[clug] Ubuntu encrypted file systems
daniel at rimspace.net
Tue Aug 18 07:12:59 MDT 2009
Ian McLeod <ianmcleod75 at gmail.com> writes:
> Wally wrote:
>> You can always consider third party options.
> I am considering this one - I'll see if it can handle /var /tmp /home
> encryption - definitely good for removable media and Windows though.
Well, any of the options can handle that. Personally, I would prefer dmcrypt
and luks to truecrypt: the former is part of the upstream kernel, fully open
code, and shipped as part of the distribution.
Of those the "upstream kernel" and "shipped" are the most important: they give
you a pretty reasonable assurance that this encryption will work with *ANY*
new kernel, from *ANY* distribution.
It also gives you a pretty reasonable assurance that it will be integrated
with the distribution.
For example, for your use case where /var is encrypted you *MUST* get it
mounted very, very, very early in the boot process, ideally with the tools in
place as part of the initramfs before the on-disk root is mounted.
If you can't be absolutely certain of getting that in place yourself, and
you are not absolutely certain that you can mount an encrypted /var with
TrueCrypt before it is needed, I *strongly* advise you to go with what is
integrated and supported in the distribution.
No, seriously, "integrated" trumps most things, especially since you are only
interested in a defence against casual snooping. At that point single-DES
is almost certainly more than strong enough for your needs.
 Obviously a distribution can compile out the feature, but that is the
/only/ reason it won't work. No worries about building kernel modules
yourself or anything.
 ...and this isn't all that easy, unfortunately.
 The stuff that you can crack in real-time for less than US $100,000.
✣ Daniel Pittman ✉ daniel at rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
Looking for work? Love Perl? In Melbourne, Australia? We are hiring.
More information about the linux