Simplified Disk Encryption Coming to GNOME

An anonymous reader writes "David Zeuthen of Red Hat has been working on adding encrypted volume support to HAL. The result is an infrastructure that is being developed to make working with encrypted volumes easier. David has published a screenshot documenting his work on his blog. The bottom line: attach a properly encrypted volume and the system will prompt you for a password and automatically mount it."

For tech-savvy users there's already been solution

[CRCulver]

These developments will bring file security to many non-technical users, but for the nerds out there there have already been practical solutions for some time.

I've been keeping the hard disk of my Linux encrypted with twofish for over three years now (see the description of this encryption method in Bruce Schneier's magisterial Applied Cryptography ). Swap is encrypted with a random key generated on each boot-up. At first I used the old cryptoloop method, but as soon as the kernel support was there I switched to the crypto device-mapper target. I never noticed any performance penalties: this is a very efficient solution.

Re:They're not writing a new file system..

[dzeuthen]

Also notice his screenshot still shows the USB key not being mounted 'sync'. Sigh. That so needs changed. One thing at a time I guess. :)

Actually the new thing is the 'flush' mount option that don't wear out flash drives and destroys performance like 'sync' does. Someone at SUSE wrote an experimental 'flush' patch for vfat and it seems possible to do for other file systems too. It will go upstream and some point...

Re:I think my information is safe enough without i

[amliebsch]

I heard a fascinating report on NPR this morning about how even though so many options for email and file encryption are coming available, very few people actually use them. Even the big privacy advocates who encourage people to use encryption, it turns out, don't use encryption very much. I think a large part of it is because people don't actually think their data is worth encrypting. The other part of it is that the infrastructure is not ubiquotous enough or simple enough to make it worthwhile for everyday use.

In any case, the story is definitely worth a listen.