On Monday 08 December 2008 06:18 pm, Peter Manis wrote: > TrueCrypt and using fuse with encfs would store it as encrypted > files. TrueCrypt would be a container that would hold files and it > would need to be unlocked before accessing. encfs would require > mounting of a directory which would be viewed as a file system. So > basically if you were to look at the directory it would appear all > gibberish, encrypted file names and the contents would be encrypted, > but mounted it would show up as normal file names and decrypted > files.
Sounds like what I've used in the past, but it sounds a bit complex. Maybe I'll go the encrypted partition route; I'm presuming I can only encrypt the partions I want to encrypt. > As for the ubuntu method, you would need to enable encyption on each > partition, if you do separate tmp partitions that are nonexec and all > that then you would need to set that up. In the past I have always > just created one partition on the machines I was enabling encryption > on so tmp would be covered in that setup. I generally do that on my desktop (well, one plus swap), but in this case I don't need or want to encrypt everything with the same password; sometimes I have others using my machine; I do NOT want that person to have access to Credit Card information, for example. (The new rules on credit card security would be draconian if they didn't seem so necesary these days; as part of our "plan" we have to prove we only allow access to credit card information on an as-needed basis.) You didn't mention anything about swap. Will ubuntu automatically use a swap file, or allow me to set one up, if I don't make a separate swap partition? > You would of course have to enter a password for all of this, unless > there is key based methods, which would in many ways defeat the > purpose of protecting someone from gaining access to the files. I suppose we could keep a key on a separate thumb drive (for example) but I already have a good password system in place; I can keep using it, and I know how to keep certain passwords in my head (with one copy in escrow with our corp attorney. Dang, those new Credit Card rules are becoming complex. Thanks! And by the way, this is what we've used in the past: http://www.jetico.com/ Jeff -- Jeff Lasman, Nobaloney Internet Services P.O. Box 52200, Riverside, CA 92517 Our jplists address used on lists is for list email only voice: +1 951 643-5345, or see: "http://www.nobaloney.net/contactus.html";
