Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Five of the Best Free Linux Disk Encryption Tools

Roblimo posted more than 3 years ago | from the some-things-are-best-kept-out-of-public-view dept.

Encryption 135

An anonymous reader writes "Disk encryption uses software to encrypt the entire hard disk. The onus is therefore not on the user to determine what data should be encrypted, or to remember to manually encrypt files. By encrypting the entire disk, temporary files, which may reveal important confidential data, are also protected. Security is enhanced further when disk encryption is combined with filesystem-level encryption. To provide an insight into the open source software that is available, we have compiled a list of five notable disk encryption tools. Hopefully, there will be something of interest here for anyone who wants easy-to-use data encryption and security."

cancel ×

135 comments

Link? List? (3, Informative)

Goose In Orbit (199293) | more than 3 years ago | (#35770242)

Or a linked list even?

Re:Link? List? (5, Funny)

blacktulip (1980426) | more than 3 years ago | (#35770260)

They encrypted themselves so you can not see them.

Re:Link? List? (4, Informative)

ColdWetDog (752185) | more than 3 years ago | (#35770268)

Here [linuxlinks.com] . Not so hard, but bog - can't the submitter figure that out? Slow down, guys, nobody is gonna scoop you on this stuff.

Re:Link? List? (1)

Anonymous Coward | more than 3 years ago | (#35770298)

Can't the editor, "Roblimo," proofread the submission? Isn't that practically their entire function?

Re:Link? List? (5, Interesting)

causality (777677) | more than 3 years ago | (#35770674)

Can't the editor, "Roblimo," proofread the submission? Isn't that practically their entire function?

Can they? Yes. Do they? No. They don't even run basic spell-checkers as evidenced by multiple finalized submissions. I'd personally be ashamed to put my name to much of the work they produce. If they worked in the other 99.99999% of job positions bearing the title "editor" they would be fired due to poor job performance. In this shitty job market I imagine there are many thousands of people who would be happy to do better.

I don't get to slack like that in my job. If the "editors" here started acting like they were semi-worthy of the title I would seriously consider a paid subscription. Note, I don't expect perfection or anything like that. I just want them to at least try.

They should stop calling themselves "editors". Another title like perhaps "reposters" would be more appropriate and would remove the expectation that they act like, well, editors.

I notice that any post pointing out that the ad-laden blog they chose to link in the summary is one of the worst and least-direct (second-hand or third-hand) sources available for the story, or pointing out that (particularly for book reviews) the story itself is likely a Slashvertisement, well those get very quickly modded to oblivion. And I do mean *quickly*. I wouldn't notice most of them at all except that I browse at -1.

While I cannot prove that it's solely the editors doing that, it is known that editors have infinite modpoints. So I consider it quite plausible, especially considering that I can't be the only user who considers it useful information when someone points out what may be an undisclosed marketing motive. I tend to mod those "Informative" myself so long as they are thoughtful and can back up what they say. I have seen more unlikely things happen, I admit, but I have a hard time imagining that the majority of moderators find such information so objectionable.

Re:Link? List? (0)

c6gunner (950153) | more than 3 years ago | (#35771206)

They should stop calling themselves "editors". Another title like perhaps "reposters" would be more appropriate and would remove the expectation that they act like, well, editors.

Even "reporters" gives them too much credit. I think "copy-and-pasters" would be much more accurate.

Re:Link? List? (0)

Anonymous Coward | more than 3 years ago | (#35771368)

Um, that's probably why they said "Reposters" and not "Reporters". Slow down a little when you read, you'll get more out of it that way.

Re:Link? List? (1)

A nonymous Coward (7548) | more than 3 years ago | (#35772028)

He said "reposters", not "reporters". You are as bad at reading as they are.

Re:Link? List? (1, Funny)

c6gunner (950153) | more than 3 years ago | (#35772178)

You start paying me to comment, I can guarantee a massive improvement.

Re:Link? List? (1)

MoeDumb (1108389) | more than 3 years ago | (#35772226)

First you show improvement, then we pay you.

Re:Link? List? (1)

Roblimo (357) | more than 3 years ago | (#35770920)

The link works for me in both Chrome and Firefox. I don't have Explorer handy, so I can't test it with that browser.

  I'm sorry you're having problems, but I don't see anything wrong.

And yes, I proofread everything and check all links.

Re:Link? List? (1)

Fwipp (1473271) | more than 3 years ago | (#35771048)

You must have fixed it, because when it first went up there was no link.

Re:Link? List? (1)

Roblimo (357) | more than 3 years ago | (#35771550)

Nope. Didn't touch a thing. But there's no point in arguing. The backend was doing some strange things earlier, but not *that* strange. Another mystery of the Internet.

Re:Link? List? (0)

Anonymous Coward | more than 3 years ago | (#35770346)

Here [linuxlinks.com] . Not so hard, but bog - can't the submitter figure that out? Slow down, guys, nobody is gonna scoop you on this stuff.

"The bwshare module will refuse your requests for the next 1139999994000000000 seconds.
You have made too many requests per second. "
I like how clicking the link gave me that. Isn't that like... a few million years or more?

Re:Link? List? (0)

Anonymous Coward | more than 3 years ago | (#35771562)

Yes a little more than a few million years. (Approximately 3.6 x 10^10 years.)

Re:Link? List? (5, Insightful)

CyberK (1191465) | more than 3 years ago | (#35770418)

The submitter had the link (check Firehose), but it seems that the edititors deemd the submission to be too long and chopped it off. After all, this is Slashdot and nobody RTFAs anyway.

Re:Link? List? (1)

houstonbofh (602064) | more than 3 years ago | (#35770530)

Do I mod this funny, insightful, informative, or flamebate? Tough call...

Re:Link? List? (1)

ColdWetDog (752185) | more than 3 years ago | (#35770538)

Yes.

Re:Link? List? (2)

MoeDumb (1108389) | more than 3 years ago | (#35772238)

flamebate: to flame oneself until burnout is achieved.

Re:Link? List? (1)

countertrolling (1585477) | more than 3 years ago | (#35771008)

The 'submitter' has been updated to reduce the chances of a reoccurrence, though it still might happen.

Re:Link? List? (-1, Troll)

linuxxzealot (2037748) | more than 3 years ago | (#35770436)

Here [c2.com] help yourself.

Goatse (1)

houstonbofh (602064) | more than 3 years ago | (#35770536)

Really? Are you not tired of this yet?

Re:Goatse (1)

browntulip (2037764) | more than 3 years ago | (#35770610)

Why should I, :

"Ugh. Goatse. You asshole."
"I hope you die in a fire before you are old enough to contaminate the gene pool."
"Ugh. Goatse. NSFW. Asshole (poster and picture, both)."
"Why the sudden coordinated campaign for Goatse? Is someone making money off this?"
"I did not even bother to look, but this same idiot has been doing this for weeks now. Fuck off asshole."
"Thanks, I'm reading slashdot in class like a good student and just got tubgirl'd."
"you are one dedicated troll."
"Parent should be modded down. Link is NSFW and mentally scarring."
"mod to -1, please. this guy is an 'asshole'.... (yes, you guessed it)"
"Seriously ... new account to post that ... what a douche!"
"Argh. Goatse alert..."
"Oh dear god my eyes. Haven't seen THAT awful image in a while."
"Grow up"
just post the damn url, i'm not going to click on a tinyurl link and get goatse'd or something..
Don't click the link! Goatse wannabe.
Well played, sir. Well played.
Goatse URL - Haven't seen that guy in a while
Doh! One has to also recognize data urls. *sigh*
Someone please mod this guy down... Don't click his link.
nice goatse. i like...
i WAS eating lunch you ass!
Asshole... Ginormous asshole, in fact.
Urgh...dammit, am I the only one thinking the goatse trolls are getting worse lately than they have been in the past five years? Are they gaming the mod system or something?
Really? Are you not tired of this yet?
Another quote in my troll food list.

Never Fear! (0, Troll)

GoatseWarning! (2037768) | more than 3 years ago | (#35770628)

GoatseWarning! is here.

Parent's link is goatese or goatsesqe

Re:Link? List? (0)

Anonymous Coward | more than 3 years ago | (#35770480)

#define LOOPAES 1 // Encrypt disk partitions, removable media, swap space and other devices
#define DMCRYPT 2 // Transparent disk encryption subsystem
#define CRYPTSETUP 3 // Configures encrypted block devices
#define SD4L 4 // Hides complete file systems within encrypted regular files
#define TRUECRYPT 5 // Used for on-the-fly encryption

typedef struct gooseOrbit
{
            int data;
            gooseOrbit *next;
};

int main() {

gooseOrbit type1;
gooseOrbit type2;
gooseOrbit type3;
gooseOrbit type4;
gooseOrbit type5;

type1.data = LOOPAES;
type2.data = DMCRYPT;
type3.data = CRYPTSETUP;
type4.data = SD4L;
type5.data = TRUECRYPT;

type1.gooseOrbit =
type1.gooseOrbit =
type1.gooseOrbit =
type1.gooseOrbit =
type1.gooseOrbit = // lol.

return 0;
} // Forgive me if I'm wrong, haven't written c/c++ for like 5 years.

Best of slashdot editing! (4, Insightful)

Anonymous Coward | more than 3 years ago | (#35770264)

Today we bring you the best of slashdot editing. We cut out all the hard parts for you, like links, and real information.

FYI: http://www.linuxlinks.com/article/2011040308270275/DiskEncryption.html

FAIL - LINK (0)

Anonymous Coward | more than 3 years ago | (#35770308)

The link is http://www.linuxlinks.com/article/2011040308270275/DiskEncryption.html

The /. mod's are taking the day off - tl;dr i guess?

Re:FAIL - LINK (1)

houstonbofh (602064) | more than 3 years ago | (#35770544)

Day?

XKCD (5, Funny)

Anonymous Coward | more than 3 years ago | (#35770326)

http://xkcd.com/538/

Re:XKCD (2)

waveclaw (43274) | more than 3 years ago | (#35770590)

That xkcd always amused me.

The only way to really delete something is to encrypt it. Then forget the key.

Going to burn through a few wrenches before you find that out. Too bad most people only have two knees.

Relevant to the topic? I have about a dozen CDs of 'encrypted' Linux files that can no longer be opened. Apparently the old cryptoloop encryption implementation on my particular distro was somewhat buggy. The encrypted file system that was contained in those files could only be opened on the original PC. Which promptly died. (Thank you Murphy.)

Fortunately things like luks + cryptsetup [google.com] made that specific cryptodisk implementation obsolete.

Re:XKCD (0)

Anonymous Coward | more than 3 years ago | (#35771256)

If your encryption software allows for a salt file (like for example, OpenBSD's vnconfig) then you end up with two secrets items: something you have (the salt file) and something you know (the passphrase). It's a lot more secure than using just one of those things. And if you should happen to wipe the salt file from your disk on purpose (which would take only a couple seconds), then no amount of drugs or wrench-bashing is going to help any attackers. You could also carry the salt file on a separate USB key and "lose" it if the shit hits the fan (by lose it, I mean throw it in a sewer drain, or something).

Re:XKCD (1)

Anonymous Coward | more than 3 years ago | (#35770726)

Sure that is funny, but that comic isn't as true as you think. The only people who will beat you until you give up the key are those that a) can get away with it, b) know that you have what they want. Criminals who steal hard drives, etc. aren't going to go breaking legs for the encryption keys because they don't know whats on the disk and would likely goto jail for it. Even government agents would have to know that you have what they're looking for, and in the US they aren't likely to be torturing you unless you're actually important. They might put you in jail however.

Re:XKCD (1)

Anonymous Coward | more than 3 years ago | (#35770736)

Yes, but no. The US 9th Circuit recently affirmed that the government has the right to seize and search, without a warrant, any laptop entering the US. For activists who travel, this is a big deal. Will Yemeni security beat you with a wrench? Yes. Will the US? Not in a US airport. The assumption used to be that the US also wouldn't make copies of your data for offsite inspection just for the hell of it, but they are, some 5000 times in the last five years.

Re:XKCD (0)

Anonymous Coward | more than 3 years ago | (#35771350)

Relevant to this topic:
http://iq.org/~proff/marutukku.org/current/src/doc/sergienko.html

Security? (-1)

Anonymous Coward | more than 3 years ago | (#35770340)

From who? And for what? Why would anyone think their data is so important that anyone else would want it and that it needs encrypting?

Re:Security? (1)

dgatwood (11270) | more than 3 years ago | (#35770864)

Anyone who keeps any of the following on his/her laptop:

  • Government secrets
  • Corporate secrets
  • Any documents with a social security number or other information that could be used for identity theft (e.g. tax documents)
  • Bank account numbers or passwords
  • Credit card numbers or account passwords
  • Other account passwords that could be used to impersonate you (and implicate you)

Remember: identity theft is an equal opportunity crime. Identity thieves don't care if you are rich, poor, man, woman, famous, or obscure.

Re:Security? (2)

Baseclass (785652) | more than 3 years ago | (#35771640)

You're missing the point. whether or not my data is worth compromising (which I whole heatedly believe that it is), is irrelevant.
Setting aside the fact that I may have cached passwords and financial information stored on my hard drive, the fourth amendment [wikimedia.org]
is meant to guard against unreasonable searches and seizures. Since the US government has chosen to ignore the constitution [aclunc.org] , I believe that a "better safe than sorry" approach is quite prudent to say the least. You might want to check if you're currently located in a Constitution Free Zone [aclu.org] as well.

loopback-AES changed recently? (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35770354)

I've had some loopback containers using AES-256 since years and years. Recently after upgrading to Ubuntu 11.04, the same containers no longer will mount, yet I can create brand new ones which work fine. It seems that the old ones are not forward compatible.

Has anyone else noticed this, and if so, what can be done about it? It's really kind of annoying to have to install a whole VM of an older OS just to access my old loopback container files!

Re:loopback-AES changed recently? (1)

St.Creed (853824) | more than 3 years ago | (#35770374)

It's open source. You can write your own code to solve it :)

Re:loopback-AES changed recently? (3, Informative)

Anonymous Coward | more than 3 years ago | (#35770498)

The default cipher and flags changed, be sure to find out what they used to be.

I had this problem too and by setting explicit opt got it working

Re:loopback-AES changed recently? (-1, Troll)

larry bagina (561269) | more than 3 years ago | (#35771172)

loopbacking makes me think of this [point83.com] . No idea on your particular problem, but backwards compatibility isn't a high priority to Ubuntu,

Re:loopback-AES changed recently? (2)

gorilla_au (912640) | more than 3 years ago | (#35771488)

Warning: Link in the post above is NSFW!

I like not having links in the article (0)

Anonymous Coward | more than 3 years ago | (#35770362)

Its not like anybody actually views the article before spouting off their ill-informed opinion about it.

Slashdot (0)

Anonymous Coward | more than 3 years ago | (#35770364)

Where links are now dying so hard that they are being wiped from the timelines.

encfs? (2, Informative)

Anonymous Coward | more than 3 years ago | (#35770394)

Really, no encfs? Used it for years -- works great, never had any hiccups with it.

Re:encfs? (1)

Nerdfest (867930) | more than 3 years ago | (#35771484)

It works really well in conjunction with DropBox or other cloud data services as well.

There can be only one (4, Informative)

RenHoek (101570) | more than 3 years ago | (#35770406)

http://www.truecrypt.org/ [truecrypt.org]

There we go.. I don't understand this is still a question.

Re:There can be only one (1)

Anonymous Coward | more than 3 years ago | (#35770514)

Everyone using Truecrypt would be as bad as everyone using Internet Explorer was. Monocultures are foolish, period. The more targets there are for adversaries to attack, the less likely it is that any of them will be breached.

Re:There can be only one (1, Insightful)

Anonymous Coward | more than 3 years ago | (#35770554)

Because of these reasons:

http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ [privacylover.com]

Don't misunderstand me, I like Truecrypt. But security must also involve trust, and, to date, there is no total transparency about Truecrypt's developers.

Re:There can be only one (1)

metrometro (1092237) | more than 3 years ago | (#35771116)

> But security must also involve trust, and, to date, there is no total transparency about Truecrypt's developers.

Wow, the developers who created regime-threatening encryption software registered their domain at a fake address. The makers of a powerful privacy tool seem to like privacy? Scandal!

Code review or STFU. I don't see what else could matter than what's in the source.

Re:There can be only one (5, Interesting)

Anrego (830717) | more than 3 years ago | (#35770598)

dmcrypt for me!

But yeah, truecrypt and dmcrypt are all people really need to know about. They both do mostly the same thing with slight variation, which people choose is down to preference.

LoopAES is outdated, cryptsetup is a userspace tool linked to dm-crypt, and the other is specialized.

Pretty lame article.

Re:There can be only one (4, Informative)

westyvw (653833) | more than 3 years ago | (#35770962)

I used to set up encryption using fuse and encfs. That worked well enough for me. The problem I have with Truecrypt is that I have to define a file size before hand. Is there a function for Truecrypt to use cowfs or auto resizing files?

Re:There can be only one (1)

TangoMargarine (1617195) | more than 3 years ago | (#35771012)

Is there a function for Truecrypt to use cowfs or auto resizing files?

Yes. I thought "dynamically expanding file" was the default during volume creation?

Re:There can be only one (1)

knifeyspooney (623953) | more than 3 years ago | (#35770986)

You can't encrypt the Linux root filesystem with TrueCrypt. That's where the other tools come in.

Re:There can be only one (0)

Anonymous Coward | more than 3 years ago | (#35771606)

You can encrypt the entire volume with TrueCrypt, isn't that good enough?

Re:There can be only one (2)

knifeyspooney (623953) | more than 3 years ago | (#35771846)

If that volume contains the root filesystem, then you won't be able to boot.

Re:There can be only one (1)

asnelt (1837090) | more than 3 years ago | (#35771004)

The problem is that TrueCrypt is not free software. It is open source but you don't have the freedom to distribute your own modified version. Therefore, there cannot be any community-driven development of TrueCrypt and - unless you can fix things that you don't like yourself - you are subject to the whim of the original developers of TrueCrypt.

Re:There can be only one (3, Informative)

asnelt (1837090) | more than 3 years ago | (#35771046)

Sorry, I just noticed that you can now distribute modified versions of TrueCrypt. They must have changed the license.

Re:There can be only one (0)

Anonymous Coward | more than 3 years ago | (#35771072)

This.

Re:There can be only one (1)

DiSKiLLeR (17651) | more than 3 years ago | (#35771254)

Regarding TrueCrypt, some of the stuff is simple enough. Encrypted filesystem inside a file, or encrypted partition. Okay. I've done enough under linux with mounting filesystems within files and other stuff to understand how that works very easily.

But then... what boggles my mind, is, how do some of the features of full disk encryption even work?

What performs the decryption while the operating system (whether it be windows or whatever) loads?

And how can your system disk be in a half encrypted half not state and still WORK?

Note that TrueCrypt can encrypt an existing unencrypted system partition/drive in-place while the operating system is running (while the system is being encrypted, you can use your computer as usual without any restrictions). Likewise, a TrueCrypt-encrypted system partition/drive can be decrypted in-place while the operating system is running. You can interrupt the process of encryption or decryption anytime, leave the partition/drive partially unencrypted, restart or shut down the computer, and then resume the process, which will continue from the point it was stopped.

There's some technical details on their site, but nothing that explains how that stuff works in particular.

Re:There can be only one (2)

knifeyspooney (623953) | more than 3 years ago | (#35771500)

For whole disk encryption, TrueCrypt installs a driver between Windows and BIOS that provides transparent crypto service to Windows. And it's only for Windows. For Linux whole disk encryption, something like LUKS is needed.

Re:There can be only one (0)

Anonymous Coward | more than 3 years ago | (#35771740)

I used to be a very big believer in truecrypt. But I'm having a major bug using truecrypt under Ubuntu right now. It's impossible to close an open truecrypt volume properly. I'm not the only one suffering http://forums.truecrypt.org/viewtopic.php?t=22692 I can certainly understand there being bugs, it just annoys me that we can't seem to get anyone official to acknowledge this problem.

Re:There can be only one (1)

MikeBabcock (65886) | more than 3 years ago | (#35771816)

I've never understood using truecrypt when you can just use the built-in LUKS feature set.

Re:There can be only one (4, Interesting)

sauge (930823) | more than 3 years ago | (#35771986)

Cross operating system compatibility. I can put something (like my tax info) on a true crypt disk on my Mac, and then email it to my mom (an accountant) who can open it on her windows PC.

Which leads to another benefit, my mom is no system administrator, but she can open a file, enter a password, and double click the file within.

Further more, if I want to deal with it - I can put it on my Linux machines.

Finally, if a technician needs to fiddle with the system, I can unmount the drives and let them in with (less) worry about what they may find. (Tend to deal with health care information.) In other words, I can compartmentalize who can see what.

Here is the link from the submission (1, Informative)

Meshach (578918) | more than 3 years ago | (#35770412)

Where's eCryptfs? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35770504)

eCryptfs is the default disk encryption technology shipping in Ubuntu. You can turn it on from the installer. How does that not make the list? I've never even heard of SD4L.

Re:Where's eCryptfs? (1)

Anrego (830717) | more than 3 years ago | (#35770616)

Possibly because it's a file system level encryption tool vice a full disk encryption tool. Then again, they included cryptsetup which is just a userspace utility for dm-crypt, so I'd chalk this up to just being a lame article!

Hardware encryption? (1)

sunderland56 (621843) | more than 3 years ago | (#35770516)

Isn't everyone concerned about security already using hardware encryption - which is higher performance, and built in to almost every hard drive?

https://secure.wikimedia.org/wikipedia/en/wiki/Hardware-based_full_disk_encryption [wikimedia.org]

Re:Hardware encryption? (0)

Anonymous Coward | more than 3 years ago | (#35770752)

I need to use my 4 5GHz cores for something - might as well be for disk decryption.

Re:Hardware encryption? (1)

Anonymous Coward | more than 3 years ago | (#35770860)

You'd have to trust Seagate, Maxtor, Hitachi & co. to not do something idiotic, such as storing the keys on-disk and NOT sealed to a TPM or somesuch (which they used to do with the ATA security features, and you can get any disk unlocked for a few $$).

And you'd also have to trust them not to have been co-opted by a state government.

I.e, you have to be a dumbass to trust hardware security.

5, really? (0)

Anonymous Coward | more than 3 years ago | (#35770542)

Cryptsetup is user-space configuration tool for dm-crypt ... not exactly my definition of "Linux Disk Encryption Tool"

Honest question about encryption (2)

chucklebutte (921447) | more than 3 years ago | (#35770548)

Yes its wonderful, but what if a user stores his /home on same partition as OS install (bad I know, but happens) and uses encryption? If the OS crashes how can recovery be done of users data? Is there a way to recover encrypted data on a drive? Or is it a double edge sword kind of thing?

Re:Honest question about encryption (-1)

Anonymous Coward | more than 3 years ago | (#35770834)

Simplified answer:

Mount that drive in another computer.
Install the same encryption software (Truecrypt for example)
Start Truecrypt and use it to mount the encrypted folder.
It asks for your encryption password and mounts the folder.
(or the drive if you encrypted your drive, although the process is a tad different)

done

I do this often at work using a SATA to USB adapter

Re:Honest question about encryption (1)

TangoMargarine (1617195) | more than 3 years ago | (#35771036)

TrueCrypt doesn't do folders. It makes encrypted volumes that can either be a file, or a partition.

Re:Honest question about encryption (0)

Anonymous Coward | more than 3 years ago | (#35770952)

If you're smart and used cryptsetup+dm_crypt (in their default modes, even), any proper live-cd can be used to access your data. And damage won't spread from one sector to the next, so as far as recovery goes, you're exactly as bad as if it was not encrypted in the first place.

If you've used something else, I wouldn't know. TrueCrypt really is a good choice only if you have to do Windows, otherwise, you are much better off using cryptsetup+dm_crypt, which are MUCH more difficult to trojan.

I recommend encrypting disks (0)

Black Parrot (19622) | more than 3 years ago | (#35770564)

For most of you this will be obvious, but -

If someone steals you computer (home or laptop) your password is useless to protect it; all they have to do is put your drive in their system and presto, they have access to everything on your disk(s).

And you might be surprised at how many logins are saved on your disk (web pages, mail servers, etc.), and how many are unencrypted or only very weakly encrypted. (For that matter, they can just run the same application using your configuration files, and never have to bother with decrypting anything.)

You should encrypt the disks on every computer. Your boss should require it for computers used for work, and the law should require it for computers that are used by public employees, or even for private-sector companies if they contain personal information about their clients.

How many times have we heard of confidential information on a lost, stolen, or recycled laptop?

And if you're paranoid (you should be), use an open-source encryption tool, to reduce the risk of a back door.

Re:I recommend encrypting disks (1)

MacTO (1161105) | more than 3 years ago | (#35770890)

I usually recommend the opposite. There are cases where encryption is necessary because confidential data is being handled. The flip side is that full disk encryption makes it difficult, if not impossible, to recover data from corrupt file systems or failing hard drives.

Re:I recommend encrypting disks (1)

Black Parrot (19622) | more than 3 years ago | (#35771022)

I usually recommend the opposite. There are cases where encryption is necessary because confidential data is being handled. The flip side is that full disk encryption makes it difficult, if not impossible, to recover data from corrupt file systems or failing hard drives.

I recommend instead making regular backups to a separate disk, also encrypted.

Re:I recommend encrypting disks (1)

MikeBabcock (65886) | more than 3 years ago | (#35771834)

Backups are a better solution than disk recovery.

I don't recover disks anymore, we just reformat and reinstall for everything these days. I can reinstall a Linux box in under an hour and a Windows machine in a bit more. Restoring from backups is simple enough after that.

I don't want data on the drives to be recoverable, because it may not be me doing the recovering.

Submission untouched by human hands (4, Informative)

countertrolling (1585477) | more than 3 years ago | (#35770570)

It's an ad link site [linuxlinks.com] .. Turn off your cookies on these guys..

Information that is provided to advertisers consists of aggregate statistics that we collate. This includes geographical and psychographic* information.

When links are submitted to our site, we request that the sender provides us with their real name and email address.

You know the routine..

*Huh??

left out the obvious choice (2)

jlmsprings (302356) | more than 3 years ago | (#35770596)

Doesn't matter if the link is in the post or not. The article left out luks

Re:left out the obvious choice (2)

93 Escort Wagon (326346) | more than 3 years ago | (#35770862)

Doesn't matter if the link is in the post or not. The article left out luks

No, it didn't.

Trying it now (1)

ALeader71 (687693) | more than 3 years ago | (#35770700)

I bought a cheapie netbook. I'm trying this out now with Ubuntu Alternate. Should be interesting on the Atom based piggie.

Temporary files in memory, not encrypted (1)

loufoque (1400831) | more than 3 years ago | (#35770848)

see subject.

Re:Temporary files in memory, not encrypted (1)

TangoMargarine (1617195) | more than 3 years ago | (#35771056)

I think if you that sentence a verb, it might make a bit more sense.

Re:Temporary files in memory, not encrypted (1)

loufoque (1400831) | more than 3 years ago | (#35771238)

it's not unusual for headlines to be verbless.

Re:Temporary files in memory, not encrypted (1)

TangoMargarine (1617195) | more than 3 years ago | (#35771270)

But replies to them usually need one in order to be cogent.

Re:Temporary files in memory, not encrypted (2)

loufoque (1400831) | more than 3 years ago | (#35771360)

The subject of a message counts as a headline to me.

Re:Temporary files in memory, not encrypted (1)

TangoMargarine (1617195) | more than 3 years ago | (#35772000)

Seriously, what the heck were you trying to say? "Since temporary Windows files exist unencrypted in memory, encrypting your data doesn't help much"? You can encrypt your entire system drive with TrueCrypt, though I don't know if that would have any effect on said temp files.

OS X Corollary? (1)

Dingo.Neal (1904264) | more than 3 years ago | (#35770930)

Anyone care to suggest their top five for OS X? Slap me if that's already covered in another post. - DX

Re:OS X Corollary? (0)

Anonymous Coward | more than 3 years ago | (#35771130)

Truecrypt... Ththat's all

Re:OS X Corollary? (0)

Anonymous Coward | more than 3 years ago | (#35771252)

If you want full disk encryption, you're going to have to pay for it. PGP Corp's seems pretty good.

Re:OS X Corollary? (1)

ogl_codemonkey (706920) | more than 3 years ago | (#35771340)

System Preferences -> Security -> FileVault

Turn it on.

Re:OS X Corollary? (2)

Voline (207517) | more than 3 years ago | (#35771752)

If you're worried that a proprietary framework might be compromised by the Government threatening/bribing Apple into implementing a back door ...

"We can make that FCC investigation into the back-dating of executive stock options go away, Mr Jobs. If you'll cooperate with the government ..."

... or you just want a solution that works better with Time Machine than FileVault does, here is a How-To [blogspot.com] on getting EncFS full-disk encrytion working on Mac OS X.

Nota bene: I have not tried this yet myself.

TrueCrypt Disk Encryption under Linux? (0)

Anonymous Coward | more than 3 years ago | (#35770994)

My understanding (from the TrueCrypt site) was that TC can only encrypt the entire disk (OS and all) for Windows machines. Is this not true?

x x x x (1)

metrix007 (200091) | more than 3 years ago | (#35771994)

xxxxxxxxxxxxx

incomplete list - bitvisor not mentioned (1)

OrangeTide (124937) | more than 3 years ago | (#35772032)

BitVisor [bitvisor.org] is open sourced (BSD licensed). It can provide both disk encryption and transparent VPN/IPsec support to multiple OSes (Win, Linux, ...)

It's a little annoying when people try to make definitive lists, but don't include rather popular options on their list. Do list makers not have Google?

For those who are venerating TrueCrypt: Not Safe (1)

garompeta (1068578) | more than 3 years ago | (#35772098)

Whole disk encryption has a side-channel cracking, which is very trivial.
http://en.wikipedia.org/wiki/Cold_boot_attack [wikipedia.org]
http://it.tmcnet.com/news/2010/03/30/4700389.htm [tmcnet.com]
ANY WHOLE HARD DRIVE ENCRYPTION IS PRONE TO A SIDE-CHANNEL ATTACK.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...