On 8/22/06, Michael <[EMAIL PROTECTED]> wrote:
Hello,
searches the web but couldn't find and usefull information and/or it
didn't answer my questions.
I am looking for some software to encrypt some large folders containing
personal stuff. It should be possible to decrypt it on BSD and Linux
systems.
I found cfs in the ports tree but since it "just" got 3-key TDES and I
am not sure about using blowfish and don't even know the others I am
wondering how secure it is compared to other implementations like
cryptsetup for Linux which can use AES.
I have never used cfs and it looks like it hasn't been maintained
lately. Someone recently vouched for it on here though. However, the
typical solution to this problem is to make an encrypted vnd "disk"
using vnconfig(8) and then newfs that disk. It's not as flexible as
the cfs method, which can encrypt each folder separately, but if you
don't have too many things to encrypt separately you can make it work
(you have 13 or so partitions you can fit into the disklabel).
I'm not sure if this could work from Linux though.
Also, if I understood correctly, it is possible to pipe a key into
cmkdir when creating a folder and same when using cattach.
Would it be possible to pipe the content of, lets say, a small image or
a file filles from /dev/random or some other file as a key?
Minimum key length is 16, whats the maximum key length?
I am asking since I would like to use a floppy or USB stick to unlock
the encrypted folders.
Seems like there would be no reason why not... you might want to make
it a two-factor encryption method, then, by having a script take your
key from the thumbdrive and concat it to a password you type in. Using
/dev/urandom (not random) to generate the thumbdrive half is a good
idea.
-Nick
