>Hi, >I am wondering what is the recommended way to secure a sizeable volume (0.5-2GB >) of confidential data such that it is non-retreivable/unusable even in the >event that a hacker has gained user level or <shudder> root access? > >I have thought of some kind of encryption; but I haven't seen anything fast >enough to make that practical given that I would have to re-encrypt the whole >data set after working on it. I also thought of simply having a dedicated >partition for the data in question and unmounting it when I leave the machine. >But I suppose a hacker with root access could easily remount it. Which leaves >the option of having a dedicated physical drive and unplugging it when I leave. >But that is annoying since I would have to leave my machine open all the time. >:(. So any other suggestions, comments? > The best option that I know about is the Cryptographic File System. When mounted you can't tell the difference between it and any other type of file system; but if you haven't got it mounted - the data is encrypted (equivilent to PGP I think in quality)
You used to be able to get it from the Non-US archive. I don't know if you still can though. Jolyon