Locking Up Linux, Creating a Cryptobook 68
Tom's Hardware has a nice overview about some of the latest ways to secure your data looking specifically at open source solutions that wont lock down your credit card. Since many people presented performance issues for why they don't implement encryption there was also special attention given to how well your system will perform after implementation of encryption. From the article: "At least where LUKS is concerned, performance is hardly an issue - one must expect to pay some penalty for additional encryption facilities that handle unencrypted data transparently. All of these solutions are simple to set up and use on a daily basis, but LUKS is portable across Windows and Linux platforms."
Not available in UK (Score:2, Informative)
Thats just annoying as hell.
Multi-user laptops (Score:5, Informative)
Now, this might not be a common thing in the US. But here in India, a lot of companies have team laptops which we pass around (on-call duty for server pages, for instances).
And somebody from Delhi, did something up which works for exactly that. qryptix [sourceforge.net] encrypts your home dir and mounts using your passphrase when you login, built as a pam.d module.
Except for the fact that I wanted a truecrypt [truecrypt.org] built into it, so that I can have a hidden volume even after I pass-phrase in to the first volume, this works well enough for most purposes.
Re:Multi-user laptops (Score:1, Informative)
Printable view of TFA (Score:3, Informative)
http://www.tomshardware.com/2006/08/18/locking_up
Re:encryption vs security (Score:5, Informative)
Re:Not available in UK (Score:3, Informative)
That sounds like outgoing connections to port 8080/8090 are blocked for you. Are you behind a restrictive corporate firewall?
For ./er from UK (Score:3, Informative)
http://tomshardware.co.uk/2006/08/16/locking_up_l
Re:TrueCrypt? (Score:3, Informative)
My experience (Score:5, Informative)
I was afraid that heavy IO access might cause high CPU usage or that some FS might not play all that well with the encryption.
So far, I've had no problems. Even copying from one encrypted partition to another encrypted partition causes no noticeable lag due to encryption and normal usage of my disk, even with heavy uses such as DBs or backups seems to take place just like before.
I've been using LUKS with xfs (and reiserfs to a lesser extent). I have a P4 3.2Ghz, don't remember the disk specs.
Being able to have several passphrases is a good thing (you can even change them later on) and the assurance that a weak passphrase will not cause the key being easily guessed via crypto-analysis is another plus.
The downside is that booting from an encrypted partition can be a little difficult to setup for a novice, but that has been improving and at least Gentoo now offers this on the current genkernel with little extra hassle.
If you want the whole package, you can even encrypt the swap partition with a randomly generated key at boot time.
What do you get from all this?
Suppose your computer has an hardware malfunction and you have to send to be repaired (warranty for instance). You can be sure no one will find the financial data you saved there, or some less flaterring photo (or something more embarrassing you didn't even remember). Using an encrypted partition to save sensitive data might be enough, but many programs end up saving temporary data in unexpected places so all that care might be useless in the end. If everything is encrypted that risk is gone with just a little bit of extra work (once).
Like someone wrote, this won't protect you from having you computer hacked while the partition is mounted and stealing data.
Re:No, software. (Score:2, Informative)
The speeds reported are not believeable for a Pentium III M 1.2 GhZ even for just encryption. For comparisons, below is the output of "openssl speed" using a Opteron 170 (dual core, 2 GhZ):
Re:encryption vs security (Score:5, Informative)
eCryptfs (Score:4, Informative)
Re:Security First (Score:3, Informative)
Re:encryption vs security (Score:3, Informative)
Part of the minimum design criteria for a crypto algorithm is to resist "known plaintext" attacks, such as knowing the location of magic numbers, headers, and so on.
Re:No, software. (Score:2, Informative)
The only remaining reason to keep hardware encryption around is to protect your private keys. Even in this way hardware can be problematic. If you have important private keys locked away in hardware, you need to have some backup plan if the hardware fails, or is not fast enough to meet future demand. So even in this case, you are probably better off with general purpose hardware that will protect/destroy its contents if physically attacked. Of course you can keep the hardware with the private keys on a secure subnet as well.
Re:encryption vs security (Score:1, Informative)
See http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_
Re:TrueCrypt? (Score:3, Informative)
So, yes it does look like "used" space. But it also looks like "empty" space by the same virtue. If you just put your regular checkbook in a truecrypt volume and put something else in a hidden volume it would be plausible to say that the checkbook is the only thing in there.