Slashdot Mirror

← Back to Stories (view on slashdot.org)

Simplified Disk Encryption Coming to GNOME

Posted by ryuzaki0 on from the keep-it-secret-keep-it-safe dept.

An anonymous reader writes "David Zeuthen of Red Hat has been working on adding encrypted volume support to HAL. The result is an infrastructure that is being developed to make working with encrypted volumes easier. David has published a screenshot documenting his work on his blog. The bottom line: attach a properly encrypted volume and the system will prompt you for a password and automatically mount it."

18 of 83 comments (clear)

  1. Disk encryption? by vandon · · Score: 3, Funny

    Won't everyone (ie Government entities) complain that Linux is now a haven for terrorists and pedophilles since only a criminal would want to encrypt their [disk|phone call|email|http connection]?

  2. Re:TrueCrypt by zhiwenchong · · Score: 3, Informative

    Mac OS X's DMG disk image format has had similar functionality (AES-128) for a long time too, but admittedly it is not cross-platform and open-source like TrueCrypt is.

  3. Re:Wrong level of the Stack by JanneM · · Score: 4, Informative

    HAL is not part of a desktop (not really sure why Gnome is mentioned here, other that that the initial user tools for this is Gnome based). It's a Hardware Abstraction Layer around the kernel to support stuff like hotplugging, file monitoring and so on in a nice, hardware-independent manner. It sounds like just about the right level to me. Isn't HAL used in most recent distros by now, no matter what desktop (if any)?

    --
    Trust the Computer. The Computer is your friend.
  4. Re:Wrong level of the Stack by QuantumG · · Score: 2, Insightful

    I dont know what you're talking about and I'm thinking it's because you don't either.

    --
    How we know is more important than what we know.
  5. Re:Wrong level of the Stack by BillKaos · · Score: 2, Informative
    Would have you read the article instead trying to do a FP, you would see that this is the same as automonting an USB disk.

    From TFA: While LUKS is a standard on-disk format, there is also a reference implementation. LUKS for dm-crypt is implemented in an enhanced version of cryptsetup.

    I guess dm-crypt is the right layer for that, done in the kernel by the device mapper. This only will ask you for you key before mounting it.

  6. For tech-savvy users there's already been solution by CRCulver · · Score: 4, Interesting

    These developments will bring file security to many non-technical users, but for the nerds out there there have already been practical solutions for some time.

    I've been keeping the hard disk of my Linux encrypted with twofish for over three years now (see the description of this encryption method in Bruce Schneier's magisterial Applied Cryptography ). Swap is encrypted with a random key generated on each boot-up. At first I used the old cryptoloop method, but as soon as the kernel support was there I switched to the crypto device-mapper target. I never noticed any performance penalties: this is a very efficient solution.

  7. Already in debian by elronxenu · · Score: 2, Informative
    Debian already has encryption, and it's very convenient.

    Install lvm2 (great for managing disk space), dmsetup, cryptsetup. Read this page and follow its instructions.

    You can create a block device of any size you want using lvm (so long as there is sufficient disk space of course) and then map that to another block device using the device mapper and the crypt filter. The original block device looks like random bytes and if you get the passphrase wrong the mapped block device still looks like random bytes (i.e. there's no way to confirm a correct passphrase except that the result looks sensible).

    Once you have set a passphrase, make a filesystem on the mapped block device. Go ahead and use it any way you like.

    1. Re:Already in debian by Omega+Hacker · · Score: 4, Informative

      Obviously you didn't read the whopping 3 paragraphs and look at the screenshot that makes it quite clear that what they're doing is making it actually easy to use an encrypted filesystem from a desktop GUI. The instructions you post don't integrate into the desktop, nor are they by any means easy, sorry.

      --
      GStreamer - The only way to stream!
  8. Re:TrueCrypt by MBGMorden · · Score: 4, Insightful

    It's one of my favorite programs, but TrueCrypt was Windows only until it was ported to Linux 4 months ago. Not exactly what I'd call "years".

    The Linux version is also a command-line program (or at least everything I've read on it have indicated as such). Integrating the same features into a nice interface would be a welcomed addition to the Gnome desktop.

    --
    "People who think they know everything are very annoying to those of us who do."-Mark Twain
  9. Re:Wrong level of the Stack by labratuk · · Score: 2, Informative

    Don't worry, the article title is just a bit misleading. All this really is is hooks being built into HAL (dynamic hardware framework) so that users can mount crypted filesystems with a pretty frontend.

    What you're saying is like saying "My OS shouldn't ask me with a GUI bubble what to do with a memory stick. That's part of the filesystem layer. Much lower layer than the GUI."

    This isn't using gnomevfs.

    And when it comes to building 'secondary' VFSs, there's a good argument for keeping things out of the kernel. It's supposed to be a unix kernel, not a plan9 kernel.

    --
    Malike Bamiyi wanted my assistance.
  10. Re:They're not writing a new file system.. by dzeuthen · · Score: 2, Interesting
    Also notice his screenshot still shows the USB key not being mounted 'sync'. Sigh. That so needs changed. One thing at a time I guess. :)

    Actually the new thing is the 'flush' mount option that don't wear out flash drives and destroys performance like 'sync' does. Someone at SUSE wrote an experimental 'flush' patch for vfat and it seems possible to do for other file systems too. It will go upstream and some point...

  11. Re:Wrong level of the Stack by Omega+Hacker · · Score: 2, Insightful

    Doesn't look fixed to me when a Gnome app can't save a file somewhere that the users (who don't give a d*mn what Gnome or KDE are) can see just fine in their KDE file browser. In my book that's called a "bug".

    --
    GStreamer - The only way to stream!
  12. Too confusing for consumers ? by PentAthl337 · · Score: 3, Funny
    an infrastructure that is being developed to make working with encrypted volumes easier

    Maybe the new version will be called GNOME_PRO and the old will be GNOME_HOME edition?

  13. Re:Of course they will. by Nimey · · Score: 2

    If you've actually got proof that there's a backdoor in PGP, then prove it. I think you're full of shit.

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  14. Re:I think my information is safe enough without i by amliebsch · · Score: 4, Interesting
    I heard a fascinating report on NPR this morning about how even though so many options for email and file encryption are coming available, very few people actually use them. Even the big privacy advocates who encourage people to use encryption, it turns out, don't use encryption very much. I think a large part of it is because people don't actually think their data is worth encrypting. The other part of it is that the infrastructure is not ubiquotous enough or simple enough to make it worthwhile for everyday use.

    In any case, the story is definitely worth a listen.

    --
    If you don't know where you are going, you will wind up somewhere else.
  15. Re:Wrong level of the Stack by kwalker · · Score: 2, Informative

    I'm going to try to correct you as gently as I can (So unlike Slashdot, I know). But it's done this way to make it compatible. The crypto is at the level it is so it is FS agnostic (I'm using it now on top of LVM and underneath ReiserFS).

    In other words, it's at the block level, not the FS level. It creates no problems for anything using the "standard" Linux APIs because unless they're working on the block level, they won't even know it's there.

    The user is not locked out of the data unless the user forgets the password while mounting the device/file/partition/LV. Once it's mounted, the key is retained in the kernel and life goes on. It can present problems in using it for system-level filesystems (/home, /usr, etc) but that's something the distro maintainers will have to tackle since you will either need to be present when the system boots (to type in the key) or have it grab the key from an unencrypted location accessible to the system (Some people use remote servers, some us USB drives, whatever).

    This is perfect for removable drives (USB, FireWire, etc).

    --
    ... And so it comes to this.
  16. Re:I think my information is safe enough without i by Hortensia+Patel · · Score: 2, Insightful

    Interesting. In addition to the factors you mention, maybe people are more afraid of losing access to their data than of someone else gaining access to it. Forgetting passwords is the obvious risk, but I'd imagine that it's also significantly trickier to recover data from an encrypted filesystem if and when something breaks.

  17. Re:TrueCrypt by fcgreg · · Score: 2, Insightful

    Yes. The first reason that comes to mind is cross-platform encrypted volumes. For example, TrueCrypt is very nice for using encrypted volumes between Windows and Linux systems (e.g., USB Flash drives, portable HDD's, etc.).

    --
    Greg T.