Re: Encrypted Filesystems

• Previous message: Tales Teixeira: "Encrypted Filesystems"
• In reply to: Tales Teixeira: "Encrypted Filesystems"
• Next in thread: Harald Eder: "Re: Encrypted Filesystems"
• Reply: Harald Eder: "Re: Encrypted Filesystems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 22 Jan 2005 02:33:36 +0100
To: Tales Teixeira <gnu4ever@gmail.com>

On Wed, Jan 19, 2005 at 08:11:55PM -0300, Tales Teixeira wrote:
> Dear sirs,
>
> I'm studying about encrypted filesystems and i found a few of then. I
> would like to know more about this in operation systems like Linux
> Debian, Slackware and others "flavors". I'm sorry if this question had
> been answer, but i didn't find.
>
> Sorry for my "Brazilian english"
> :-P
>
> Best Regards,
> Tales Teixeira.

Dear Tales,

I'd recommend using loop-aes (aesloop) myself; I just set it up. It
really isn't too difficult, but do make backups first (this goes for all
options).

Additionally, it is the most secure of the implementations, or so it
seems from a little research. In particular, vanilla Linux ships with
cryptoloop which isn't as secure as it should be (there isn't enough
randomization involved, so it is possible to conduct some attacks based
on presumed plaintext).

A slight problem with loop-aes is that it isn't exactly fast, but that,
again, goes for all the things involved.

I can't really help with any specific distribution - my system is pretty
much a homebrew. Patching the kernel and compiling everything from
source isn't too difficult, though (not in comparison to something like
PaX, anyway...). It is also possible to build a loadable module, though
the kernel should not have CONFIG_BLK_DEV_LOOP enabled (neither built-in
nor as a module), so you are quite likely to have to recompile a kernel
anyway.

I've seen mention of loop-aes packages in both Debian and Slackware
online.

Good luck!

                Joachim

• Previous message: Tales Teixeira: "Encrypted Filesystems"
• In reply to: Tales Teixeira: "Encrypted Filesystems"
• Next in thread: Harald Eder: "Re: Encrypted Filesystems"
• Reply: Harald Eder: "Re: Encrypted Filesystems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: which PC ... but moving to a unix based kernel is indeed by far ... Of course BSD runs on ... The point is that Windows is the least secure of all, ... (rec.photo.digital) [ESA-20030318-009] Several kernel vulnerabilities ... based secure remote management, e-commerce, and integrated open source ... This update fixes several vulnerabilities in the Linux kernel. ... Secure Network to update their systems automatically. ... Install the new packages. ... (Bugtraq) Re: Have I been kitted? ... you can always fix that by replacing your kernel with a Known Good ... I recommend canning loadable module support ... I may not change hardware on an individual machine all ... different SCSI drivers, three different NIC drivers, etc, etc, and ... (Focus-Linux) Re: [PROPOSAL/PATCH] Fortuna PRNG in /dev/random ... The principle of avoiding kernel bloat means that if it doesn't have ... to be done in the kernel, it should be done in userspace. ... what I'm saying is that crypto primitives can get weakened; ... Fortuna is secure. ... (Linux-Kernel) Re: kernel 2.6 config for module load ... But, in kernel 2.6, I made it as tristate in Kconfig. ... I cannot select it to NewModule for loadable module ... what was I missing in kernel 2.6 config? ... (Linux-Kernel)