[Discuss] encrypted linux systems
Edward Ned Harvey (blu)
blu at nedharvey.com
Tue Jan 28 11:39:37 EST 2014
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Jack M
>
> How about TrueCrypt ?
Truecrypt works well, but last I knew, it could not do whole-disk encryption for linux. Only windows.
Also, last I knew, they use a 16,000 round key derivation function, which is wildly insufficient to protect against offline brute force attack. You need to select a very long, highly entropic password. As they suggest, no less than 20 characters.
Aside from those two weaknesses, it's pretty darn good.
Also, when you install linux, at least with modern ubuntu and redhat/centos distributions, you have the option of selecting encryption while you're selecting your partition scheme. I'm pretty sure this uses LUKS, and generally provides both the performance, reliability, simplicity, etc, that you demand. I don't know what they're using for a KDF, so it *might* be strong, but I'm certain it's no worse than truecrypt. Which is to say, strong enough for most people in most purposes, and *definitely* strong, if you use a strong complex highly entropic password.
More information about the Discuss
mailing list