hdd encryption

GK gm5729 at gmail.com
Fri Oct 10 13:28:34 MST 2008


Hey Nathan.

I use encfs/fuse as its built into the kernel, bcrypt and gpg. All run under 
GPL unlike Truecrypt which is Open Sourced but the owner holds the copywrite. 
Meaning they could pull it back, etc. Plus it is not in the Debian repos like 
the other ones.

I have used Luks/LVM but for a laptop its kind of overkill and the idea is to 
me to hide my data I don't want found. Having a boot password to unlock the 
hdd kind of defeats the purpose to me in hiding it. Part of that is because I 
travel and constitutionally I do not have to give my passwords but they can 
still confiscate my laptop regardless. So its hidden and I don't have the 
issue. LVM on a laptop is not worth it because you usually can not add 
another drive at the same time like a desktop.

I use encfs/fuse which has low overhead and is fast. This system is a 
folder/container level encryption. The unhiding/unencrypting is very 
transparent and the container grows as you add/subtract files to it. It's 
built into the kernel and I have not had any problems crossing distributions 
and getting my data back. My base distro though is Debian Lenny. 
sidux-underground has a good artilce on encfs/fuse if you want to look for 
it. A note: make sure you close your container before doing backups of 
you /home because if you don't all your private data WILL be out in the open!

Bcrypt is FOSS and in the Debian repos and if I have used Linux or BSD I have 
been able to get my data to convert/open/close. It is fast, and low overhead. 
This is great for individual files and uses the blowfish technology.

GPG is what I use for signing and encrypting all my emails. I really don't use 
it for much more than that because the CPU cycles are too intensive as files 
grow in size and I don't like to wait. I am not on slow computers either so 
this for me is the strongest factor to not using it wide range. 

Another thing to consider is steghide. Which is hiding a file inside of 
another file. Like say a document inside of a picture. Or a picture inside of 
a PDF or whatever. It's kinda fun and from tests that I have done stegdetect 
has not found anything that I have hidden so hiding something in plain site 
is the key here. ;

Why do I know all this information? I have tried ccrypt, mcrypt and some 
others and they did not do what I wanted them to do. But that does not mean 
that it won't work for you. Is this paranoid? Some may think so. But 
considering the political environment of the USA and it invasions into law 
abiding citizens lives. I'd rather not put up with the hassle. Secondly, 
considering that AZ is #49 in education but #1 in ID theft why do I want to 
just give my data away if some one walks away with my equipment by breaking 
into my house or whatever. This ensures data stays were I want it.

Hope this helps. 

Vi^3PirePengy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081010/241f4f72/attachment.pgp 


More information about the PLUG-discuss mailing list