Encrypted filesystems

[warlord at MIT.EDU (Derek Atkins)]

Quoting Derek Martin <invalid at pizzashack.org>:

> > But it did work.  I created a file-based filesystem:
> > dd if=/dev/zero bs=1MB count=200 of=testfs
> > mke2fs -v testfs
> > mount -o loop testfs /mnt/uni
> 
> You really should use /dev/random instead of /dev/zero...  Encryption
> experts can explain why better than I can, but basically I think it
> has to do with entropy.  All the zeros make your filesystem easier to
> crack.

Actually this is just a standard loopback filesystem..  There's no encryption at
all. Using /dev/random doesn't matter; the mke2fs will overwrite it anyways
when you build the filesystem inside the file.  This particular method is STILL
not encrypted... 

However, if you use the loop_aes then you CAN encrypt this "file based" system. 
The above command-set could be easily modified to add encryption.  The downside
of this message is that you automatically fill up your encrypted filespace,
even if you don't use it, and you can't expand it.

In other words, if you want to be able to store up to 5GB worth of encrypted
data you need to eat up 5GB of disk space at the onset.  Even if you only put
1GB of data into the encrypted filesystem, it'll still use 5GB of real disk
space.  And if you want to put 5.1GB into the filesystem, you can't -- it's
limited to 5GB.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available