Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Simplified Disk Encryption Coming to GNOME 83

Posted by ScuttleMonkey
from the keep-it-secret-keep-it-safe dept.
An anonymous reader writes "David Zeuthen of Red Hat has been working on adding encrypted volume support to HAL. The result is an infrastructure that is being developed to make working with encrypted volumes easier. David has published a screenshot documenting his work on his blog. The bottom line: attach a properly encrypted volume and the system will prompt you for a password and automatically mount it."
This discussion has been archived. No new comments can be posted.

Simplified Disk Encryption Coming to GNOME

Comments Filter:
  • TrueCrypt (Score:1, Informative)

    by robyannetta (820243) *
    TrueCrypt [truecrypt.org] has offered this type of integration in Linux for years.
    • Re:TrueCrypt (Score:4, Informative)

      by zhiwenchong (155773) on Wednesday February 22, 2006 @05:55PM (#14780476)
      Mac OS X's DMG disk image format has had similar functionality (AES-128) for a long time too, but admittedly it is not cross-platform and open-source like TrueCrypt is.

      • Yeah, but even there, I can't find a way to encrypt my firewire backpack drive. Why should it let me encrypt DMGs but not block devices/partitions?
        • I can't find a way to encrypt my firewire backpack drive.

          Can you put a read-write DMG on it? This way you can easily divide the partition between unclassified and confidential data.

          • I could, but that seems like a hack to me, and would only work until I needed to grow the encrypted section to 51% of the disk (Since I have to destroy and re-create the DMG file every time I expand it). I want the entire disk "classified" since it's all my private data.
            • If you make it a sparse disk image, you can set the volume size as large as you want to start, but the .dmg (actually .sparseimage) file starts at zero bytes and only grows as you add stuff to it. Compact it every so often, if you're concerned about wasting space. Screenshot. [imageshack.us] Note custom volume size.
        • Well, you can always create a sparse image file that's as big as your drive. No problems there.
          That's what Filevault sort of does with your home directory.

          It operates in a way in a decoupled sort of way, you see.
    • Re:TrueCrypt (Score:5, Insightful)

      by MBGMorden (803437) on Wednesday February 22, 2006 @06:56PM (#14780902)
      It's one of my favorite programs, but TrueCrypt was Windows only until it was ported to Linux 4 months ago. Not exactly what I'd call "years".

      The Linux version is also a command-line program (or at least everything I've read on it have indicated as such). Integrating the same features into a nice interface would be a welcomed addition to the Gnome desktop.
      • You are correct. There should be a moderation option "Wrong/Stupid".
      • TrueCrypt on Windows is great.

        But why should I use it in Linux over the normal device-mapper tools?

        Anyone know?
        • Re:TrueCrypt (Score:2, Insightful)

          by fcgreg (670777)
          Yes. The first reason that comes to mind is cross-platform encrypted volumes. For example, TrueCrypt is very nice for using encrypted volumes between Windows and Linux systems (e.g., USB Flash drives, portable HDD's, etc.).
  • by vandon (233276) on Wednesday February 22, 2006 @05:53PM (#14780467) Homepage
    Won't everyone (ie Government entities) complain that Linux is now a haven for terrorists and pedophilles since only a criminal would want to encrypt their [disk|phone call|email|http connection]?
    • It'd be hard, since every OS out there has encryption.
    • not everything comes back to terrorism... it has become humorous, the people making fun of the terrorism angle have long ago outspoke the people that were making the claim.
    • by Anonymous Coward
      If only terrorists and pedophiles use encryption, would not that same logic conclude that governments are actually organizations comprised mainly of large numbers of pedophiles and terrorists?
      Governments are one of the largest users of encryption after all.
    • Um, nothing has changed here as far as Linux's disk encryption support. This is just a front-end to (a small subset of) the command line encryption tools, which have been around in 2 or 3 incarnations for a long time. All this does is let you save a few keystrokes to access your encrypted disks. It doesn't make it easier for people who didn't previously know how to do this, as you still have to format the disk manually (however a GUI for this would be nice). As far as email or http encryption, that's differ
    • What people really need is Steganography [slashdot.org]
    • The government uses encryption. They must have something illegal to hide.
  • These developments will bring file security to many non-technical users, but for the nerds out there there have already been practical solutions for some time.

    I've been keeping the hard disk of my Linux encrypted with twofish for over three years now (see the description of this encryption method in Bruce Schneier's magisterial Applied Cryptography [amazon.com] ). Swap is encrypted with a random key generated on each boot-up. At first I used the old cryptoloop method, but as soon as the kernel support was there I switched to the crypto device-mapper target [saout.de]. I never noticed any performance penalties: this is a very efficient solution.

    • I'm currently using cryptsetup-LUKS / DM Mapper with AES-256 encryption and a 16-digit random key committed to memory. I'm just using it for a data partition currently, but if some of the rumors I'm hearing are true, I should be able to go system-wide on my distro of choice soon enough.

      I do see a system penalty using the crypto setup (Server is single AMD-1800+ 1GB RAM) in that copying a large file will peg the CPU and drive the load average way up for about two seconds every four to five seconds, but thus
  • Already in debian (Score:3, Informative)

    by elronxenu (117773) on Wednesday February 22, 2006 @06:43PM (#14780839) Homepage
    Debian already has encryption, and it's very convenient.

    Install lvm2 (great for managing disk space), dmsetup, cryptsetup. Read this page [riseup.net] and follow its instructions.

    You can create a block device of any size you want using lvm (so long as there is sufficient disk space of course) and then map that to another block device using the device mapper and the crypt filter. The original block device looks like random bytes and if you get the passphrase wrong the mapped block device still looks like random bytes (i.e. there's no way to confirm a correct passphrase except that the result looks sensible).

    Once you have set a passphrase, make a filesystem on the mapped block device. Go ahead and use it any way you like.

  • by PentAthl337 (953006) <PentAthl337@hotmail.com> on Wednesday February 22, 2006 @08:13PM (#14781311)
    an infrastructure that is being developed to make working with encrypted volumes easier

    Maybe the new version will be called GNOME_PRO and the old will be GNOME_HOME edition?

    • Nonono. The Gnome-devs are getting with the times. There's gonna be eight versions, the first one severely crippled, and the last one semi-functional. If you need to get the extra-special-whiz-bang Gnome(Which atually works), you need to sign a contract with RMS promising to never use any alternative ever again.
  • Nobody else at my home uses Linux, and if they tried to do anything other than click on the shortcuts to Firefox or VLC or the random game like America's Army or Unreal Tournament, they wouldn't have any a very good idea of what to do. The same goes for when I'm at school. I know of nobody that uses Linux or knows how to use Linux (save for one persone I met once while at an engineering orientation during the summer,) so I'm pretty sure that if I want anything hidden, I'll store it in a folder labled .DON
  • I'm looking forward to use this with NetBSD's CGD.

      - Hubert
  • by Anonymous Coward
    What would be cooler is a nice GUI to create encrypted volumes
  • The summary and headline are misleading. HAL is a desktop independant technology and is also used heavily KDE in 3.4, and will likely be even more so in KDE 4.0.

    This is a not a GNOME-centric development.

    • So, assuming we get all the necessary HAL bindings in place, how much work would it be to implement similar functionality under KDE? I must admit what I saw in that screencast was most impressive from a usability point of view.

      Secondly, I'm not very familiar with LUKS/dm-crypt. Would it be possible using this setup to encrypt /? Obviously /boot must be in plaintext, but would it be possible to have the kernel ask for a password (obviously at command prompt) before loading the rest?

      Third, I'm partial to havi
      • Well you could check out Xandros Linux (Debian/KDE based). They've had a disk encryption panel in Kcontrol for quite some time now.

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...