Encrypt Filesystems with EncFS and Loop-AES 63
Linux.com (Slashdot sister site) has a quick look a file encryption using EncFS and Loop-AES as examples before briefly examining other options. From the article: "you can find a number of options for filesystem encryption in Linux exist, depending on your needs. The most important thing when choosing which one to use is to be clear about your needs. Will the size of the files you need to encrypt grow or stay static? Do you need to encrypt certain files or entire partitions? What level of security do you need? Answers to these questions will help determine the most appropriate program to use."
Hmmm... (Score:1, Redundant)
I see....
For good, easy, root encryption (Score:3, Interesting)
http://luks.endorphin.org/ [endorphin.org]
eCryptfs (Score:5, Informative)
http://ecryptfs.sf.net/ [sf.net]
It's all in the kernel, which means that shares memory mapping work (unlike userspace filesystems), and it keeps metadata on a per-file basis, which is *really* nice for things like incremental backup utilities.
Going nowhere slowly (Score:1)
I think that pretty much summarizes the state of encryption on Linux. Yes, it can be done if you hack around with it, and has been so for a long time. Let me know when LUKS (Linux Unified Key Setup)/dm-crypt or any other of these tools can actually make a simple out-of-the-box GUI which is usable. To dick around on the command line and writing scripts to do that went out of fashion about the s
Re:Going nowhere slowly (Score:3, Informative)
Re:Going nowhere slowly (Score:2)
You have a GUI on your server? I don't. If it needs a GUI it would sound pretty UNusable for me.
Of course a GUI could make it easier for casual encrypting on my desktop, but I have nothing worth encrypting on my desktop...
Re:Going nowhere slowly (Score:2)
Some of us lazy bums do X over SSH to the server, at least the one I have at home. At work I end up using MSTSC a lot, no *nix there. Sure, I *can* try to do obscure stuff over SSH but it is usually faster (person time, not machine time) to use a GUI for those odd changes I do only once in a while, and setting up encryption certainly qualifies. At least with some of the more important data, I like to keep it both
Encfs (Score:3, Interesting)
Re:Encfs (Score:2)
Re:Encfs (Score:1)
After 10 minutes, it auto unmounted itself, and then all my terminals responded with input/output errors. Of course, I can't reboot normally if I can't run any commands, so I had to cut the power. And when I had to cut the power with reiserfs that is where the corruption came from.
This happened several times, but I didn't realize it was encfs causing it because it would happen 10 minutes after I stopped using my crypt directory.
Anyways, about the 4th time it happened
Why I'll never use kernel level encryption again (Score:2, Informative)
After doing so, I mounted the parition and everything proceeded normally...
That is until a few months later when I upgraded my system again. Suddenly my parition was unreadable, and the previous option did not work in cryptoloop anymore. I posted for weeks on boards and
Re:Why I'll never use kernel level encryption agai (Score:5, Informative)
1. boot into the old kernel/backout the upgrade.
2. Mount encrypted filesystem and copy data elsewhere
3. Create encrypted filesystem such that you don't get deprecated warnings.
4. Copy the data back.
I really can't understand continuing with something marked deprecated anyway - certainly not doing an upgrade while doing so. What do you think deprecated means? I'd be doing steps 2-4 as soon as the deprecated option was needed.
Re:Why I'll never use kernel level encryption agai (Score:2)
See the problem there?
Please follow all of the steps in order. (Score:2)
Only because you snipped out his first step, which was to boot with the old kernel. I presume that something prevented you from doing so.
Re:Please follow all of the steps in order. (Score:2)
Re:Please follow all of the steps in order. (Score:2)
I mean, I have no problem with it - boot with rescue CD/roll back to working kernel ver, copy drive to another drive, upgrade kernel, start new encryption system, copy data back from second drive. Yes, it's fairly simple. But if you don't
Re:Why I'll never use kernel level encryption agai (Score:2)
Backing out the upgrade shouldn't be difficult. At the very worst you install whatever version it was on a UCB pen drive and boot from it... (or CD-R or HDD or whatever you have available). The old rescue disk might even be good enough...
But as I said deprecated means what it says, doing an upgrade when you are relying on something marked deprecated is pretty foolish - unless you checked the release notes to make sure they say it hasn't been removed of course.
Re:Why I'll never use kernel level encryption agai (Score:2)
You will just have to trust me when I say that I tried every single method at my disposal, every combination I could figure out of kernel / cryptoloop, to try to decrypt this data. I even tried reverse-enginerring the source to the decryption modules myself to try to get some kind of a command-line thing going.
All I can figure is I was using some weird odd combination of cryptoloop and kernel thay should not have worked, but did. Then I lost it all.
As
Re:Why I'll never use kernel level encryption agai (Score:2)
Re:Why I'll never use kernel level encryption agai (Score:2)
If you have no where to copy the data then clearly you also have no backups in which case the data clearly isn't worth a lot to you anyway
Ever think that maybe I don't have a secure location to keep these backups?
If you're backing up encrypted data in an unencrypted form, you'd better be moving it off site to some very secure location. In my case I can't really justify any kind of budget for this @ my house.
If you're talking about backing up the *encrypted* data, then it's all moot since it would not ha
Re:Why I'll never use kernel level encryption agai (Score:2)
What sholden is saying is that if you have a backup (encrypted or not) then you have room to put the data while you upgrade. Why could you not have done:
Re:Why I'll never use kernel level encryption agai (Score:2)
Re:Why I'll never use kernel level encryption agai (Score:1)
Re:Why I'll never use kernel level encryption agai (Score:1)
That way your backups are mostly secure even if your physical security is second rate or gets beaten, but you still get the s
Re:Why I'll never use kernel level encryption agai (Score:2)
Instead I use Truecrypt which gives kernel level encryption but is far more platform independent, and hence by extension needs to be more stable.
Works via a kernel module, but also the same encrypted "partition" (actually a file or partition) can be read and written to in Linux or Windows. Excellent for dual
Re:Why I'll never use kernel level encryption agai (Score:2)
I've been looking at Truecrypt...but, I'm under the impression that you can NOT create partitions with it under linux...only can create under windows...
Is this true?
Re:Why I'll never use kernel level encryption agai (Score:1)
Re:Using encryption suggests criminality (Score:5, Insightful)
What is so important that you Linux hippies feel the need to encrypt?
I may be a Linux user, but if anyone thinks I'm a "hippie" then they really need to re-define the term.
Do you have something to hide?
Maybe, maybe not. Either way, it's none of your business or anybody else's.
It's kiddy porn, isn't it? Be honest!
<sarcasm>You know, if kiddie porn is such a problem on the internet, how come I can never find any?</sarcasm>
I for one am glad that Microsoft doesn't help out the terrorists and pedophiles in their illegal activity.
So am I. We don't want their kind of "help."
Their encrypting filesystem includes numerous backdoors to assist law enforcement.
Case in point.
I just wish the OSS community would do the same.
Simple enough. Write your own. Make it as terrible as you want. Post the source on Sourceforge. Then the "OSS community" will have done the same. It won't be very popular, but it'll be there.
In all seriousness, it's not about hiding criminal activity. Honestly, the current state of US politics (that is, after all, where I live) kind of scares me. I may not be engaging in illegal activity now, but how many of my current activities will be considered illegal in the future? The last thing I need is for some "law enforcement" entity to go grepping my emails and IM logs looking for something to pin on me.
I have nothing to hide. I also have nothing to share. Nothing to see here, please move along.
Re:Using encryption suggests criminality (Score:2)
Not to mention some thief* rifling through my financial info.
*) could be a thief with a warrant. Or who doesn't need one under some future law. Presence of a warrant does not insure that the individual law enforcement officer is honest.
Re:Using encryption suggests criminality (Score:2)
Mr President, is that you? What are you doing on the internet?
Re:Using encryption suggests criminality (Score:2)
My work requires me to have data which my clients consider confidential. I encrypt this in case my laptop is stolen.
Re:Using encryption suggests criminality (Score:2)
Re:Using encryption suggests criminality (Score:3, Informative)
Yes I do have something to hide.
For starters to prevent banking identity theft, I use various passwords instead of a publicly searchable mother's maiden name.
First thing to hide is the list of all my CC's, expiration dates, phone numbers to call in case of theft, and the password used for each instead of mother's maiden name.
Second is past years Turbo Tax tax returns. Those are a gold mine for identity thiev
Re:Using encryption suggests criminality (Score:1)
Or would you love to have a ATM easily hackable to someone put a keylogger/trojan there so he can have all your banking passwords along with complete card data enough for an atacker rebuild a fake card with everything working perfectly (and your bank account going down real fast)?
I could continue on that for an
Compatible with MacOS X FileVault? (Score:3, Insightful)
Which, if any, encrypted Linux filesystems are compatible with MacOS's filevault?
Re:Dynamically sized encrypted filesystem (Score:3, Insightful)
Re:dm-crypt rocks (Score:1)
When Encryption Makes Sense (Score:2)
In my opinion, the number of servers physically seized is too low to bother about FS encryption. Infact when in use in a network server, all those files get somehow unencrypted to be sent over the network.
And, AFAIK, almost all the intrusions, data thefts and the likes happen without accessing the actual file blocks on the disks.
So, where are the FS encyption technologies supposed to be expoited?
I see one area: mobile comput
Seen, forgotten... (Score:1)
Only LoopAES is in mainstream kernel right now and most people don't like partition meddling at all.
I dream about one-click in a Konqueror menu "Encrypt this folder".