Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Encryption HOWTO

Posted by CmdrTaco on from the why-not-learn-something-new dept.

lazyecho writes: "How to set up a Linux 2.2 system to use encryption in both disk and network accesses. This document describes how you can use the International Kernel Patch and other packages to make hard disk contents and network traffic inaccessible to others by encrypting them." Hey, your box is stable, why not mix it up a bit? I'm not a security nut, but this strikes me as a fun one anyway.

5 of 60 comments (clear)

  1. Great for Laptops / Handhelds by Xunker · · Score: 5

    This is a great thing for those of use that use laptops on a daily basis and hope to use use *nix-based handhelds soon... at least here in the USA... to keep over-zealous law-enforcment officials at bay;

    Now, IAMAL[?], but here is how I got it explained to me: Items on your person fall under the dictates of law governing search and siezure. If you have a cabinet in your home, the police are allowed to search is if they have probable cause; but if you have a safe in you your home, you are not required to volunteer the combination to it without a subpeona. Goes the same for passwords and crypto, too, AFAIK. They can put me in the squad car, but until they get a court order, I don't have to tell them the password to my PDA or my GPG/PGP secret key passphrase.

    This is a good thing, because an over-zealous officer could start dinking around on you laptop and find some incrimitation evidence (violating S&C Law), but tell the judge that he found 'by accident'. Who is the judge going to believe? But if you have it all locked up tight, nothing short of a circuit court judge can force you to unlock it.

    And please not my gratuitous use of the phrase 'over-zealous'. The VAST majority of law officers are decent human beings - its just those choice few emmy-award winners that makes everyones life hell.

    At the very least put a pasword on your PDA, laptop, and modified-laptop-car-MP3-Player. Especially the MP3 player -- Ms. Spears would be so pissed if she found out I downloaded all 50 remixes of "I'm a closet dyke" off Napster :)

    --
    Hilary Rosen's speech was about her love of money and her desire to roll around naked in a pile of money.
  2. WOW! by clinko · · Score: 4

    This is great Now I can spend hours encrypting everything I own. First I'll Start with all my disks then i'll do my network and then i'll realize that my life is an empty shell.

    1 year later:
    Why god do i have to encrypt everything? WHY!?
    I remember when it all started. It started with the disks, then i lost my job, then i lost my girlfriend, and i lost what life i had.

    DAMN YOU Linux Encryption HOWTO! DAMN YOU STRAIT TO HELL!!!

  3. Data Integrity by Th3+D0t · · Score: 4
    I would install an encrypting filesystem but for concerns of data integrity, performance, and validity.

    What if my filesystem were to go down? I could never recover my data. In addition performance would be hindered severly by the blocking overhead of the encryption and decryption (which is essentially the same exponential operation backwards and forwards).

    Until someone develops a hardware solution, I have to say, "no thank you."
    ---

    --
    I am the dot in slashdot.org
    1. Re:Data Integrity by avorpa · · Score: 4

      A few objections:

      1: The encryption works at a different level from the filesystem. If the filesystem gets corrupted, you can still decrypt the data, and you will be in the same position you would be if you didn't use encryption at all. Of course if you forget your password you'll never get the data back, but thats the point.

      2: And the blocking overhead? All the algorithms in the patch have 64 or 128 bit block size. This is far less than the size of a disk block, so i wouldn't be worried.

      3: There is no exponential operation. You are thinking of RSA, which is a public key algorithm. Public key algorithms have longer blocks and are slower than private key ones. They are necessary when you want anyone to be able to encrypt, but only you to be able to decrypt. Seeing you don't need this for disk encryption, private key algorithms are more appropriate.

      4: There are many hardware solutions, but they are generally designed for network encryption. Presumably you could write drivers to get them to do the computation for the disk encryption. Anyway, the processing isn't the main thing killing performance: twofish runs in 17 cycles per byte. The performace killer is that it works through a loopback device, which makes readahead and caching less efficient (i think thats the problem, but i'm not entirely sure about this).

  4. StegFS sounds awesome... by Booker · · Score: 4
    I love the idea of StegFS -

    StegFS is a Steganographic File System for Linux. Not only does it encrypt data, it also hides it such that it cannot be proved to be there.

    You know it's hard core when the docs refer vaguely to the ability to keep data secret in the face of torture. 1024-bit public-key encryption is all well and good, but threaten me with a glass rod, and I'll hand that key right over. Plausible deniability is where it's at! :)

    ---