Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypt Filesystems with EncFS and Loop-AES

Posted by ryuzaki0 on from the no-peeking dept.

Linux.com (Slashdot sister site) has a quick look a file encryption using EncFS and Loop-AES as examples before briefly examining other options. From the article: "you can find a number of options for filesystem encryption in Linux exist, depending on your needs. The most important thing when choosing which one to use is to be clear about your needs. Will the size of the files you need to encrypt grow or stay static? Do you need to encrypt certain files or entire partitions? What level of security do you need? Answers to these questions will help determine the most appropriate program to use."

10 of 63 comments (clear)

  1. For good, easy, root encryption by GenKreton · · Score: 2, Interesting

    I use LUKS (Linux Unified Key Setup) on several of my machines. It is an extension onto cryptsetup and uses dm-cryp instead of loopaes. It is fairly easy to setup and allows for multiple users with different phrases if needed as well as tokens. It has treated me much better than loop aes had in the past.

    http://luks.endorphin.org/

  2. eCryptfs by omnirealm · · Score: 5, Informative

    Don't forget this new competitor: eCryptfs, mostly written and supported by IBM, and fully GPL:

    http://ecryptfs.sf.net/

    It's all in the kernel, which means that shares memory mapping work (unlike userspace filesystems), and it keeps metadata on a per-file basis, which is *really* nice for things like incremental backup utilities.

    --
    An unjust law is no law at all. - St. Augustine
  3. Encfs by toad3k · · Score: 2, Interesting

    Encfs is great, if you are x86. I made the mistake of unmasking it on gentoo amd64 and it flipped out and I ended up sorting through 300+ files in my l+f directory from my corrupted partition. But for x86 it is very convenient, I highly recommend.

  4. Re:Going nowhere slowly by Trelane · · Score: 2, Informative
    Let me know when LUKS (Linux Unified Key Setup)/dm-crypt or any other of these tools can actually make a simple out-of-the-box GUI which is usable.
    Sir/Ma'am? It's time.
    --

    --
    Given enough personal experience, all stereotypes are shallow.
  5. Why I'll never use kernel level encryption again by brunes69 · · Score: 2, Informative

    I had a parition (approx 80 GB of data) encrypted via loop-AES in kernel 2.4. After the upgrade to kernel 2.6, I found I was unable to mount the partition correctly, unless I specified a depricated option when building the crypto loop tools.

    After doing so, I mounted the parition and everything proceeded normally...

    That is until a few months later when I upgraded my system again. Suddenly my parition was unreadable, and the previous option did not work in cryptoloop anymore. I posted for weeks on boards and IRC channels trying to decrypt this data, but no one could help me.

    So in the end I gave up on it.

    After that nightmare I am never using kernel-level decryptuon again. The fact that the routines lie in the kernel, but the utilities in userspace, makes for a maitence nightmare when you end up upgrading one but the other. From now on all my encryption options will be userspace *only*.

  6. Re:Using encryption suggests criminality by cyber0ne · · Score: 5, Insightful

    What is so important that you Linux hippies feel the need to encrypt?

    I may be a Linux user, but if anyone thinks I'm a "hippie" then they really need to re-define the term.

    Do you have something to hide?

    Maybe, maybe not. Either way, it's none of your business or anybody else's.

    It's kiddy porn, isn't it? Be honest!

    <sarcasm>You know, if kiddie porn is such a problem on the internet, how come I can never find any?</sarcasm>

    I for one am glad that Microsoft doesn't help out the terrorists and pedophiles in their illegal activity.

    So am I. We don't want their kind of "help."

    Their encrypting filesystem includes numerous backdoors to assist law enforcement.

    Case in point.

    I just wish the OSS community would do the same.

    Simple enough. Write your own. Make it as terrible as you want. Post the source on Sourceforge. Then the "OSS community" will have done the same. It won't be very popular, but it'll be there.

    In all seriousness, it's not about hiding criminal activity. Honestly, the current state of US politics (that is, after all, where I live) kind of scares me. I may not be engaging in illegal activity now, but how many of my current activities will be considered illegal in the future? The last thing I need is for some "law enforcement" entity to go grepping my emails and IM logs looking for something to pin on me.

    I have nothing to hide. I also have nothing to share. Nothing to see here, please move along.

    --
    http://publicvoidlife.blogspot.com
  7. Compatible with MacOS X FileVault? by tji · · Score: 2, Insightful

    MacOS includes this functionality, in what sounds like a very similar manner. It can create a disk file, which is AES encrypted, and you can mount like any other disk. They also have the option of encrypting your whole home directory, but I've heard of people having problems with that..

    Which, if any, encrypted Linux filesystems are compatible with MacOS's filevault?

  8. Re:Why I'll never use kernel level encryption agai by sholden · · Score: 5, Informative

    Why bother waiting so long:

    1. boot into the old kernel/backout the upgrade.
    2. Mount encrypted filesystem and copy data elsewhere
    3. Create encrypted filesystem such that you don't get deprecated warnings.
    4. Copy the data back.

    I really can't understand continuing with something marked deprecated anyway - certainly not doing an upgrade while doing so. What do you think deprecated means? I'd be doing steps 2-4 as soon as the deprecated option was needed.

  9. Re:Dynamically sized encrypted filesystem by niskel · · Score: 2, Insightful

    Did you RTFA? (this is Slashdot, stupid question) This is what the whole purpose of EncFS is, you don't need to pre-allocate a set amount of disk space.

  10. Re:Using encryption suggests criminality by Technician · · Score: 2, Informative

    What is so important that you Linux hippies feel the need to encrypt? Do you have something to hide?

    Yes I do have something to hide.

    For starters to prevent banking identity theft, I use various passwords instead of a publicly searchable mother's maiden name.

    First thing to hide is the list of all my CC's, expiration dates, phone numbers to call in case of theft, and the password used for each instead of mother's maiden name.

    Second is past years Turbo Tax tax returns. Those are a gold mine for identity thieves including SSN DOB Dependants Property address etc. You bet that goes into encrypted storage.

    3rd is Website log-ins. I visit Slashdot often enough to remember my password. The same is not true for my UBS account.

    4th is a central repository of registered software including ID number and keys.

    5th is a property inventory list including make model serial number date of purchase etc. You many not be interested in my laptop serial number, but I don't need anyone with an axe to grind listing it with the local police as stolen. Can you prove you own your laptop if someone else lists it as stolen? If it is stolen, can you provide a list including model, serial number for both police and insurance?

    This is not a complete list.

    Just what do you have on your computer that you don't mind me looking into?

    I'm sure there is something you'd rather not have public.

    --
    The truth shall set you free!