|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] encrypted file systems, cfs, Ncryptfs, etc.
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
eric@lucii.org wrote:
| On Thu, Jan 13, 2005 at 07:37:16PM -0500, Jeff Abrahamson wrote:
|
|>Does anyone have any experience using encrypted file systems? In
|>particular, I'm looking for something that can run over a network file
|>system (so that the server never sees my unencrypted data).
|>
|>CFS fits the bill, but is quite old. That could be good, could be
|>bad. It is debianized, that's good.
|>
|>Ncryptfs claims to perform better than CFS, but I haven't actually
|>found source code for it.
|>
|>Maybe there are other things. Any thoughts?
|>
|>--
|> Jeff
|
|
| I use a couple of encrypted files that are mounted on a loopback device
| and appear as a filesystem - mounted just where I need it. Does this
| fit the bill? There is a howto out there (I google for it when I need
| it - google is my bookmarks list.) Oh, I use loop_fish2 - plenty of
| security and good performance too.
|
| HTH
|
| Eric
|
I also have created an encrypted /home file system on my laptop. What I
am wondering about is what happens when cryptoloop is removed from the
kernel and only dm-crypt is left. Will a kernel upgrade make the
present encrypted file system unreadable?
~From what I have read, cryptoloop is no longer being maintained and it
is vulnerable to a dictionary attack. The current state of kernel
development with encrypted filesystems seems in flux at the present.
Currently to create and mount an encrypted file system you should do the
following:
#Creating the filesystem on /dev/hdf3:
#Randomize the partition. You can use dd for this but it is very slow.
shred -n 1 /dev/hdf3
# Use losetup to setup the loopback device
losetup -e twofish /dev/loop0 /dev/hdf3
# losetup will prompt you for a password which should be 20 characters
# or longer. Whatever password youu choose, you need to remember it.
mke2fs -b 1024 -i 1024 -j -m 1 /dev/loop0
mount /dev/loop0 /mnt
Now that you have created the file system you remount the file system
with the following:
losetup -e twofish /dev/loop0 /dev/hdf3
# use the same password as when you created the encrypted file system
mount /dev/loop0 /mnt
If you changed the password in any way you will not be able to mount the
file system.
- --
Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
~ http://lrcressy.com ( o.o )
~ Phone: 215-535-4037 > ^ <
~ FAX: 215-535-4285
gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA
For info on enigmail: http://lrcressy.com/linux/mozilla.pdf
For info on gpg: http://www.gnupg.org/
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFB6nb6P+/m2oUBr+oRAsFBAKCW2WAygjcgFKGzvkxPm4pkO+oh1ACfS7KG
yK2098eWXYp7dJdaBr/Wc20=
=gyfL
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|