Fill the target partition with random data:
# shred -n 1 -v /dev/hda2 |
Setup the encrypted loopback device:
# losetup -e aes128 -S xxxxxxxxxx /dev/loop0 /dev/hda2 |
For better security, it is recommended to use the -S xxxxxxxxxx option, where "xxxxxxxxxx" is your (randomly) chosen seed. This prevents optimized dictionary attacks.
Also, note that using 256-bit AES would not be any more secure, since even 128-bit AES is impossible to crack by brute-force. Furthermore, AES-256 is about 25% slower than AES-128.
Now create the ext2 (or ext3 or reiserfs) filesystem:
# mke2fs /dev/loop0 |
Check that you correctly entered the password:
# losetup -d /dev/loop0 # losetup -e aes128 -S xxxxxxxxxx /dev/loop0 /dev/hda2 Password: # mount /dev/loop0 /mnt |
You can compare the encrypted and unencrypted data:
# xxd /dev/loop0 | less # xxd /dev/hda2 | less |