Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] encrypted linux systems

> From: at [mailto:discuss-
> at] On Behalf Of Jack M
> How about  TrueCrypt ?

Truecrypt works well, but last I knew, it could not do whole-disk encryption for linux.  Only windows.  

Also, last I knew, they use a 16,000 round key derivation function, which is wildly insufficient to protect against offline brute force attack.  You need to select a very long, highly entropic password.  As they suggest, no less than 20 characters.

Aside from those two weaknesses, it's pretty darn good.

Also, when you install linux, at least with modern ubuntu and redhat/centos distributions, you have the option of selecting encryption while you're selecting your partition scheme.  I'm pretty sure this uses LUKS, and generally provides both the performance, reliability, simplicity, etc, that you demand.  I don't know what they're using for a KDF, so it *might* be strong, but I'm certain it's no worse than truecrypt.  Which is to say, strong enough for most people in most purposes, and *definitely* strong, if you use a strong complex highly entropic password.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /