Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Encrypted filesystems



Not all encrypted filesystems require a kernel recompile.  There's a
number of encrypted loopback filesystems natively in the 2.6 kernel
(e.g. LOOP_AES).  For something like a pen drive this might actually
be a good thing.

For my personal stuff I've been playing with cryptfs.  The nice thing
about cryptfs is that it sits in the VFS stack and dynamically expands
the backend disk usage to fit my usage.  Unfortunately I suspect this
falls into the "mostly working but abandoned" category; I needed to
make a few changes to get it to work on 2.6.11.  However, it's an LKM
and does not require a kernel recompile.

YMMV,

-derek

David Kramer <david at thekramers.net> writes:

> Who has had positive experience with one of these?  When searching for info 
> about encrypted filesystems, 95% of them seem to be either mostly working 
> but abandoned, or partly started then mostly abandoned.  Many also require a 
> kernel recompile, which I would rather not do.
>
> I'm looking into this for two reasons.  I would like to have encrypted 
> content on my server, and I would like to have encrypted content on my USB 
> pen drive (Sandisk 1GB).
>
> But it did work.  I created a file-based filesystem:
> dd if=/dev/zero bs=1MB count=200 of=testfs
> mke2fs -v testfs
> mount -o loop testfs /mnt/uni
>
> Then I put stuff on it.  It worked just like a regular filesystem on a 
> partition.  Then I unmounted it.
>
> I tried gpg --encrypt-files -r david at thekramers.net testfs
> That worked at acceptable speed.  The big downside is that I would have to 
> carry around by secret keyring.  Is that a safe thing to do?  To do anything 
> meaningful with it you need the passphrase (and I have a nice long one), but 
> is that safe?
>
> I tried zip -e testfs.zip testfs
> That was a little slower, but worked well.  I don't know how good the 
> encryption in zip is; I saw a cracking program for zip files on the 
> internet, but I think it was brute force, and you needed at least one sample 
> of the original contents.  On the other hand, zip is Windows-compatible, so 
> that's a plus.
>
> Both are nice in that if the filesystem is not full, the file gets 
> compressed much smaller than the filesystem.  It would be nice to have a 
> nontrivial encryptiion program that encrypts in place, so I don't have to 
> take up twice the space and have to delete the unencrypted version.
>
>
> So what do y'all use?
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://olduvai.blu.org/mailman/listinfo/discuss
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org