Comment BestCrypt experiences on Linux (Score 1) 931
I've used BestCrypt http://www.jetico.com/ on Linux for 6+ years now. This is a kernel plugin and a commandline tool for user-level volume creation, mounting, password change, etc. It features a good number of encryption methods and uses plain files on existing filesystems for storing the encrypted volumes.
Then I've created a number of BC volumes, all 650 mb, to allow for easy backup of the encrypted volumes to a CD. Each volume is used for a specific type of data: Personal stuff, work related stuff, "bulk" stuff (archives that I rarely use), etc.
When I login, .bash_login checks if the volumes are mounted and, if not, starts prompting for passwords. When I logout, .bash_logout asks if I want to unmount (close) the encrypted volumes.
If you are considing BestCrypt (BC), please be aware that kernel upgrades requires at least recompilation of BC (or a new rpm) and for major upgrades (2.4->2.6), you may have to wait for a new BC version to come out before upgrading. Not a problem for me, as I don't do the kernel circus.
For encrypted filesystems in general, do use a journaling filesystem on the volumes! My own volumes used to be ext2, since I had no journaling FS available, when they were created. After a spectacular server crash, I ended up with several hundred mb's of corrupted data. Not BC's fault - old Unix file-systems just aren't up to ugly crashes.
Nowadays, Linux itself features encrypted filesystems (lookback-something), but I haven't investigated, since my current solution has worked really well for me.
I have also considered encrypting all filesystems, but the hassle just isn't worth it for me - the server has 2x160 gb disks and the amount of sensitive data is just a few gb's. Actually I think encrypting my WinXP boxes is much more interesting. They don't hold any data, but they run applications that uses the data on the encrypted volumes - and I can't really expect (or trust) Windows to keep my private data private - temp files and such.
Then I've created a number of BC volumes, all 650 mb, to allow for easy backup of the encrypted volumes to a CD. Each volume is used for a specific type of data: Personal stuff, work related stuff, "bulk" stuff (archives that I rarely use), etc.
When I login,
If you are considing BestCrypt (BC), please be aware that kernel upgrades requires at least recompilation of BC (or a new rpm) and for major upgrades (2.4->2.6), you may have to wait for a new BC version to come out before upgrading. Not a problem for me, as I don't do the kernel circus.
For encrypted filesystems in general, do use a journaling filesystem on the volumes! My own volumes used to be ext2, since I had no journaling FS available, when they were created. After a spectacular server crash, I ended up with several hundred mb's of corrupted data. Not BC's fault - old Unix file-systems just aren't up to ugly crashes.
Nowadays, Linux itself features encrypted filesystems (lookback-something), but I haven't investigated, since my current solution has worked really well for me.
I have also considered encrypting all filesystems, but the hassle just isn't worth it for me - the server has 2x160 gb disks and the amount of sensitive data is just a few gb's. Actually I think encrypting my WinXP boxes is much more interesting. They don't hold any data, but they run applications that uses the data on the encrypted volumes - and I can't really expect (or trust) Windows to keep my private data private - temp files and such.
