What is the best file encryption for linux?
Christopher Browne
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jul 19 15:44:19 UTC 2012
On Thu, Jul 19, 2012 at 10:19 AM, Mike Kallies <mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On 12-07-18 11:19 AM, Walter Dnes wrote:
>> I plan do some travelling and take along my netbook or laptop, I want
>> to be able to download+send email. Web UI sucks. I vastly prefer
>> downloading via "getmail". The problem is that getmail's rc files have
>> userid+password in plain text for each account. The risks of losing the
>> netbook/laptop are obvious.
>
> Whole Disk Encryption is the best. Truecrypt, dm-crypt, etc.
Security isn't a single point; it's a set of trade-offs.
I'd expect Whole Disk Encryption to have one of two notable vulnerabilities:
a) If it DOES NOT use CFB mode (Cipher Feed Back), then it will tend
to be vulnerable to repeated string attacks. That is, if two files
begin with the same prefix, there would be repeated identical
prefixes, thereby providing some "traffic analysis-like" material, as
well as a point for cryptanalytical attack.
b) If it DOES use CFB, then the resulting filesystem will be rather
"brittle," such that any corruption of data might "shatter" the entire
filesystem. "Oops, a block went bad, and the whole filesystem is now
inaccessible."
Note that "denial of service" is one of the classes of security
problems. Inability to access your filesystem is a "lack of
security."
My preference has long been cfs, due to Matt Blaze. (Notable crypto
researcher who has been a reasonably frequent presenter on security at
Usenix...) cfs implements an NFS server that encrypts on a
file-by-file basis.
The fact that a pretty smart guy, who had a variety of options
available, picked per-file encryption, suggests that it's worth
thinking more broadly than a single point on a continuum.
http://www.crypto.com/software/
http://packages.debian.org/sid/cfs
cfs is pretty old, now, uses pretty old encryption algorithms, so I
think that there are aspects of it as solution that aren't
particularly good today. But it seems like a viable "point in the
continuum of choices."
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list