Slashdot Mirror

← Back to Stories (view on slashdot.org)

Seeking Current Info on Linux Encrypted FS?

Posted by Cliff on from the protecting-your-personal-data dept.

slick_rick asks: "I'm looking for info on encrypted file systems under Linux to help my employers company move away from Microsoft centric solutions. However the latest HOWTO is two years old, the latest kernel patch dates back to April (and 2.4.3) and even the Sourceforge project has nearly zero documentation and appears to be very dead. Are slashdotters using encrypted file systems? If so, what are your experiences?" We last talked about this topic, just over a year ago, in this article.

6 of 297 comments (clear)

  1. Reiser4 by jeffphil · · Score: 5, Informative

    If you can wait until September 2002, ReiserFS v4 will have an encryption plugin builtin.

  2. Re:FreeBSD & NFS by stygian · · Score: 5, Informative

    csfd - that's what it was. The Cryptographic File System.... The readme for the FreeBSD port is:

    This is CFS, Matt Blaze's Cryptographic File System. It provides transparent encryption and decryption of selected directory trees. It is implemented as a user-level NFS server and thus does not require any kernel modifications.

    ftp://research.att.com/dist/mab/cfs.ps

  3. SuSE does this out of the box... by pwagland · · Score: 5, Informative
    I am not sure about the other distributions, but as of SuSE 7.2, they do this out of the box. The support was improved in 7.3.

    Note that this filesystem based encryption, not user based. I.e. you must enter a password to mount the filesystem, but after that it acts as a normal filesystem (but slower due to the aforementioned encryption).

    The way that SuSE do it is to have an encrypted block device, so that you can throw anything you want on top of it. Typically this would be a filesytem ;-)

    From the SuSE webpage:

    * A highlight of SuSE Linux security technology: the so-called "crypto file system". Secret or sensitive data is encrypted on your own PC. This method is so safe that even if your notebook ist stolen, nobody, absolutely nobody (!) has even the slightest chance of decrypting your data. In addition, the crypto file system is so smart that the thief will not even notice that encrypted data exists.
    1. Re:SuSE does this out of the box... by MKalus · · Score: 5, Informative

      Actually I am using this activly on my Notebook and I haven't really seen any performance degredation (It's a PII 366). The nice thing about it is: It completly prevents you from booting the box at all so the security on the notebook is greatly enhanced:

      - Login Bios Password (Yeah, no security there I know)
      - crypto FS
      - OS Security

      Now the two weak links are the BIOS password as well as the OS Security (just boot from CDROM and on you go), but everything on the /data/ partition is encrypted and the parition is invisible if you boot from a boot disk.

      Really neat.

      Michael

      --
      If you want to e-mail me, use my PGP Key.
  4. Deniability by Tet · · Score: 5, Informative

    Encrypted filesystems are useless without deniability. Rubberhose gives you that: http://www.rubberhose.org

    --
    "The invisible and the non-existent look very much alike." -- Delos B. McKown
  5. CryptoAPI by Agent_Leprechaun · · Score: 5, Informative

    Do a search on google for CryptoAPI. That's the new encrypted filesystem interface for linux. The pathes for 2.4.3 are old. I have an encrypted file system working with 2.4.16 patched with GRSecurity. You no longer need to patch the kernel with CryptoAPI, it just creates kernel modules that you install. It's pretty easy to do.