In cryptography , encryption is encoding information sothat only authorized parties can read it. Encryption doesn’t necessarily prevent someone else from getting access to your data, but if they do, it can prevent that data’s content frombeing read. In an encryption scheme, the intended information, referred to as plaintext , is encrypted using an algorithm into ciphertext that can only be read if decrypted.
Why should I encrypt?Encryption is important because it allows you to securely protect data you don’t want anyone else to access. Businesses use it to protect corporate secrets, governments to secure classified information, and many individuals to protect personal information, guard against identity theft or simply to save the time for erasing an used hard disk that gets replaced.
By default Fedora and most linux Distribution come with LUKS , the Linux Unified Key Setup system. LUKS manages encryption on storage devices such as hard disks.
Cryptography lesson: Why use a strong passphrase?For cryptography geeks, you need to set a strong passphrase because Fedora’s default implementation of LUKS uses AES-256 with a SHA-256 hashing to encrypt the disk volume, and has a cypher feedback to help protect it from frequency attacks and others attacks that target statically encrypted data. As an algorithm, AES has been proven by cryptanalysis testing as secure. The weakness actually lies within the cypher and the software to pass it the keys. Specifically, the risk lies in the keystore, which is stored in the header of the volume. The keystore is secured by a passphrase, which is open to things like dictionary or brute force attacks. If such an attack was successful at guessing your passphrase, it would decrypt the keystore. Using longer, “complex”, non-word passwords can reduce the chance of this happening.
Encrypting your Fedora system Step One: Install Fedora24 on 32 and 64-bit AMD and IntelIf you decide to encrypt your Fedora system’s storage,you can do so with the Anaconda installer during setup. Check the option for Encrypt my data .
After you confirm, you must create a an encryption passphrase. Note: The best encryption can be easily broken if you choose a weak password! Choose one easy for you to remember, but difficult for others to guess. Consider using a tool like KeePass or the pwgen command-line tool, which is described later.
Step Two: Change your passphrase
If for some reason you are not able to copy and paste a strong password,such as when using Virtual Machine Manager, you can choose a simple one and change it after the first reboot. To replace your temporary password with a random passphrase, you can use the KeePass tool; alternatively, use the pwgen utility by running the following commands:
# dnf install pwgen -y # pwgen -C 10Once you have your strong passphrase, run:
# cryptsetup luksAddKey /dev/sda2The result should look something like this:
After you’ve added the new passphrase, you need to kill the old/weak passphrase slot:
# cryptsetup luksKillSlot /dev/sda2 0Then, to confirm, enter the strong passphrase you just added:
