Re: [SLUG] excrypting fs

2005-04-07 Thread Kevin Saenz 
realistically if you wanted to loose your data you just have to mess
with your supertables, and inodes, it would make it very difficult to
retrieve data.

> >> Probably a stronger front door if the boys in blue come knocking with
> >> heavy hammers because they suspect that you have something to hide :)
> > All the cool kids these days run Knoppix and just power down their
> > machine when their Mum^H^H^H^H^H police knock on their door.  Poof goes
> > the ram disk.
> 
> ...together with your list of customers. :)
> >
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] excrypting fs

2005-04-07 Thread Howard Lowndes 

QuantumG wrote:
Howard Lowndes wrote:
Probably a stronger front door if the boys in blue come knocking with 
heavy hammers because they suspect that you have something to hide :)

All the cool kids these days run Knoppix and just power down their 
machine when their Mum^H^H^H^H^H police knock on their door.  Poof goes 
the ram disk.
...together with your list of customers. :)
Trent
--
Howard.
LANNet Computing Associates - Your Linux people 
--
When you just want a system that works, you choose Linux;
When you want a system that just works, you choose Microsoft.
--
Flatter government, not fatter government;
Get rid of the Australian states.
begin:vcard
fn:Howard Lowndes
n:Lowndes;Howard
org:LANNet Computing Associates
adr:;;PO Box 1174;Lavington;NSW;2641;Australia
email;internet:howard [AT] lowndes [DOT] name
tel;work:02 6040 0222
tel;fax:02 6040 0222
tel;cell:0419 464 430
note:I am heartily sick and tired of telemarketers, therefore I do not answer phone calls which do not present Caller Line Identification, they get flicked to voicemail.  I apologise if this inconveniences you, and I respect your right to not identify yourself, but I also ask that you respect my right to not answer your call if you choose not to identify yourself.  Try dialing 1832 (#32# from mobiles) before the number, to present Caller Line Identification.
x-mozilla-html:FALSE
url:http://www.lannet.com.au
version:2.1
end:vcard

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] excrypting fs

2005-04-07 Thread Paul Dwerryhouse 
On Thu, Apr 07, 2005 at 03:28:22PM +1000, Kevin Saenz wrote:
> I would like to encrypt /home and my shared directories on my boxes.

There is CFS - Cryptographic Filesystem - which uses a local NFS server
running on the loopback network interface to provide encryption.

I wouldn't use it as /home, though - I found it had some NFS locking problems
with certain applications, and that would make it fairly painful to use
as a desktop. Instead, I'd set it up in a separate area and move
anything sensitive in there.

Under Debian, at least, it's packaged and a very simple install. Not
sure about other distros.

Doesn't require any reformatting.

Cheers,

Paul

-- 
Paul Dwerryhouse| PGP Key ID: 0x6B91B584
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] excrypting fs

2005-04-07 Thread Michael Chesterton 
Kevin Saenz <[EMAIL PROTECTED]> writes:

> I would like to encrypt /home and my shared directories on my boxes.
> Would I have to reformat them with an encrypt option? What is the over
> head with encrypted FS? Is it advisable to share encrypted fs using
> samba or would there be too much of an over head? Do I have to do a
> lot of house keeping on the file systems?

I put an encrypted /home on my laptop. I figured if it gets lost, my
data will be safe from the causal observer. Although I tend to use
sleep rather than power off, so it's kind of pointless. It doesn't
hurt, anyway, didn't notice any overhead, it feels and works exactly
the same as a normal file system. 

I used cryptsetup, don't remember the steps but from memory the docs were
good.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] excrypting fs

2005-04-06 Thread Grant Parnell - slug 
On Thu, 7 Apr 2005, Kevin Saenz wrote:

> Hi all,
> 
> I would like to encrypt /home and my shared directories on my boxes.
> Would I have to reformat them with an encrypt option? What is the over
> head with encrypted FS? Is it advisable to share encrypted fs using
> samba or would there be too much of an over head? Do I have to do a
> lot of house keeping on the file systems?

What do you want to get out of this? I suspect that once the filesystem's 
mounted (encrypted or not) then it's available as per normal to all users 
of the system, furthermore, if you're only using it to export via samba 
then I can't see much point. If the system knows how to mount it on 
startup then it's like leaving the key in the front door.

If on the other hand each user's home directory was a separate encrypted
filesystem somehow mounted by using the password supplied to samba or some
other method (maybe a web interface that asks for a passphrase to
mount/unmount?) that might be worth looking into, the point is the
password's not stored on the system.

As for the overhead.. dunno haven't experimented although I believe CPU's 
that support MMX stuff crunch crypto better (ie gets farmed off to the MMX 
sub-processor). Rest assured though, there will be some overhead.

-- 
-- 
Grant Parnell - SLUG President
EverythingLinux services - the consultant's backup & tech support.
Web: http://www.elx.com.au/support.php
We're also busybits.com.au and linuxhelp.com.au and everythinglinux.com.au.
Phone 02 8756 3522 to book service or discuss your needs 
or email us at paidsupport at elx.com.au

ELX or its employees participate in the following:-
OSIA (Open Source Industry Australia) - http://www.osia.net.au
AUUG (Australian Unix Users Group) - http://www.auug.org.au
SLUG (Sydney Linux Users Group) - http://www.slug.org.au
LA (Linux Australia) - http://www.linux.org.au

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] excrypting fs

2005-04-06 Thread QuantumG 
Howard Lowndes wrote:
Probably a stronger front door if the boys in blue come knocking with 
heavy hammers because they suspect that you have something to hide :)

All the cool kids these days run Knoppix and just power down their 
machine when their Mum^H^H^H^H^H police knock on their door.  Poof goes 
the ram disk.

Trent
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] excrypting fs

2005-04-06 Thread Michael Fox 
On Apr 7, 2005 3:36 PM, Howard Lowndes <[EMAIL PROTECTED]> wrote:
> Probably a stronger front door if the boys in blue come knocking with
> heavy hammers because they suspect that you have something to hide :)

Hahaha..

And if anyone comes knocking it will probably be the AFP considering
Kevin lives in Canberra ;)

*jokes aside*

I am curious about the question thought. Sounds heaps interesting. OSX
offers such a service on your home directory and what not. I've never
enabled it at this stage, but I guess its similar to the
implementation on linux.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] excrypting fs

2005-04-06 Thread Howard Lowndes 

Kevin Saenz wrote:
Hi all,
I would like to encrypt /home and my shared directories on my boxes.
Would I have to reformat them with an encrypt option? What is the over
head with encrypted FS? Is it advisable to share encrypted fs using
samba or would there be too much of an over head? Do I have to do a
lot of house keeping on the file systems?
Probably a stronger front door if the boys in blue come knocking with 
heavy hammers because they suspect that you have something to hide :)

Thanks
Kevin
--
Howard.
LANNet Computing Associates - Your Linux people 
--
When you just want a system that works, you choose Linux;
When you want a system that just works, you choose Microsoft.
--
Flatter government, not fatter government;
Get rid of the Australian states.
begin:vcard
fn:Howard Lowndes
n:Lowndes;Howard
org:LANNet Computing Associates
adr:;;PO Box 1174;Lavington;NSW;2641;Australia
email;internet:howard [AT] lowndes [DOT] name
tel;work:02 6040 0222
tel;fax:02 6040 0222
tel;cell:0419 464 430
note:I am heartily sick and tired of telemarketers, therefore I do not answer phone calls which do not present Caller Line Identification, they get flicked to voicemail.  I apologise if this inconveniences you, and I respect your right to not identify yourself, but I also ask that you respect my right to not answer your call if you choose not to identify yourself.  Try dialing 1832 (#32# from mobiles) before the number, to present Caller Line Identification.
x-mozilla-html:FALSE
url:http://www.lannet.com.au
version:2.1
end:vcard

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] excrypting fs

2005-04-06 Thread Kevin Saenz 
Hi all,

I would like to encrypt /home and my shared directories on my boxes.
Would I have to reformat them with an encrypt option? What is the over
head with encrypted FS? Is it advisable to share encrypted fs using
samba or would there be too much of an over head? Do I have to do a
lot of house keeping on the file systems?

Thanks

Kevin
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html