Consider this scenario... Your computer running Linux somehow ran into a hardware glitch and had to be hauled to the neighborhood Computer service center. And you are asked to leave the machine at the service center and come back after a couple of days so that the technician can have a good look at it. But you are a bit worried because the harddisk contains the blue prints of the most secret project you are currently working on ;-) .Ever been faced with such a situation where you have to contend with wringing your fingers in despair ? This is where the use of an encrypted file system gains prominence. If you had created an encrypted volume on your hard disk and were in the habit of saving all your sensitive data on to the encrypted volume, you could have had a sound sleep while your computer is being repaired at the service center.
In Linux there are a number of solutions to create encrypted volumes and encrypting and decrypting data on the fly. Some of them are as follows:
Qryptix - Qryptix consists of a PAM object and utilities for session- and key-management for encrypted home directories using the International Kernel (CryptoAPI) patches for Linux. It simplifies login/logout, mounting/unmounting, and key generation and changing. Unfortunately, it needs selinux to work properly. One OS which has selinux installed is Red Hat/Fedora.
eCryptfs - An enterprise-class cryptographic filesystem for Linux.The kernel module component of eCryptfs is upstream in the -mm tree of the Linux kernel.
Truecrypt - One of the best and easily available disk encryption solution for both Windows and Linux platform.
Encfs - EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface.
LUKS - LUKS is the upcoming standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not only facilitate compatibility among distributions, but also provide secure management of multiple user passwords. In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.
dm-crypt - Dm-crypt is a device mapper target which provides transparent encryption of block devices using the new Linux 2.6 cryptoapi.The user can basically specify one of the symmetric ciphers, a key (of any allowed size), an iv generation mode and then he can create a new block device in /dev. Writes to this device will be encrypted and reads decrypted. You can mount your filesystem on it as usual. But without the key you can't access your data.
CryptoFS - CryptoFS is a encrypted filesystem for Filesystem in Userspace (FUSE) and the Linux Userland FileSystem (LUFS).
Justin Korelc and Ed Tittel have done an interesting benchmark of three of the above encryption tools namely LUKS, EncFS and CryptoFS, and have posted their findings online. And their verdict is that LUKS shines over the other two in the ease of use department because of better integration with the Gnome desktop and PGP keyring management facilities.
6 comments:
Only there is one problem, hardly any laptoprepairshop has linuxtools or skill , only windowsbased stuff, so in most cases you get the machine back with a wiped disk plus 60-day version of some abomination on it.
@anonymous
What you say is right only when the hard disk is at fault. If it is some problem with any other components, they need not wipe out the disk. Either way the data on the hard disk will not fall in the wrong hands if it is stored in an encrypted volume.
It's true that they wouldn't wipe your HD if that's not the problem. However, they would need to have a Linux LiveCD, with support for your file system, to boot to if they wanted to read your data. At most places this is not the case, but that's just an uneducated guess.
It's "relevant" not "relevent". Please fix the header of this page.
Daniel.
Another solution would be to use removable drives. USB Flash memory drives are fairly cheap, even up to 1GB. I could save my financial information for my entire life without filling it up. A standard removable harddrive or possibly recordable DVD could be used for backup. The only worry then would be the swap space if you use it.
the Toms hardware link brings up a 404 error.
Post a Comment