Thursday, May 1, 2008

Encrypted filesystems for Linux

There are a few encrypted filesystems for Linux. Ones aimed at distributed filesystems (NFS replacements): - "CFS", which has been packaged and is available from non-us.debian.org. - "TCFS", http://tcfs.dia.unisa.it/ I used CFS several years ago and it seemed to work well. My only complaint was that triple DES was a bit slow on my 486/33. Another approach which I am currently using involves patching the kernel to provide kernel level encrypted filesystems. I have updated a patch for kernel 2.0.36 which was originally released in 1996 for kernel 2.0.11. I have gotten good results with this using IDEA encryption on systems ranging from a 486/33 to PII-350. There are now encryption patches available for the new 2.2.x kernels. ftp://ftp.kerneli.org/pub/linux/kerneli/v2.2/patch-int-2.2.1.1.gz will add encryption to linux 2.2.1. I have not used this patch yet, but I will give it a try as soon as I update to slink and have a 2.2.x compatible system. When unmounted, the ability to scan the raw partition will not give your cracker any useful information. If they are really determined, they could scan raw /tmp and swap partitions for traces of sensitive data. Whether this is an issue depends on your required security level. When mounted, a root cracker would be able to read the all files on the partition. Mounting the partition requires a passphrase. The kernel approach will require patching and building custom versions of the kernel and mount programs.

IMPORTANT

All things mentioned here are solely related to Linux and its related things.The author has taken it from various thirdparty sites and creadit should be given accordingly.This has been done in order to simplify your searching task.The tips and tricks section hav various tricks mentioned.Please DO IT ON YOUR OWN RISK.THE AUTHOR DOESNOT TAKE ANY RESPONSIBILITY FOR ANY DAMAGE TO YOUR PROPERTY.

Add to Google Reader or Homepage Subscribe in NewsGator Online Add to My AOL