Re: disc erasure

"bytebro" <keith.willis@xxxxxxxxx> (07-02-28 01:33:29):

But remember, you cannot erase data such that it can't be restored.
You can only make this arbitrarily difficult. What is a lot more
secure is to not let plaintext data get onto the hard-drive at all.
Use filesystem encryption and encrypt everything.

Do any of the main Linux distros provide an encrypting filesystem?
I'm toying with migrating my desktop machine to Linux, and this would
certainly be one of my selection criteria.

Of course. The three main encryption packages are:

Encryption via the device mapper (dm-crypt): This is included in Linux
itself, so you don't need any external kernel code. However, you need a
program to set this up. You will use Cryptsetup in most cases. Another
program Cryptsetup-luks is also available, which makes it possible to
use multiple keys. This is interesting, if you have multiple users
accessing the data, otherwise the original cryptsetup is better.

Loop-AES: This is an easy-to-use third-party kernel module. It is as
good as dm-crypt in many matters. Some believe that it is faster, but I
can't tell much about its performance. This module is particularly
interesting, because of its documentation, which describes how to do
complete hard disk encryption, as well as changing the encryption key,
if you need to.

Truecrypt: Another approach, which makes it possible to use the same
partition for both Linux and Windows, if you need to. Another good
feature is that it uses LRW mode for encryption, instead of CBC, which
dm-crypt and Loop-AES use. So it defeats the watermarking attack.
However, Truecrypt is designed for ease of use. I can't tell much about
its security, but the people behind it seem to care about it, so it's
not essentially bad. If watermarking is a problem, then use this,
otherwise use dm-crypt or Loop-AES.


Regards,
E.S.
.

Relevant Pages

  • Re: Encrypted Filesystems
    ... Tales Teixeira wrote: ... >would like to know more about this in operation systems like Linux ... virtual filesystem with a real filesystem, but filtering it thru a crypo ... Traditional Linux FS encryption uses losetup ...
    (Focus-Linux)
  • Re: OT: unathorized network user.
    ... Linux machines to see my one remaining windows machine, ... Not long after I turn the encryption off, ... some one who lives near me, whose machine gets on my network. ... become a source of spam, they have every right to cancel your service. ...
    (Fedora)
  • US crypto export regs (was Re: Use of Debian For Non-Profits)
    ... We're trying to find a version of Linux that we could ... > current encryption. ... is subject to an express agreement for the payment of a license fee ... from the compiling of such source code is also eligible for License ...
    (Debian-User)
  • Re: Wireless LAN got hacked into
    ... WEP encryption is an open invitation to hackers. ... checked my usage online for the current month and it was already 8GB! ... The Edimax EW-7206APG runs Linux firmware. ...
    (alt.internet.wireless)
  • Re: Wireless association problem
    ... >>>Linux (FC4). ... >> The situation described above strongly suggests to me that the encryption ... This happens sometimes on Windows ...
    (comp.os.linux.setup)