If you work regularly with remote machines or use online services like Gitlab, you are probably using an SSH key. And if you have not updated it recently, chances are you are using an RSA key, or, god forbid, an ECDSA or DSA key. Well, bad news: in order to be on the safe side, you should probably upgrade. A presentation at BlackHat 2013 reported significant advances in solving the problems on which DSA and some other key types are based. The presentation suggested that keys based on elliptic curve cryptography (ECC) should be used instead: ECDSA or Ed25519. Additionally, ECDSA and DSA have nasty additional issues, so you should probably just stick to Ed25519. Here’s how to upgrade.
use dd to create swap file instead of fallocate
Edit (2021-07-01): fix typo in
GRUB_CMDLINE: cryptodevice -> cryptdevice
Edit (2021-11-04): fix terminology mess-up: LUKS on LVM -> LVM on LUKS
Disclaimer: some of the steps in the Arch Linux installation procedure change from time to time, so I would recommend to check out the awesome Arch Linux installation guide in the Arch wiki to get a fully up-to-date picture of the process.
It is well known that Arch Linux does not have the easiest install process of all Linux distributions. In my opinion, for technical users this is a big plus, as you get to know your system better simply by having to set it up from scratch. This comes with the perk that you only install the packages you need, leading to a smaller and arguably snappier system.
In this guide, I’m documenting my latest Arch Linux installation on my laptop, where I set up a logical volume with LVM on top of a fully-encrypted disk with LUKS. Encrypting your disk in your mobile devices should be a requirement if you value your security and/or privacy. Nowadays it has almost no performance penalties and it provides countless benefits.
If you are a qutebrowser user and care about privacy and anonymity, you may want to run qutebrowser using the tor network by default. Doing so is easy. This post documents how to set it up.