Wrong solution
|
| Author | Content |
|---|---|
| jhansonxi Sep 27, 2009 10:19 PM EDT |
Only fools rely on an application's encryption to protect passwords. Encrypt the drive or don't bother at all. The only application whose encryption I use is KeePassX so I can send the database through email. I don't consider that by itself to be secure on a system so I encrypt the drive with LUKS/dm-crypt. |
| azerthoth Sep 27, 2009 10:22 PM EDT |
and for those who have to use windows as well, luks is supported on windows now as well. (winCE based PDA, its how I keep the data on my SD cards safe) |
| gus3 Sep 28, 2009 12:32 AM EDT |
Encrypt the entire volume, or don't encrypt it? How about file-by-file? When I get that, I can die happy. |
| tracyanne Sep 28, 2009 12:58 AM EDT |
Nah, leave the system open for the world to see. |
| jezuch Sep 28, 2009 2:24 AM EDT |
Encryting your drive means you have something to hide!!!11!!! |
| gus3 Sep 28, 2009 2:30 AM EDT |
Yes, from all the maleficent against me. |
| azerthoth Sep 28, 2009 11:17 AM EDT |
gus file by file is possible, but I dont know of a way to do it on the fly. Its an encrypt/decrypt cycle when ever you want access to it. Personally I am a big fan of on the fly, enter passphrase(s) once per session and be done with it. |
| Sander_Marechal Sep 28, 2009 11:23 AM EDT |
IIRC you can use GPG for file-by-file encryption. Not sure if/how that works for application files (like some application's password store) but it works fine for individual documents. It's also pretty well integrated into Gnome (and probably KDE as well). |
| gus3 Sep 28, 2009 11:33 AM EDT |
Quoting:file by file is possible, but I dont know of a way to do it on the fly.Ah, yes, I did forget that part. File-by-file, on the fly. |
| azerthoth Sep 28, 2009 2:26 PM EDT |
Now here is an option, now that I think about it. You can make an fake partition inside an existing and loop mount it. Once the basic grunt work is done you can make an alias or script that will mount it where you want. Basically use dd to make the container of however large you want, loop mount it, encrypt and format. I can toss together a how-to this evening if you want. Although I think TC wrote one some time ago that is listed in LXer somewhere. |
| jezuch Sep 28, 2009 2:34 PM EDT |
Quoting:file by file is possible, but I dont know of a way to do it on the fly. ecryptfs? AFAIK it's a stacking filesystem that you mount on top of a directory and it {en,de}crypts files (and directories?) in that dir on the fly. |
| krisum Sep 28, 2009 3:16 PM EDT |
EncFS also works for directory by directory and not file by file which should suffice for most needs. It provides a neat way to protect data when using online/offsite storage, for example, since it creates a tree structure corresponding to the source that can be synced using the usual tools. |
| Sander_Marechal Sep 28, 2009 4:57 PM EDT |
Yes, directory-per-directory is easy with Fuse and EncFS (or a variety of other encryption systems). File-by-file is something different though. Technically it's entirely feasible though, but you'd need a kernel module so you can sit in the I/O pipeline and do it on the fly. There also needs to be a userspace API so you can feed it credentials, certificates and what-not. |
| gus3 Sep 28, 2009 5:37 PM EDT |
So are you up to the task, Sander? |
| Sander_Marechal Sep 28, 2009 5:47 PM EDT |
Nope :-) I'm a decent developer but I am not a kernel developer, nor a security expert. Skills that are both required to make this happen. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!