Slashdot Mirror

← Back to Domains

Domain: kerneli.org

Stories and comments across the archive that link to kerneli.org.

Stories · 2

  1. Encrypted Filesystems With Linux?

    Ask · Encryption · · posted by Cliff · from the how-about-2048-bit-keys-on-your-data dept. · 185 comments
    PhracturedBlue asks: "There are lots of ways to encrypt a filesystem (via loopback, ppdd, CFS or CryptFS), but all of these options appear to have their faults, be it poor performance, lack of features, or not being actively maintained. So are there any other options out there, that provie quality FS encryption with reasonable performance? So, are there any other viable options, besides the ones I've found? Are there any actual benchmarks of actual performance for the viable options above (I guess the viable ones are loopback, CFS, TCFS, and PPDD)? How about systems using the AES-winner Rijndael (I know Loopback Encryption and possibly TCFS and PPDD can use Twofish, but isn't Rijndeal supposed to be one of the faster encryption methods?). I've seen the recent Slashdot article, and it didn't really address the above questions."

    "First let me say that I know little to nothing about cryptography, and I wouldn't know the first thing about good vs. bad options, so any statements I make here are based on what I've read and may be completely erroneous. What I'm looking for a way to secure my (Debian) Linux laptop, since physical security is an issue (I can't keep it locked up in my house all the time). So I went out looking for a way of encrypting my filesystem.

    The easiest method appears to be to install Loopback Encryption, but from what I can figure out this is a bad solution because (a) its very poor performance, and (b) there is no way to do key authentication. Another option is CFS (a quick howto can be found here), but this is also reported to have poor performance (even with blowfish, or the NFS related TCFS) and it also appears to be abandoned. (Okay TCFS may not be abandoned, but it hasn't been updated for over a year). People seem to rave about CryptFS, but this appears to be a prototype developed for a research paper that has gone no further. Of the last real options that I've uncovered PPDD (which is a device-driver rather than a filesystem) seems like it may be the most promising (though it doesn't seem to have been updated since January, and I can find no indication about testing it with the 2.4 beta kernels)."

  2. Fast Random Number Generation For Encrypted FS?

    Ask · Encryption · · posted by Cliff · from the wow-that's-a-lot-of-keystrokes dept. · 24 comments
    Signal 11 asks: "I've been reviewing different filesystem-level encryption schemes and so far, I have found only one solution - applying a kernel patch and using the loopback device. The problem is in generating large amounts of random data to seed the initial filesystem - it takes about 16 hours to create 20GB of pseudo-random data from /dev/urandom. Is there a faster (and equally secure) way to generate large amounts of random data?" Any clues? I'd figure a kernel patch to turbocharge /dev/urandom (while not losing too much security) might be another route to take.