What is the best file encryption for linux?
Mike Kallies
mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jul 19 18:20:50 UTC 2012
On 12-07-19 11:44 AM, Christopher Browne wrote:
> On Thu, Jul 19, 2012 at 10:19 AM, Mike Kallies <mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>> On 12-07-18 11:19 AM, Walter Dnes wrote:
>>> I plan do some travelling and take along my netbook or laptop, I want
>>> to be able to download+send email. Web UI sucks. I vastly prefer
>>> downloading via "getmail". The problem is that getmail's rc files have
>>> userid+password in plain text for each account. The risks of losing the
>>> netbook/laptop are obvious.
>>
>> Whole Disk Encryption is the best. Truecrypt, dm-crypt, etc.
>
> Security isn't a single point; it's a set of trade-offs.
....
Security is risk management.
A thorough discussion on risk and workstation security is probably out
of scope for the question :-)
If you're planning a trip and are trying to protect your hard disk, a
well-tested, modern whole disk encryption system will fix your free
space problem, protect your /tmp and swap.
There might be too great a risk in installing and configuring somethign
new when you're about to head out the door, so if you just want to
protect against random badguys stealing the machine, then a HDD password
can be deployed quickly and reliably.
To defend Truecrypt et al.:
Modern block level encryption schemes are not symmetrically encrypted
block-for-block with a single key. There are initialization vector
schemes which have a similar function as cipher feedback without the
brittleness you describe:
http://www.jetico.com/bcve_web_help/html/02_standards/03_mode.htm
http://www.truecrypt.org/docs/?s=system-encryption
File level encryption schemes have major pitfalls in that they don't
address previously deleted files, /tmp files, file names and metadata
(usually) and your encryption key may be written plain text to swap or
your hibernation file.
-Mike
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list