NetBSD's Crypto-Graphic Disk

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Wednesday December 28, 2005 @01:26AM from the can-you-crack-me-now dept.

An anonymous reader writes "Security-minded laptop users live in fear of theft, not only of their computer but also of their precious secret data. NetBSD's CGD project is a cryptographic virtual disk that can protect sensitive data while acting like a normal filesystem. Recently its author, Roland Dowdeswell, was interviewed and provided a lot of details, and made a comparison with Linux's Loop-AES, FreeBSD's GBDE, OpenBSD's svnd. This is a must-read for any laptop owner (and paranoid androids)!"

6 of 219 comments (clear)

Min score:

Reason:

Sort:

Interesting but not exactly new news by Ffakr · 2005-12-28 01:40 · Score: 4, Informative

This is interesting and all, but this isn't exactly a ground-breaking news item.
PGP lets you do this on various platforms.
As a matter of fact, this is how I manage personal info on my OS X Macintosh. I create an strong-encrypted virtual disk image with banking, internet login, software key, and (un)related information. When I need something I mount it and when I'm done I umount it and it's nice and safe (as long as I never tell Keychain to remember the password).
You can do this on a vanilla OS X install with Disk Utility.

ffakr

--
I'm not feeling witty so bite me
Re:mutually exclusive? by pepdar · 2005-12-28 01:43 · Score: 4, Informative

Mac OS X is a *nix OS.
It also features an encrypted file system, FileVault.
TrueCrypt for WIndows and Linux. by Futurepower(R) · 2005-12-28 01:44 · Score: 5, Informative

TrueCrypt is disk encryption software for Windows XP/2000/2003 and Linux. Version 4.1 was released last month. It seems to have been designed by people who are VERY serious about encryption. For example, TrueCrypt "provides two levels of plausible deniability".
1. Re:TrueCrypt for WIndows and Linux. by jbarr · 2005-12-28 02:54 · Score: 4, Informative
  
  I agree 100%. TrueCrypt lets you manage not only entire encrypted disks, but smaller, user-definable "container" volumes as well. These are all mounted as virtual drives, and are seamless to use. TrueCrypt works especially well with Thumb Drives.
  
  One thing I really like about TrueCrypt is that it just works. I have tried several commercial options and several that come with Thumb Drives, and they tend to be either too cutsey or kludgy to use. In almost all cases, they are cumbersome and just have an "unstable" feel about them. TrueCrypt is solid, quick, and also importantly, doesn't require any installation other than copying a couple files and launching the app. (It does come with an installer, but it isn't necessary.)
  
  Have a read of their FAQ and and you will see that a LOT of thought and effort has gone into this application.
  
  --
  My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
2. Re:TrueCrypt for WIndows and Linux. by trifish · 2005-12-28 03:23 · Score: 5, Informative
  
  You forgot to write a very important thing:
  
  TrueCrypt is open source and free (as in freedom and beer).
dm-crypt? by Gadzinka · 2005-12-28 05:27 · Score: 4, Informative
It's interesting to see xxxBSD user/developer comparing "just written" software for BSD with ancient versions of Linux counterparts and (surprisingly) finding xxxBSD version to be better. My point being: dm-crypt.

If you are interested in Linux 2.6 encrypted partition, use dm-crypt together with cryptsetup tool. It's much safer than AES loop and:
- it allows to use encryption algorithms in CBC mode;
- uses published linux kernel crypto API, which means that you can use any cipher known by kernel;
- because of the above, if kernel has hardware support for some crypto algo, dm-crypt uses it automagically: I have a very low power VIA Epia MicroITX board (soon to be replaced by even lower power Nano ITX board by Epia) serving as my home fileserver. The processor, VIA Nehemiah is disgustingly slow at it's 800MHz, but it has VIA Padlock crypt engine doing AES in hardware -- access speed on encrypted AES256-CBC partition is indistinguishable from the speed on the same non-encrypted disk, and a lot higher than on my Pentium M 1.6GHz notebook with Blowfish (i.e. the fastest-yet-quite-safe) dm-crypt partition.
- because it uses Crypto API, you can use any new safer or faster algo, whether it's done in software or hardware, as soon as there is crypto api driver for it (crypto using GPU anyone? ;)
- with existing cryptsetup tool you can create encrypted swap partition with random key taken from /dev/random; and since some platforms (e.g. VIA Epia, but also chipsets from Intel, AMD and others) have true hardware random generators with Linux drivers, I wish a lot of luck to someone trying to recover passwords from my swap device ;)
- while existing key generation method is not as kosher as described PKCS#5 PBKDF2 or multifactor solutions, cryptsetup is just a userspace tool controlling kernel space diskmapper virtual disk engine; you can write your own tool and initialize your dm-crypt partitions any way you want;
OK, I'm tired, go read the links and you'll be much wiser and better informed than after reading TFA ;)

Robert
--
Bastard Operator From 193.219.28.162