On Friday 15 August 2003 10:15, Radamanthus Batnag wrote: > I asked Mr. Google about encrypting filesystems on linux, and, I found > none. What I found were instructions on how to recompile the kernel to add > the Linux Crypto API, then create a loopback device that points to an > encrypted file. Or something like that. This is too-non-standard for our > meager IT capabilities, I'm not sure if we can support a setup like this.
try Mandrake 9.1. The support for loopback encrypted devices is already built-in. No need to compile kernels, build the userland tools with support for encryption, etc. The only weakness i find is in the choice of ciphers. MDK 9.1 only has support for AES128, AES196, AES256, AES (password is fed directly into the cipher), XOR (considered insecure probably because passwords are not going to be long enough to be really secure). It'd be nice to have other ciphers, e.g. blowfish, twofish, serpent, etc. I wouldn't be surprised if some of the security enhanced distributions have better cipher support. But for now, AES256 is good enough. Setting up an encrypted filesystem is trivial too. I have an abbreviated list of things to do at http://bopolissimus.sni.ph. Search for "encrypted filesystems on Mandrake". i wrote it up just yesterday. I'd give you a permalink, but I don't have that working right yet and since the site is for personal use, I don't care enough about it to bump up its priority :). > to use: right-click, click properties, click 'Advanced', then check the > 'encrypt' button. done. :-). yeah, it would be nice if you could do that. but i'm sure there's no way to do that. i'm also not sure what you do about mounting the filesystem automatically. mine i set to noauto in /etc/fstab. then i just "losetup -e ..." and mount at the command line later. works for me, but not as convenient as being able to have it automatically mounted (with user intervention to type in the passphrase at boot time). > 2. Setting up and supporting a encrypting linux filesystem isn't that > hard got that covered, see above. i only use mandrake (no time to fiddle with other distributions), and i really like the PARANOID security level (some things are a pain, e.g., ls -l /etc doesn't work as a regular user, you need to know what program to run because you can't even look at what directories contain unless you own them), but it makes me feel better, and after a while you get used to the things you can't do. good luck. tiger -- Gerald Timothy Quimpo gquimpo*hotmail.com tiger*sni*ph http://bopolissimus.sni.ph an xcdngl nntrstng jrnl Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" No! Do, or do not! There is no try. -- Yoda -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
