I've used BestCrypt http://www.jetico.com/ on Linux for 6+ years now. This is a kernel plugin and a commandline tool for user-level volume creation, mounting, password change, etc. It features a good number of encryption methods and uses plain files on existing filesystems for storing the encrypted volumes.
Then I've created a number of BC volumes, all 650 mb, to allow for easy backup of the encrypted volumes to a CD. Each volume is used for a specific type of data: Personal stuff, work related stuff, "bulk" stuff (archives that I rarely use), etc.
When I login,.bash_login checks if the volumes are mounted and, if not, starts prompting for passwords. When I logout,.bash_logout asks if I want to unmount (close) the encrypted volumes.
If you are considing BestCrypt (BC), please be aware that kernel upgrades requires at least recompilation of BC (or a new rpm) and for major upgrades (2.4->2.6), you may have to wait for a new BC version to come out before upgrading. Not a problem for me, as I don't do the kernel circus.
For encrypted filesystems in general, do use a journaling filesystem on the volumes! My own volumes used to be ext2, since I had no journaling FS available, when they were created. After a spectacular server crash, I ended up with several hundred mb's of corrupted data. Not BC's fault - old Unix file-systems just aren't up to ugly crashes.
Nowadays, Linux itself features encrypted filesystems (lookback-something), but I haven't investigated, since my current solution has worked really well for me.
I have also considered encrypting all filesystems, but the hassle just isn't worth it for me - the server has 2x160 gb disks and the amount of sensitive data is just a few gb's. Actually I think encrypting my WinXP boxes is much more interesting. They don't hold any data, but they run applications that uses the data on the encrypted volumes - and I can't really expect (or trust) Windows to keep my private data private - temp files and such.
Better yet: Voice conversations gets indexed too and our previous telephone calls are suddenly searchable. This could be rather usefull, just as looking up old mails is today, but of course various matters (like privacy and storage) needs to be sorted out first.
Slashdot Mirror
I've used BestCrypt http://www.jetico.com/ on Linux for 6+ years now. This is a kernel plugin and a commandline tool for user-level volume creation, mounting, password change, etc. It features a good number of encryption methods and uses plain files on existing filesystems for storing the encrypted volumes.
.bash_login checks if the volumes are mounted and, if not, starts prompting for passwords. When I logout, .bash_logout asks if I want to unmount (close) the encrypted volumes.
Then I've created a number of BC volumes, all 650 mb, to allow for easy backup of the encrypted volumes to a CD. Each volume is used for a specific type of data: Personal stuff, work related stuff, "bulk" stuff (archives that I rarely use), etc.
When I login,
If you are considing BestCrypt (BC), please be aware that kernel upgrades requires at least recompilation of BC (or a new rpm) and for major upgrades (2.4->2.6), you may have to wait for a new BC version to come out before upgrading. Not a problem for me, as I don't do the kernel circus.
For encrypted filesystems in general, do use a journaling filesystem on the volumes! My own volumes used to be ext2, since I had no journaling FS available, when they were created. After a spectacular server crash, I ended up with several hundred mb's of corrupted data. Not BC's fault - old Unix file-systems just aren't up to ugly crashes.
Nowadays, Linux itself features encrypted filesystems (lookback-something), but I haven't investigated, since my current solution has worked really well for me.
I have also considered encrypting all filesystems, but the hassle just isn't worth it for me - the server has 2x160 gb disks and the amount of sensitive data is just a few gb's. Actually I think encrypting my WinXP boxes is much more interesting. They don't hold any data, but they run applications that uses the data on the encrypted volumes - and I can't really expect (or trust) Windows to keep my private data private - temp files and such.
Better yet: Voice conversations gets indexed too and our previous telephone calls are suddenly searchable. This could be rather usefull, just as looking up old mails is today, but of course various matters (like privacy and storage) needs to be sorted out first.