Slashdot Mirror
Encrypted Volumes for Linux and Windows?
share_it asks: "On my Win PC I used a lot of encryption: I had encrypted small files for personal stuff, encrypted virtual disks for programs, music, video, etc. I used PGPdisk and mounted 3 big virtual disks (for a total of 170 gigs) on startup with just one single passphrase and those 'disks' were even quite fast. I have now switched to GNU-Linux for most of my interests, but sometimes I have to use Windows and I want my data to be encrypted and accessible from both OSes The only software that I found which can mount the same encrypted disk on both platforms is BestCript, but from Linux I can't store file with long names. Is there a better way to share encrypted data between when I dual-boot?"
Although Rop has moved on to other projects, Secure Notebook was a pretty good idea. The software may still be useful (documentation here, check the page for file signatures.)
IIRC, this was a secure-ified Debian with encrypted swap, encrypted partitions, running VMWare which ran Win2K as a guest o/s. The idea was to run Windows while treating it as a small child that keeps burning itself on the stove. Everything was filtered thru the Linux host o/s, including network and hardware access.
Also, I believe the encryption key was provided in two parts: a dongle containing part of the key, and then also a key requested of the user during boot.
Worth a look.
Big Daddy, Johnny, Burp, Aunt Zelda, Scott, Slurp, Big Momma
mainly because I always had to have the darn thing or I couldn't use the computer. Also because it slowed things down a bunch, made anything like accessing the drive from another OS an impossibility and generally did it's job. It was basically a trade off in usability/security that eventually rose past my patience for the useless personal email about inane things, porn and personal digital audio i was "protecting". Oh, i also spent a lot of time being paranoid about losing my USB token and therefore all my data because I just have that kind of worrysome personality.
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
I have been using BestCrypt for several years and it's great. Unfortunately it's the only solid product available on Linux and Windows that I know of.
Why can't you store long filenames on Linux? BestCrypt just provides a block device on which you can use any filesystem. FAT32/VFAT is fine for Linux-Windows work. I've formatted a Bestcrypt volume with fat, vfat, iso9660, ext2, ext3, reiserfs, all without any problem.
Another alternative is to use VMware and then use ext3 on Bestcrypt and serve Windows needs with Samba.
Well, I'm not sure if this is a mirror or the primary, but anyway check this out: Munitions - cryptographic software for Linux.
At home w/ SuSE I use cryptofs, but if you don't have SuSe here's something else that looks pretty good (And I think OpenBSD has this one too)-- CFS. I think there are actually a lot of options out there for you, just look around through Google.
It is not paranoid to be concerned with security. As a person who has recieved a "visit" from federal agents, I know of what I speak.
I view my machines as extensions of my mind. Whatever I have in my mind is private. No one's business except my own. I have nothing "illegal" on any of my machines, but I was once involved with what some people might deem "fringe" politics. The worst thing that could have happened was for someone to take information from me and use it against someone who shared my goals.
For example, let us say that there was an unsolved crime that happed in a specific place at a specific time. In order to discredit someone, the authorities would only need to place them nearby at the time of the crime. An old lady gets mugged and the mugger takes $50 from her. You happen to be 5 miles away at the time and you spend $45 on some widget...Next thing you know "We can't prove he did it, but he was in the area at the time and spending the same amount of money that was missing. Do you want to believe his word or ours?"
Don't ask why I'm anonymous.