Re: Encrypted Filesystems

From: Harald Eder (admin_at_eder-harald.com)
Date: 01/24/05

  • Next message: Antoine Martin: "Re: Encrypted Filesystems" 
    To: focus-linux@securityfocus.com
Date: Mon, 24 Jan 2005 19:48:29 +0100

    On Saturday, 22. January 2005 02:33 Joachim Schipper wrote:
    > On Wed, Jan 19, 2005 at 08:11:55PM -0300, Tales Teixeira wrote:
    > > Dear sirs,
    > >
    > > I'm studying about encrypted filesystems and i found a few of then. I
    > > would like to know more about this in operation systems like Linux
    > > Debian, Slackware and others "flavors". I'm sorry if this question had
    > > been answer, but i didn't find.
    > >
    > > Sorry for my "Brazilian english"
    > >
    > > :-P
    > >
    > > Best Regards,
    > > Tales Teixeira.
    >
    > Dear Tales,
    >
    > I'd recommend using loop-aes (aesloop) myself; I just set it up. It
    > really isn't too difficult, but do make backups first (this goes for all
    > options).
    >
    > Additionally, it is the most secure of the implementations, or so it
    > seems from a little research. In particular, vanilla Linux ships with
    > cryptoloop which isn't as secure as it should be (there isn't enough
    > randomization involved, so it is possible to conduct some attacks based
    > on presumed plaintext).
    >
    > A slight problem with loop-aes is that it isn't exactly fast, but that,
    > again, goes for all the things involved.
    >
    > I can't really help with any specific distribution - my system is pretty
    > much a homebrew. Patching the kernel and compiling everything from
    > source isn't too difficult, though (not in comparison to something like
    > PaX, anyway...). It is also possible to build a loadable module, though
    > the kernel should not have CONFIG_BLK_DEV_LOOP enabled (neither built-in
    > nor as a module), so you are quite likely to have to recompile a kernel
    > anyway.
    >
    > I've seen mention of loop-aes packages in both Debian and Slackware
    > online.
    >
    > Good luck!
    >
    > Joachim

    Hi,

    here are some posts from gentoo forums, which you might find useful.

    encrypted root and swap with loop-aes or gpg:
    http://forums.gentoo.org/viewtopic.php?t=108162

    encrypted root with dm-crypt:
    http://forums.gentoo.org/viewtopic.php?t=191052

    encrypted partitions using lvm on software raid:
    http://forums.gentoo.org/viewtopic.php?t=265600

    Regards,

    Harald Eder

  • Next message: Antoine Martin: "Re: Encrypted Filesystems"