usb flash disk, ext3 file systems, enforcing rights, security

Timothy Selivanow timothy.selivanow at virtualxistenz.com
Tue Dec 11 23:51:30 UTC 2007 

On Wed, 2007-12-12 at 08:09 +0900, John Summerfield wrote:
> I've not tried creating a new filesystem on a flash drive, but I know my 
> boss reformatted one on his Mac, with the result I couldn't read it on 
> Windows.
> 
> If one only wants to use part of the USB disk, it's possible to put a 
> big file on it:
> dd if=/dev/zero of=/media/USBDISK/bigfile bs=1M count=512
> and create a filesystem:
> mke2fs /media/USBDISK/bigfile
> 
> I can't advise on making an encrypted filesystem, I've never done it.

I have, and I've also recently lost my USB flash drive.  I did not
panic, however, because I had 1) a recent backup, and 2) sensitive data
on an encrypted partition.

What I did was wipe the partitions and create 2 new ones, one for vfat,
and the other for encryption/ext3.  I use LUKS (from the cryptsetup-luks
RPM) to handle the encryption, so negotiating that day-to-day is not a
problem.  I put files that need to be accessed by "other" OSes on the
vfat partition, and everything else in the protected area.  You can do
any setup you wish though.  Here is a basic run-through:

Use fdisk, create 2 primary partitions, one type ID "c" for use with
vfat and the other "83" for use with encryption.  

Use mkfs.vfat (from package dosfstools) to format the first one.  Then
use cryptsetup on the second.  Then temporarily decrypt the new
partition and format that as ext3.

When you are done, when you plug in the drive is will sense the LUKS
headers and prompt you for the password.  Once decrypted it behaves like
any other USB drive (with an ext3 FS).

For backups, I just use dd and make a copy of the raw data (that way
sensitive data is still protected).  If I need to recover a file I just
use losetup to loop-back mount the dd image.

 
 ________________________________________________________ 
< If the thunder don't get you, then the lightning will. >
 -------------------------------------------------------- 
  \
   \   \
        \ /\
        ( )
      .( o ).

More information about the users mailing list