Product SiteDocumentation Site

3.3. Installation

During the installation we will configure the Operating System to encrypt the data stored in the disk. This encryption will ensure the security of the data. Longer is the key, better is the protection but longer is the time of encryption and decryption. In this article we choose the shortest proposed length for the key: AES 128bits to be fast and secure enough. A key of 128 bits give about 3,4 10^38 possibilities.
To understand how secure 128 bits keys are, you may read the analogy by Jon Callas at : http://www.interesting-people.org/archives/interesting-people/200607/msg00058.html
“Imagine a computer that is the size of a grain of sand that can test keys against some encrypted data. Also imagine that it can test a key in the amount of time it takes light to cross it. Then consider a cluster of these computers, so many that if you covered the earth with them, they would cover the whole planet to the height of 1 meter. The cluster of computers would crack a 128-bit key on average in 1,000 years.”
Boot on Ubuntu 12.04.1 Alternate media just created (USB key or CD-ROM) and follow the instruction bellow to install the system.

Note

The first screen of the installation process may differ depending on the media you choose for the installation. The procedure bellow has been written from the CD-ROM installation.
If you perform the installation from an USB key, the installation wizard will time to time invite you to umount /dev/sdb. Do not umount it since this is our installation media.
Congratulation, you have now a system where your data are encrypted and needing an external USB key to start. As we didn't touch the MBR of the internal disk, the previous operating system should continue to start as it did previously. It is now required to boot on the usb key to access to the secured area. Doing so, you will see the boot screen asking the password required to decrypt the disk.
We will see in the next chapter how to make our secured computer as easy to use as an unencrypted and unsecured computer and will configure it to ensure the sustainability of our data.