Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Not all encrypted filesystems require a kernel recompile. There's a number of encrypted loopback filesystems natively in the 2.6 kernel (e.g. LOOP_AES). For something like a pen drive this might actually be a good thing. For my personal stuff I've been playing with cryptfs. The nice thing about cryptfs is that it sits in the VFS stack and dynamically expands the backend disk usage to fit my usage. Unfortunately I suspect this falls into the "mostly working but abandoned" category; I needed to make a few changes to get it to work on 2.6.11. However, it's an LKM and does not require a kernel recompile. YMMV, -derek David Kramer <david at thekramers.net> writes: > Who has had positive experience with one of these? When searching for info > about encrypted filesystems, 95% of them seem to be either mostly working > but abandoned, or partly started then mostly abandoned. Many also require a > kernel recompile, which I would rather not do. > > I'm looking into this for two reasons. I would like to have encrypted > content on my server, and I would like to have encrypted content on my USB > pen drive (Sandisk 1GB). > > But it did work. I created a file-based filesystem: > dd if=/dev/zero bs=1MB count=200 of=testfs > mke2fs -v testfs > mount -o loop testfs /mnt/uni > > Then I put stuff on it. It worked just like a regular filesystem on a > partition. Then I unmounted it. > > I tried gpg --encrypt-files -r david at thekramers.net testfs > That worked at acceptable speed. The big downside is that I would have to > carry around by secret keyring. Is that a safe thing to do? To do anything > meaningful with it you need the passphrase (and I have a nice long one), but > is that safe? > > I tried zip -e testfs.zip testfs > That was a little slower, but worked well. I don't know how good the > encryption in zip is; I saw a cracking program for zip files on the > internet, but I think it was brute force, and you needed at least one sample > of the original contents. On the other hand, zip is Windows-compatible, so > that's a plus. > > Both are nice in that if the filesystem is not full, the file gets > compressed much smaller than the filesystem. It would be nice to have a > nontrivial encryptiion program that encrypts in place, so I don't have to > take up twice the space and have to delete the unencrypted version. > > > So what do y'all use? > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://olduvai.blu.org/mailman/listinfo/discuss > > -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord at MIT.EDU PGP key available
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |