Re: [uug] Encrypted Filesystem

Thu, 22 Jan 2004 12:50:33 -0800 

        Way too complicated. apt-get, mkdir, and mount are the only commands that it 
should require, and even then it doesn't count as trivial. Any thing else 
would require studying manpages and other documentation. I really like the 
way the 2.6 kernel handles the filesystem once it is set up--just mount and 
use the thing; but it requires _way_ too much effort to set up. I think the 
infrastructure in the kernel is adequate (even excellent), now it just needs 
a good, idiot friendly interface (not necessarily graphical). If it isn't 
absolutely simple, it will be difficult to find the time and energy to set it 
up and incorporate it into daily usage. Simplicity is paramount because the 
only security I need is against an unsophisticated attacker when I am not 
using the computer, i.e. my laptop gets stolen.
        Richard Esplin

On Thursday 22 January 2004 12:08, Michael Halcrow wrote:
> On Thu, Jan 22, 2004 at 12:10:33PM -0700, Richard Esplin wrote:
> >     My biggest requirement is that it be trivial to set up and use. It would
> > be nice if it asked me for a password at bootup, or any other time I
> > mounted the drive, and then I could use it just like any other filesystem
> > knowing that once I turned the computer off (or unmounted the drive) the
> > data would be secure.
>
> Okay.  If that's all you want, is this trivial enough for you?
>
> root# apt-get install cfs
> user# cmkdir encrypted-data
> user# cattach encrypted-data unencrypted-view
>
> That's for a directory.  If you want an entire drive, try loop-aes
> that ships with the 2.6 kernel.
>
> root# modprobe cryptoloop
> root# modprobe blowfish
> root# dd if=/dev/urandom of=encrypted.img bs=4k count=1000
> root# losetup -e blowfish /dev/loop0 encrypted.img
> root# mkfs.ext3 /dev/loop0
> root# mkdir /mnt/unencrypted-view
> root# mount /dev/loop0 /mnt/unencrypted-view
>
> Just put an entry in /etc/fstab for that image.
>
> Any other requirements?  Don't be afraid to get creative.  :-)
>
> Mike
> .___________________________________________________________________.
>                          Michael A. Halcrow
>        Security Software Engineer, IBM Linux Technology Center
> GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D  2371 2D3C FDDA 3EB6 601D
>
> GPL: A Bill of Rights for the Digital Age


____________________
BYU Unix Users Group 
http://uug.byu.edu/ 
___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list

Reply via email to