Slashdot Mirror

← Back to Stories (view on slashdot.org)

Five of the Best Free Linux Disk Encryption Tools

Posted by Roblimo on from the some-things-are-best-kept-out-of-public-view dept.

An anonymous reader writes "Disk encryption uses software to encrypt the entire hard disk. The onus is therefore not on the user to determine what data should be encrypted, or to remember to manually encrypt files. By encrypting the entire disk, temporary files, which may reveal important confidential data, are also protected. Security is enhanced further when disk encryption is combined with filesystem-level encryption. To provide an insight into the open source software that is available, we have compiled a list of five notable disk encryption tools. Hopefully, there will be something of interest here for anyone who wants easy-to-use data encryption and security."

27 of 135 comments (clear)

  1. Link? List? by Goose+In+Orbit · · Score: 3, Informative

    Or a linked list even?

    1. Re:Link? List? by blacktulip · · Score: 5, Funny

      They encrypted themselves so you can not see them.

    2. Re:Link? List? by ColdWetDog · · Score: 4, Informative

      Here. Not so hard, but bog - can't the submitter figure that out? Slow down, guys, nobody is gonna scoop you on this stuff.

      --
      Faster! Faster! Faster would be better!
    3. Re:Link? List? by CyberK · · Score: 5, Insightful

      The submitter had the link (check Firehose), but it seems that the edititors deemd the submission to be too long and chopped it off. After all, this is Slashdot and nobody RTFAs anyway.

    4. Re:Link? List? by causality · · Score: 5, Interesting

      Can't the editor, "Roblimo," proofread the submission? Isn't that practically their entire function?

      Can they? Yes. Do they? No. They don't even run basic spell-checkers as evidenced by multiple finalized submissions. I'd personally be ashamed to put my name to much of the work they produce. If they worked in the other 99.99999% of job positions bearing the title "editor" they would be fired due to poor job performance. In this shitty job market I imagine there are many thousands of people who would be happy to do better.

      I don't get to slack like that in my job. If the "editors" here started acting like they were semi-worthy of the title I would seriously consider a paid subscription. Note, I don't expect perfection or anything like that. I just want them to at least try.

      They should stop calling themselves "editors". Another title like perhaps "reposters" would be more appropriate and would remove the expectation that they act like, well, editors.

      I notice that any post pointing out that the ad-laden blog they chose to link in the summary is one of the worst and least-direct (second-hand or third-hand) sources available for the story, or pointing out that (particularly for book reviews) the story itself is likely a Slashvertisement, well those get very quickly modded to oblivion. And I do mean *quickly*. I wouldn't notice most of them at all except that I browse at -1.

      While I cannot prove that it's solely the editors doing that, it is known that editors have infinite modpoints. So I consider it quite plausible, especially considering that I can't be the only user who considers it useful information when someone points out what may be an undisclosed marketing motive. I tend to mod those "Informative" myself so long as they are thoughtful and can back up what they say. I have seen more unlikely things happen, I admit, but I have a hard time imagining that the majority of moderators find such information so objectionable.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    5. Re:Link? List? by MoeDumb · · Score: 2

      flamebate: to flame oneself until burnout is achieved.

      --
      Mod Me Up. You'll make a grown man cry.
  2. Best of slashdot editing! by Anonymous Coward · · Score: 4, Insightful

    Today we bring you the best of slashdot editing. We cut out all the hard parts for you, like links, and real information.

    FYI: http://www.linuxlinks.com/article/2011040308270275/DiskEncryption.html

  3. XKCD by Anonymous Coward · · Score: 5, Funny

    http://xkcd.com/538/

    1. Re:XKCD by waveclaw · · Score: 2

      That xkcd always amused me.

      The only way to really delete something is to encrypt it. Then forget the key.

      Going to burn through a few wrenches before you find that out. Too bad most people only have two knees.

      Relevant to the topic? I have about a dozen CDs of 'encrypted' Linux files that can no longer be opened. Apparently the old cryptoloop encryption implementation on my particular distro was somewhat buggy. The encrypted file system that was contained in those files could only be opened on the original PC. Which promptly died. (Thank you Murphy.)

      Fortunately things like luks + cryptsetup made that specific cryptodisk implementation obsolete.

      --

      "You cannot have a General Will unless you have shared experiences. You cannot be fair to people you don't know."
  4. loopback-AES changed recently? by Anonymous Coward · · Score: 2, Interesting

    I've had some loopback containers using AES-256 since years and years. Recently after upgrading to Ubuntu 11.04, the same containers no longer will mount, yet I can create brand new ones which work fine. It seems that the old ones are not forward compatible.

    Has anyone else noticed this, and if so, what can be done about it? It's really kind of annoying to have to install a whole VM of an older OS just to access my old loopback container files!

    1. Re:loopback-AES changed recently? by Anonymous Coward · · Score: 3, Informative

      The default cipher and flags changed, be sure to find out what they used to be.

      I had this problem too and by setting explicit opt got it working

  5. encfs? by Anonymous Coward · · Score: 2, Informative

    Really, no encfs? Used it for years -- works great, never had any hiccups with it.

  6. There can be only one by RenHoek · · Score: 4, Informative

    http://www.truecrypt.org/

    There we go.. I don't understand this is still a question.

    1. Re:There can be only one by Anrego · · Score: 5, Interesting

      dmcrypt for me!

      But yeah, truecrypt and dmcrypt are all people really need to know about. They both do mostly the same thing with slight variation, which people choose is down to preference.

      LoopAES is outdated, cryptsetup is a userspace tool linked to dm-crypt, and the other is specialized.

      Pretty lame article.

    2. Re:There can be only one by westyvw · · Score: 4, Informative

      I used to set up encryption using fuse and encfs. That worked well enough for me. The problem I have with Truecrypt is that I have to define a file size before hand. Is there a function for Truecrypt to use cowfs or auto resizing files?

    3. Re:There can be only one by asnelt · · Score: 3, Informative

      Sorry, I just noticed that you can now distribute modified versions of TrueCrypt. They must have changed the license.

    4. Re:There can be only one by knifeyspooney · · Score: 2

      For whole disk encryption, TrueCrypt installs a driver between Windows and BIOS that provides transparent crypto service to Windows. And it's only for Windows. For Linux whole disk encryption, something like LUKS is needed.

    5. Re:There can be only one by knifeyspooney · · Score: 2

      If that volume contains the root filesystem, then you won't be able to boot.

    6. Re:There can be only one by sauge · · Score: 4, Interesting

      Cross operating system compatibility. I can put something (like my tax info) on a true crypt disk on my Mac, and then email it to my mom (an accountant) who can open it on her windows PC.

      Which leads to another benefit, my mom is no system administrator, but she can open a file, enter a password, and double click the file within.

      Further more, if I want to deal with it - I can put it on my Linux machines.

      Finally, if a technician needs to fiddle with the system, I can unmount the drives and let them in with (less) worry about what they may find. (Tend to deal with health care information.) In other words, I can compartmentalize who can see what.

  7. Where's eCryptfs? by Anonymous Coward · · Score: 2, Insightful

    eCryptfs is the default disk encryption technology shipping in Ubuntu. You can turn it on from the installer. How does that not make the list? I've never even heard of SD4L.

  8. Submission untouched by human hands by countertrolling · · Score: 4, Informative

    It's an ad link site.. Turn off your cookies on these guys..

    Information that is provided to advertisers consists of aggregate statistics that we collate. This includes geographical and psychographic* information.

    When links are submitted to our site, we request that the sender provides us with their real name and email address.

    You know the routine..

    *Huh??

    --
    For justice, we must go to Don Corleone
  9. left out the obvious choice by jlmsprings · · Score: 2

    Doesn't matter if the link is in the post or not. The article left out luks

    1. Re:left out the obvious choice by 93+Escort+Wagon · · Score: 2

      Doesn't matter if the link is in the post or not. The article left out luks

      No, it didn't.

      --
      #DeleteChrome
  10. Re:Hardware encryption? by etymxris · · Score: 2

    Well do you trust proprietary encryption implementations? I don't.

    http://www.rohos.com/2010/02/hardware-encryption-vulnerability-of-kingston-and-sandisk-usb-flash-drives/

  11. Re:Temporary files in memory, not encrypted by loufoque · · Score: 2

    The subject of a message counts as a headline to me.

  12. Re:Security? by Baseclass · · Score: 2

    You're missing the point. whether or not my data is worth compromising (which I whole heatedly believe that it is), is irrelevant.
    Setting aside the fact that I may have cached passwords and financial information stored on my hard drive, the fourth amendment
    is meant to guard against unreasonable searches and seizures. Since the US government has chosen to ignore the constitution, I believe that a "better safe than sorry" approach is quite prudent to say the least. You might want to check if you're currently located in a Constitution Free Zone as well.

    --
    ^^vv<><>BA
  13. Re:OS X Corollary? by Voline · · Score: 2

    If you're worried that a proprietary framework might be compromised by the Government threatening/bribing Apple into implementing a back door ...

    "We can make that FCC investigation into the back-dating of executive stock options go away, Mr Jobs. If you'll cooperate with the government ..."

    ... or you just want a solution that works better with Time Machine than FileVault does, here is a How-To on getting EncFS full-disk encrytion working on Mac OS X.

    Nota bene: I have not tried this yet myself.