gets into it?
awesome video! ty! i finally understand!
can LUKs be used on just an external drive?
Yes
Hi, I'd like to know if there's a way to prevent a non root user to access the encrypted drives or partition ?
Yes, just don't give them permission.
@@LAWRENCESYSTEMS Really? Thanks for your answer, I appreciate it
bro, do you have tutorial to configure this with Yubikey also?
or anyone can help, please?
Nope
@@LAWRENCESYSTEMS any references to that sir? LUKS with 2FA (password and yubikey)
i have tried with yubikey-luks-enroll, but not working for yubikey. i mean when i unlock the volumes thats not ask the yubikey
Thanks for this!!
I can’t access my encrypted disk again on kali.
Smooth voice
I want to remove harddisk password in deepin os. Please help
When installing Linux for the first time it gives you the option to encrypt the drive. So what's the point of this video? Does it mean that the installation encryption is weak or useless?
how it can encrypt so so so fast.. at 16gb with PGP ... it take several minutes .. this LUKS .. is douind it instantly .. is imposible to encryopt instantly somting...
After watching about 5 videos, yours was the only one that explained the details of how the full disk encryption works. I was finally able to install Ubuntu on my USB drive. Thank you. However, I had to create 2 volumes, 1 for the boot (unencrypted) and 1 for the OS (encrypted). Is this how it is supposed to be?Is it possible (or necessary) to encrypt the boot partition too?
POP_OS has an installer that does both, I am not sure how to do that with Ubuntu
Please help, how do I remove full disk luks encryption?
if you don't mind why would you do that ?
How do I remove the luks encryption?
Why not just sign in to the lux partition, pull all your data off, and do a reset? I feel like that'd be the easiest way to go about it
Thank you!
Hi Lawrence, can you make video data encryption with tang/clevis remote key server github.com/latchset/tang ,github.com/latchset/clevis
Yes please! Please show it on a Server. That would be very nice
thank you so much!!
Hi root password it is encryption passphrase
overall nice tutorial but u lost me when u used the GUI to setup your luks encryption, CLI only tutorial would have been better so I didn't watch the whole thing.
I can see why the average person would prefer windows. Instead of having the option to just the disk I want to encrypt and set a password I'm faced with 20 minutes of gibberish and code.
WITHOUT FORMATTING !!!! HELLO!!!!???? Doesn't it occur to you that many users have want to encrypt drives WITH DATA?????
21mins of BS...