Re: Encrypted Filesystems

On Wed, Jan 19, 2005 at 08:11:55PM -0300, Tales Teixeira wrote:
> Dear sirs,
>
> I'm studying about encrypted filesystems and i found a few of then. I
> would like to know more about this in operation systems like Linux
> Debian, Slackware and others "flavors". I'm sorry if this question had
> been answer, but i didn't find.
>
> Sorry for my "Brazilian english"
> :-P
>
> Best Regards,
> Tales Teixeira.

Dear Tales,

I'd recommend using loop-aes (aesloop) myself; I just set it up. It
really isn't too difficult, but do make backups first (this goes for all
options).

Additionally, it is the most secure of the implementations, or so it
seems from a little research. In particular, vanilla Linux ships with
cryptoloop which isn't as secure as it should be (there isn't enough
randomization involved, so it is possible to conduct some attacks based
on presumed plaintext).

A slight problem with loop-aes is that it isn't exactly fast, but that,
again, goes for all the things involved.

I can't really help with any specific distribution - my system is pretty
much a homebrew. Patching the kernel and compiling everything from
source isn't too difficult, though (not in comparison to something like
PaX, anyway...). It is also possible to build a loadable module, though
the kernel should not have CONFIG_BLK_DEV_LOOP enabled (neither built-in
nor as a module), so you are quite likely to have to recompile a kernel
anyway.

I've seen mention of loop-aes packages in both Debian and Slackware
online.

Good luck!

                Joachim