Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Encrypt Filesystems with EncFS and Loop-AES

ScuttleMonkey posted more than 8 years ago | from the no-peeking dept.

63

Linux.com (Slashdot sister site) has a quick look a file encryption using EncFS and Loop-AES as examples before briefly examining other options. From the article: "you can find a number of options for filesystem encryption in Linux exist, depending on your needs. The most important thing when choosing which one to use is to be clear about your needs. Will the size of the files you need to encrypt grow or stay static? Do you need to encrypt certain files or entire partitions? What level of security do you need? Answers to these questions will help determine the most appropriate program to use."

Sorry! There are no comments related to the filter you selected.

Hmmm... (0, Redundant)

Saeed al-Sahaf (665390) | more than 8 years ago | (#14958044)

What level of security do you need? Answers to these questions will help determine the most appropriate program to use...

I see....

Re:Hmmm... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14958142)

No, you don't see... ...but you be gay.

STUPID first post.

Re:Hmmm... (0, Flamebait)

StanVassilevTroll (956384) | more than 8 years ago | (#14958192)

well well. as a troll myself, i'd like to point how retarded this troll is. hey fuckface, they guy is talking about stating the obvious. you are the one who doesn't see. see basic satire. social skills not quite up to par in the real world? got stuffed into lockers a a kid? I'm the mofo that did the stuffing. eat shit loser. I need to go get laid.

Re:Hmmm... (0)

Anonymous Coward | more than 8 years ago | (#14958335)

Lick my balls of their schmegma. I know that he was being """"satirical."""" Now I'm going to go back to making my beer 'cause it's chilled below 140degF.

GOOD DAY, SIR!

And die.

Re:Hmmm... (0)

Anonymous Coward | more than 8 years ago | (#14958437)

You're both fucking idiots. He was being sarcastic. Satire is a different animal entirely! Fucking take a highschool english class or something, fucktards!

Re:Hmmm... (0)

Anonymous Coward | more than 8 years ago | (#14958513)

Different AC here... No, all three of you are idiots! This whole thread is a massive troll which all of you have fallen for.

Re:Hmmm... (0)

Anonymous Coward | more than 8 years ago | (#14958727)

Shut the frell up. You are gay.

Re:Hmmm... (0)

Anonymous Coward | more than 8 years ago | (#14959249)

Worst. First Post Attempt. Ever.
Were you pimping your website, or were you just high at the time?

Re:Hmmm... (0)

Anonymous Coward | more than 8 years ago | (#14959291)

He wasn't high, merely gay.! one

Re:Hmmm... (0)

Anonymous Coward | more than 8 years ago | (#14959539)

Lame FP.

Redundant (0)

Anonymous Coward | more than 8 years ago | (#14962058)

You were fristy pornster and still got a REDUNDANT. Ownage in its finest measures. Now I'm off to masturbate to this coolness.

Performance hit ? (1)

aneeshm (862723) | more than 8 years ago | (#14958074)

How much is the performance hit when using an encrypted filesystem ? How much will filework-heavy tasks impact performance ? I want to know , because I might want to use this on an older system .

For good, easy, root encryption (2, Interesting)

GenKreton (884088) | more than 8 years ago | (#14958125)

I use LUKS (Linux Unified Key Setup) on several of my machines. It is an extension onto cryptsetup and uses dm-cryp instead of loopaes. It is fairly easy to setup and allows for multiple users with different phrases if needed as well as tokens. It has treated me much better than loop aes had in the past.

http://luks.endorphin.org/ [endorphin.org]

eCryptfs (5, Informative)

omnirealm (244599) | more than 8 years ago | (#14958174)

Don't forget this new competitor: eCryptfs, mostly written and supported by IBM, and fully GPL:

http://ecryptfs.sf.net/ [sf.net]

It's all in the kernel, which means that shares memory mapping work (unlike userspace filesystems), and it keeps metadata on a per-file basis, which is *really* nice for things like incremental backup utilities.

Going nowhere slowly (0)

Kjella (173770) | more than 8 years ago | (#14958182)

I threw together the following quick script to allow you to mount and unmount the EncFS encrypted filesystem easily:

I think that pretty much summarizes the state of encryption on Linux. Yes, it can be done if you hack around with it, and has been so for a long time. Let me know when LUKS (Linux Unified Key Setup)/dm-crypt or any other of these tools can actually make a simple out-of-the-box GUI which is usable. To dick around on the command line and writing scripts to do that went out of fashion about the same time you stopped doing it for normal disks.

Re:Going nowhere slowly (2, Informative)

Trelane (16124) | more than 8 years ago | (#14958241)

Let me know when LUKS (Linux Unified Key Setup)/dm-crypt or any other of these tools can actually make a simple out-of-the-box GUI which is usable.
Sir/Ma'am? It's time [fubar.dk] .

Is it? (0)

Anonymous Coward | more than 8 years ago | (#14961188)

From that link: "We still need some UI for setting up volumes..."

Which sounds to me like: if you've already gone to the effort to figure out how to set it up by hand, we'll make it less painful for you to use it, but if you're not a filesystem-encryption geek and just want to click a button to encrypt all your files [apple.com] , you're still SOL.

And that's basically what the GP was complaining about. I'm with him: wake me when I can click one button and be done.

Re:Going nowhere slowly (1)

rduke15 (721841) | more than 8 years ago | (#14959726)

Let me know when [...] any [...] of these tools can actually make a simple out-of-the-box GUI which is usable.

You have a GUI on your server? I don't. If it needs a GUI it would sound pretty UNusable for me.

Of course a GUI could make it easier for casual encrypting on my desktop, but I have nothing worth encrypting on my desktop...

Re:Going nowhere slowly (1)

Kjella (173770) | more than 8 years ago | (#14960582)

You have a GUI on your server? I don't. If it needs a GUI it would sound pretty UNusable for me.

Some of us lazy bums do X over SSH to the server, at least the one I have at home. At work I end up using MSTSC a lot, no *nix there. Sure, I *can* try to do obscure stuff over SSH but it is usually faster (person time, not machine time) to use a GUI for those odd changes I do only once in a while, and setting up encryption certainly qualifies. At least with some of the more important data, I like to keep it both places for back-up so I'd want it encrypted both places.

Re:Going nowhere slowly (0)

Anonymous Coward | more than 8 years ago | (#14960735)

Ummm.. then why the hell are you even using Linux. If you can't deal with the CLI, you have no business using Linux. Go back to Windows. Cretin.

Encfs (2, Interesting)

toad3k (882007) | more than 8 years ago | (#14958229)

Encfs is great, if you are x86. I made the mistake of unmasking it on gentoo amd64 and it flipped out and I ended up sorting through 300+ files in my l+f directory from my corrupted partition. But for x86 it is very convenient, I highly recommend.

Re:Encfs (1)

niskel (805204) | more than 8 years ago | (#14958286)

I use encfs every day on my ~amd64 Gentoo system with absolutely no problems whatsoever. And secondly, how on earth did you corrupt a partition using encfs? Encfs is a layer on top of an existing filesystem. Methinks you may have tried using it a little... strangely.

Re:Encfs (1)

toad3k (882007) | more than 8 years ago | (#14958677)

Here's what I did. encfs -i 10 dir dir

After 10 minutes, it auto unmounted itself, and then all my terminals responded with input/output errors. Of course, I can't reboot normally if I can't run any commands, so I had to cut the power. And when I had to cut the power with reiserfs that is where the corruption came from.

This happened several times, but I didn't realize it was encfs causing it because it would happen 10 minutes after I stopped using my crypt directory.

Anyways, about the 4th time it happened, my computer had been running awhile, and the reboot corrupted every file that was in use, including every file in the crypted dir, and fubared firefox, /etc/hosts was gone, and 250 other files that I never found out what they did, but didn't seem to prevent anything from working.

Why I'll never use kernel level encryption again (2, Informative)

brunes69 (86786) | more than 8 years ago | (#14958266)

I had a parition (approx 80 GB of data) encrypted via loop-AES in kernel 2.4. After the upgrade to kernel 2.6, I found I was unable to mount the partition correctly, unless I specified a depricated option when building the crypto loop tools.

After doing so, I mounted the parition and everything proceeded normally...

That is until a few months later when I upgraded my system again. Suddenly my parition was unreadable, and the previous option did not work in cryptoloop anymore. I posted for weeks on boards and IRC channels trying to decrypt this data, but no one could help me.

So in the end I gave up on it.

After that nightmare I am never using kernel-level decryptuon again. The fact that the routines lie in the kernel, but the utilities in userspace, makes for a maitence nightmare when you end up upgrading one but the other. From now on all my encryption options will be userspace *only*.

Re:Why I'll never use kernel level encryption agai (5, Informative)

sholden (12227) | more than 8 years ago | (#14958634)

Why bother waiting so long:

1. boot into the old kernel/backout the upgrade.
2. Mount encrypted filesystem and copy data elsewhere
3. Create encrypted filesystem such that you don't get deprecated warnings.
4. Copy the data back.

I really can't understand continuing with something marked deprecated anyway - certainly not doing an upgrade while doing so. What do you think deprecated means? I'd be doing steps 2-4 as soon as the deprecated option was needed.

Re:Why I'll never use kernel level encryption agai (1)

caluml (551744) | more than 8 years ago | (#14958826)

2. Mount encrypted filesystem and copy data elsewhere

See the problem there?

Please follow all of the steps in order. (1)

Eric S. Smith (162) | more than 8 years ago | (#14958917)

2. Mount encrypted filesystem and copy data elsewhere
See the problem there?

Only because you snipped out his first step, which was to boot with the old kernel. I presume that something prevented you from doing so.

Re:Please follow all of the steps in order. (0)

Anonymous Coward | more than 8 years ago | (#14959206)

Maybe he has no 80GB to spare.
I have about 850GB of encrypted FS under SuSE 9.2, have learned that the encryption mode has changed in newer versions and I need to use some hack to still use the old mode under SuSE 10.0, and I am fearing I will run into the same problem sometime.

Wouldn't it be possible to convert the data in-place? I really don't want to buy so many GB of extra diskspace just to convert the filesystems...

Re:Please follow all of the steps in order. (1)

RedWizzard (192002) | more than 8 years ago | (#14961199)

80GB drives are stupidly cheap these days. If he isn't prepared to spend what is well under $100 to recover his data then he obviously doesn't value it much.

Re:Please follow all of the steps in order. (1)

caluml (551744) | more than 8 years ago | (#14962814)

No, it's the "copy data elsewhere" that perhaps he's having the problem with. What if it's a laptop, which is common type of system to run an encrypted filesystem on? Perhaps he doesn't have any other machines, and it's pretty tricky to hook up a second drive to a laptop.
I mean, I have no problem with it - boot with rescue CD/roll back to working kernel ver, copy drive to another drive, upgrade kernel, start new encryption system, copy data back from second drive. Yes, it's fairly simple. But if you don't have the knowledge/spare system resources to do it, it's not so easy.

Re:Why I'll never use kernel level encryption agai (1)

sholden (12227) | more than 8 years ago | (#14959016)

No.

Backing out the upgrade shouldn't be difficult. At the very worst you install whatever version it was on a UCB pen drive and boot from it... (or CD-R or HDD or whatever you have available). The old rescue disk might even be good enough...

But as I said deprecated means what it says, doing an upgrade when you are relying on something marked deprecated is pretty foolish - unless you checked the release notes to make sure they say it hasn't been removed of course.

Re:Why I'll never use kernel level encryption agai (1)

brunes69 (86786) | more than 8 years ago | (#14959731)

It's easy to say this when it isn't you with the problem.

You will just have to trust me when I say that I tried every single method at my disposal, every combination I could figure out of kernel / cryptoloop, to try to decrypt this data. I even tried reverse-enginerring the source to the decryption modules myself to try to get some kind of a command-line thing going.

All I can figure is I was using some weird odd combination of cryptoloop and kernel thay should not have worked, but did. Then I lost it all.

As for "I really can't understand continuing with something marked deprecated anyway " - again that's easy to say, but hard to avoid in practice, when you have nowhere to copy the data to in order to change the parition, and no time to do it in.

I pity someone else who I found on a forum who was in my exact same situation, and had a 600 GB RAID array they could not access

Needless to say, I an *NEVER EVER* using linux kernel encryption again. If I do this again, I will use TrueCrypt or some other third-party level encryption which can be decrypted from the commandline if need be, so I can burn the needed utilities to a backup CD.

Re:Why I'll never use kernel level encryption agai (1)

sholden (12227) | more than 8 years ago | (#14960437)

If you have no where to copy the data then clearly you also have no backups in which case the data clearly isn't worth a lot to you anyway. When a disk I ordered the other day finally arrives I have the fun task of moving a bunch of data around in order to turn the drives into RAID-5 - I don't have enough disk elsewhere for all the meantime and the disk it's currently on is to be part of the RAID... So all the stuff I don't use/care about too much is just going to stay on the 40 or so DVDs it's also on while the stuff I use gets transferred to a smaller drive and copied back after the conversion. I'd add encryption to the RAID volume, but I don't think the tiny little device running it with it's 32MB of RAM and underpowered CPU would like it :)

Yes restoring backups is a PITA, but less time than hoping for forum answers to questions of the form "I used this deprecated format and upgraded my system and the deprecated format was removed and now I can't access the data, how do I get it back?"...

I'd be annoyed too if I did such a thing to myself, but seriously doing an upgrade when your actively using something marked deprecated just isn't something you do. At least not without making the procedure roll backable (by copying / somewhere else and keeping the old kernel around so you can boot them together, for example). Staying away from kernel/user space combinations is perfectly reasonable, but so is just making sure you don't stay with deprecated features through an upgrade.

Also I see no reason why you couldn't make a bootable CD with the right kernel and user space to get at the data if such an upgrade disaster occurs.

Re:Why I'll never use kernel level encryption agai (1)

brunes69 (86786) | more than 8 years ago | (#14960674)

If you have no where to copy the data then clearly you also have no backups in which case the data clearly isn't worth a lot to you anyway

Ever think that maybe I don't have a secure location to keep these backups?

If you're backing up encrypted data in an unencrypted form, you'd better be moving it off site to some very secure location. In my case I can't really justify any kind of budget for this @ my house.

If you're talking about backing up the *encrypted* data, then it's all moot since it would not have helped me anyway.

Re:Why I'll never use kernel level encryption agai (1)

RedWizzard (192002) | more than 8 years ago | (#14961189)

If you're talking about backing up the *encrypted* data, then it's all moot since it would not have helped me anyway.
What sholden is saying is that if you have a backup (encrypted or not) then you have room to put the data while you upgrade. Why could you not have done:
  1. Revert upgrade of kernel
  2. Copy encrypted data to backup, unecrypting as you go (i.e. back it up unencrypted)
  3. Upgrade kernel
  4. Trash old encrypted partition and replace with whatever you want to use now
  5. Restore backup, encrypting as you go
  6. Back it up again, this time encrypted
For that matter, why could you not have just downgraded the kernel and stayed on the old version?

Re:Why I'll never use kernel level encryption agai (1)

sholden (12227) | more than 8 years ago | (#14961530)

Well you could use a different encryption system for backups. In fact you're likely to unless you have some fancy filesystem which lets you track changes or if you are doing non-incremental backups all the time. Personally I use duplicity for encrypted backups (and would do so from an encrypted file system too - you really want to be able to diff the unencrypted data and then encrypt the backups seperately).

Re:Why I'll never use kernel level encryption agai (1)

gnud (934243) | more than 8 years ago | (#14958717)

In stead of giving up on it, why didn't you just downgrade, decrypt, and upgrade again?

Re:Why I'll never use kernel level encryption agai (1)

ancientt (569920) | more than 8 years ago | (#14978336)

Or you could try my personal favorite, once mounted (and files no longer appear encrypted) then encrypt them on a file level with a daily/weekly job to backup. Personally I favor tape, 40-120GB backups encrypted with gpg, but you can use whatever you find cheapest/handy. No, if you have a serious crash, doing this doesn't keep it from sucking, it just keeps the suckiness to minimum.

That way your backups are mostly secure even if your physical security is second rate or gets beaten, but you still get the security and convenience of an encrypted file system.

Re:Why I'll never use kernel level encryption agai (1)

riflemann (190895) | more than 8 years ago | (#14959001)

Don't use a relatively "proprietary" crypto then. By proprietary, I mean "highly dependent on the running kernel and system". Linux kernel encryption is tough as it's changing regularly. I've avoided it.

Instead I use Truecrypt which gives kernel level encryption but is far more platform independent, and hence by extension needs to be more stable.

Works via a kernel module, but also the same encrypted "partition" (actually a file or partition) can be read and written to in Linux or Windows. Excellent for dual-booting systems.

And because it's a module independent of the main kernel tree, you're not likely to get caught out when Linus changes the crypto that gets included in the kernel.

Re:Why I'll never use kernel level encryption agai (-1, Troll)

Homology (639438) | more than 8 years ago | (#14959380)

Don't use a relatively "proprietary" crypto then. By proprietary, I mean "highly dependent on the running kernel and system". Linux kernel encryption is tough as it's changing regularly. I've avoided it.

You could also say "shoddy and badly engineered code" that put users data at risk. This reminds me why I stopped using Linux and started using OpenBSD a few years ago.

Re:Why I'll never use kernel level encryption agai (1)

cayenne8 (626475) | more than 8 years ago | (#14960202)

"Instead I use Truecrypt which gives kernel level...can be read and written to in Linux or Windows."

I've been looking at Truecrypt...but, I'm under the impression that you can NOT create partitions with it under linux...only can create under windows...

Is this true?

Re:Why I'll never use kernel level encryption agai (1)

QCompson (675963) | more than 8 years ago | (#14961074)

Alas, this is true. You also have to rebuild it every time you upgrade the kernel. I believe the truecrypt developers are planning on including a way to create partitions/containers in a future version (also a gui front-end).

Using encryption suggests criminality (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14958316)

What is so important that you Linux hippies feel the need to encrypt? Do you have something to hide? It's kiddy porn, isn't it? Be honest! I for one am glad that Microsoft doesn't help out the terrorists and pedophiles in their illegal activity. Their encrypting filesystem includes numerous backdoors to assist law enforcement. I just wish the OSS community would do the same.

Re:Using encryption suggests criminality (5, Insightful)

cyber0ne (640846) | more than 8 years ago | (#14958416)

What is so important that you Linux hippies feel the need to encrypt?

I may be a Linux user, but if anyone thinks I'm a "hippie" then they really need to re-define the term.

Do you have something to hide?

Maybe, maybe not. Either way, it's none of your business or anybody else's.

It's kiddy porn, isn't it? Be honest!

<sarcasm>You know, if kiddie porn is such a problem on the internet, how come I can never find any?</sarcasm>

I for one am glad that Microsoft doesn't help out the terrorists and pedophiles in their illegal activity.

So am I. We don't want their kind of "help."

Their encrypting filesystem includes numerous backdoors to assist law enforcement.

Case in point.

I just wish the OSS community would do the same.

Simple enough. Write your own. Make it as terrible as you want. Post the source on Sourceforge. Then the "OSS community" will have done the same. It won't be very popular, but it'll be there.

In all seriousness, it's not about hiding criminal activity. Honestly, the current state of US politics (that is, after all, where I live) kind of scares me. I may not be engaging in illegal activity now, but how many of my current activities will be considered illegal in the future? The last thing I need is for some "law enforcement" entity to go grepping my emails and IM logs looking for something to pin on me.

I have nothing to hide. I also have nothing to share. Nothing to see here, please move along.

Re:Using encryption suggests criminality (1)

temojen (678985) | more than 8 years ago | (#14958623)

In all seriousness, it's not about hiding criminal activity. ... The last thing I need is for some "law enforcement" entity to go grepping my emails and IM logs looking for something to pin on me.

Not to mention some thief* rifling through my financial info.

*) could be a thief with a warrant. Or who doesn't need one under some future law. Presence of a warrant does not insure that the individual law enforcement officer is honest.

Ask a silly question... (0)

Anonymous Coward | more than 8 years ago | (#14961225)

<sarcasm>You know, if kiddie porn is such a problem on the internet, how come I can never find any?</sarcasm>

<sarcasm>That's the problem!</sarcasm>

Re:Using encryption suggests criminality (1)

babbling (952366) | more than 8 years ago | (#14958510)

What is so important that you Linux hippies feel the need to encrypt? Do you have something to hide? It's kiddy porn, isn't it? Be honest! I for one am glad that Microsoft doesn't help out the terrorists and pedophiles in their illegal activity. Their encrypting filesystem includes numerous backdoors to assist law enforcement. I just wish the OSS community would do the same.

Mr President, is that you? What are you doing on the internet?

Re:Using encryption suggests criminality (0)

Anonymous Coward | more than 8 years ago | (#14959028)

Mr President, is that you? What are you doing on the internet?

Ummm, you misspelled interweb.

Re:Using encryption suggests criminality (0)

Anonymous Coward | more than 8 years ago | (#14959790)

I am just checking out my new rig that Bill gave me. Apparently it is called Windows 95. Sweet!

Re:Using encryption suggests criminality (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#14960673)

I'll bite.

My work requires me to have data which my clients consider confidential. I encrypt this in case my laptop is stolen.

Re:Using encryption suggests criminality (1)

bigmouth_strikes (224629) | more than 8 years ago | (#14962381)

If "using encryption suggests criminality", what does posting anonymously suggest ?

Re:Using encryption suggests criminality (0)

Anonymous Coward | more than 8 years ago | (#14962866)

l33t hax0r sk1llz 0bvi0usly!! OMFG n00b, duh.

Re:Using encryption suggests criminality (2, Informative)

Technician (215283) | more than 8 years ago | (#14962945)

What is so important that you Linux hippies feel the need to encrypt? Do you have something to hide?

Yes I do have something to hide.

For starters to prevent banking identity theft, I use various passwords instead of a publicly searchable mother's maiden name.

First thing to hide is the list of all my CC's, expiration dates, phone numbers to call in case of theft, and the password used for each instead of mother's maiden name.

Second is past years Turbo Tax tax returns. Those are a gold mine for identity thieves including SSN DOB Dependants Property address etc. You bet that goes into encrypted storage.

3rd is Website log-ins. I visit Slashdot often enough to remember my password. The same is not true for my UBS account.

4th is a central repository of registered software including ID number and keys.

5th is a property inventory list including make model serial number date of purchase etc. You many not be interested in my laptop serial number, but I don't need anyone with an axe to grind listing it with the local police as stolen. Can you prove you own your laptop if someone else lists it as stolen? If it is stolen, can you provide a list including model, serial number for both police and insurance?

This is not a complete list.

Just what do you have on your computer that you don't mind me looking into?

I'm sure there is something you'd rather not have public.

Re:Using encryption suggests criminality (1)

fmachado (89905) | more than 8 years ago | (#14963859)

Nope. Imagine a voting machine. Would you like to have someone to know the votes casted in that machine cause someone stole or messed or just had access to the machine? I would not like it, for sure.

Or would you love to have a ATM easily hackable to someone put a keylogger/trojan there so he can have all your banking passwords along with complete card data enough for an atacker rebuild a fake card with everything working perfectly (and your bank account going down real fast)?

I could continue on that for an enormous amount of time but I would really love that your comment would be just a joke. If USA was not so important (in military terms) and without crazy enough people in command to really think they are the blessed ones that need to conquer the world to impose their (lack of) vision, I would say that the rest of the world just encrypted anything with an algorithm that USA would not be allowed to use and we would really see if encryption was not usefull. But half the USA citizens blindly believe on these lies and the other half doesn't care even to know about it and I don't know which is worse.

I don't want a government saying what I can do with MY files. They are mine. It's not government business if I'm storing all the emails I wrote to some women I may be seeing in parallel of my wedding (just joking, hope wife does not believe in it, it's a joke), it's not their business also if someone store the medical receipts of their anti-AIDS cocktail in an easily searchable file for reference, it's not their business to access any private file we have. Sure, crime can be registered in these files and we would never have access to it and ease a prosecution but crime is just a very SMALL percentage of the activities that happens in the world, not the norm. The exception cannot govern the norm, it's basic as that.

Man, that kind of comment about hoping government access people files is creeping, too much orwellian for my taste.

Compatible with MacOS X FileVault? (2, Insightful)

tji (74570) | more than 8 years ago | (#14958438)

MacOS includes this functionality, in what sounds like a very similar manner. It can create a disk file, which is AES encrypted, and you can mount like any other disk. They also have the option of encrypting your whole home directory, but I've heard of people having problems with that..

Which, if any, encrypted Linux filesystems are compatible with MacOS's filevault?

Re:Compatible with MacOS X FileVault? (0)

Anonymous Coward | more than 8 years ago | (#14958781)

None of the linux alternatives include the mandatory backdoor to be built in, so the answer is none :P

I'm joking about the requirement.... or am I? You can't be sure. We can be.

Re:Compatible with MacOS X FileVault? (0)

Anonymous Coward | more than 8 years ago | (#14959216)

Which, if any, encrypted Linux filesystems are compatible with MacOS's filevault?

It's prpbably better to port one of the opensource solutions to MacOS than the other way around. Since OS X isn't open source.

Dynamically sized encrypted filesystem (0)

Anonymous Coward | more than 8 years ago | (#14958564)

What I would like to see is an encrypted filesystem that does not require pre-allocating a certain amount of space whether it is used or not. The major problem with loopback filesystems for encryption is that the file must be the maximum size you intend to use, even if you are only only using a small fraction of the maximum size at the time. I would be willing to use an encrypted filesystem if it worked more like Vmware's disk images, which grow and shrink as data is added and deleted.

Re:Dynamically sized encrypted filesystem (2, Insightful)

niskel (805204) | more than 8 years ago | (#14958751)

Did you RTFA? (this is Slashdot, stupid question) This is what the whole purpose of EncFS is, you don't need to pre-allocate a set amount of disk space.

dm-crypt rocks (0)

Anonymous Coward | more than 8 years ago | (#14960910)

dm-crypt rocks. I use it to encrypt the /home filesystem on my laptop. So if the laptop is ever lost or stolen, my data will not be available to whoever has it.

The /home partition is rsync'ed nightly to my fileserver at home so if I do lose the data, I've lost less than 24 hours of it.

Re:dm-crypt rocks (1)

QCompson (675963) | more than 8 years ago | (#14961083)

Hopefully none of your sensitive data is leaked into /var, /tmp, or swap.

When Encryption Makes Sense (1)

VincenzoRomano (881055) | more than 8 years ago | (#14962550)

Encryption on servers makes sense when they can be physically accesses or seized.
In my opinion, the number of servers physically seized is too low to bother about FS encryption. Infact when in use in a network server, all those files get somehow unencrypted to be sent over the network.
And, AFAIK, almost all the intrusions, data thefts and the likes happen without accessing the actual file blocks on the disks.
So, where are the FS encyption technologies supposed to be expoited?
I see one area: mobile computing and communication. That is laptops, palms, smartphones, portable media like USB keys etc.
Here the encryption is very important for the sake of privacy as all those piece of hardware are very often subject to be stolen or lost. And here the effectiveness and the efficiency of the encryption technology is very important because of the reduced computing resources involved.
But maybe I'm wrong! :-)

Seen, forgotten... (1)

mikelang (674146) | more than 8 years ago | (#14962858)

The problem is to have one solution that Works For Me(TM), and Is Fast and Stable...
Only LoopAES is in mainstream kernel right now and most people don't like partition meddling at all.
I dream about one-click in a Konqueror menu "Encrypt this folder".
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?