Kali Linux On a Raspberry Pi (A/B+/2) With LUKS Disk Encryption

An anonymous reader writes With the advent of smaller, faster ARM hardware such as the new Raspberry Pi 2 (which now has a Kali image built for it), we've been seeing more and more use of these small devices as 'throw-away computers'. While this might be a new and novel technology, there's one major drawback to this concept – and that is the confidentiality of the data stored on the device itself. Most of the setups do little to protect the sensitive information saved on the SD cards of these little computers.

Why are Raspbian and Encryption orthogonal?

[Anonymous Coward]

There's already a full-fledged distro for the RPi. Why not just use its encryption features?

Re:

[Anonymous Coward]

kali linux is totally pointless and the clueless twits behind it need to get back to the tech support desk, call volume peaks at 11 AM.

this distro is also produced by a ridiculous "hacking" school/worthless diploma mill that for a fee will make a Hax0r out of you and give you a certificate in pen testing suitable for framing. it is a complete scam.

witless jackassery of the most foolish variety is responsible for kali linux and its "hacking dojo" as they all it.

bullshit. complete bullshit.

Re:Why are Raspbian and Encryption orthogonal?

[hamjudo]

They are not orthogonal. This should have been titled "if you are going to use Kali Linux on a Raspberry Pi, here is how to encrypt it".

Kali Linux is designed for penetration testing, among other things. The logs from a penetration test are valuable to dark hats. The advantage of doing this from a Raspberry Pi, is that they are cheap enough to send to each branch of a company, so each network can be individually tested. Sometimes this means that physical security is difficult to ensure. It would be very embarrassing to lose a system during an internal audit. It could quite easily turn into a career ending event, if that led to a security breach.

Disclaimer: I've never used Kali Linux, nor did I look closely at this technique to see if there is something stupid in the instructions.

Re:

[Barsteward]

nah... don't call yourself a 'hacker' unless you use http://www.linuxfromscratch.or... [linuxfromscratch.org]

Re:

[ZorglubZ]

I thought the prime requisite was using Suicide Linux... http://sourceforge.net/project... [sourceforge.net]

Re:

[Barsteward]

yet.....

Performance?

[fisted]

Oh yeah please. Make it even slower.

Re:

[fisted]

Yes, if by "small" you mean "large".

Re:

[facetube]

And if by "large" you mean "I was definitely saturating all four of those 900MHz ARMv7 cores, so much so that the highly-concurrent in-kernel crypto layer couldn't keep up with the relatively low I/O bandwidth of a MicroSD card", then... sure. It'd probably suck pretty hard on the single-core 700MHz v1, but the second-generation unit is considerably better equipped.

Re:

[fisted]

You do realize that the vast majority of raspis in the wild are Model Bs, though, right?

Re:

[facetube]

I do; it just doesn't seem unusual for new distribution features to target emerging or even in-development hardware. A $35 credit-card sized board that can perform full-disk encryption acceptably seems like it'd be valuable even without a large installed base.

hardware support?

[Eunuchswear]

Does the SOC in tbe Rasbery PI 2 have hardware encryption support? 'cos it's going to be pretty slow without it.

Re:

[facetube]

And it has 4 900MHz ARMv7 cores. Unless you're running something compute-intensive that saturates all four of those cores, the excess CPU capacity combined with the relatively slow SD storage means you probably won't even notice the overhead.

Re:

[Half-pint HAL]

Why are people still wasting their money on this? there are plenty, more advanced embedded boards at about the same price....

The Pi has the advantage of near uiquity -- you don't have to write anything new or faff about too much with configuration, as someone has already done it for you.

The Pi should have become a reference platform for low-processor-power computing, but then they decided to go for a non-commodity part and locked out interoperability at the hardware level....