[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography
Subject: Re: [Cryptography] Wrong uses of filesystem encryption
From: grarpamp <grarpamp () gmail ! com>
Date: 2015-01-31 23:23:01
Message-ID: CAD2Ti2-4V9tXD_SXYffUewvj51ZCexVq+qRBRNUm3_k4+Y6hiw () mail ! gmail ! com
[Download RAW message or body]
On Sat, Jan 31, 2015 at 7:57 AM, U.Mutlu <for-gmane@mutluit.com> wrote:
> Hi, thanks, I know, I just wanted to point to a weak point
> in filesystem encryption if auto-mount gets used, and the
> filesystem/HD/comp gets stolen/seized...
> In such cases the current solutions don't help much; there belongs
> some more steps to cover also these cases.
If you don't want someone to just mount your stuff, then
don't use keys wihout passphrases, that's crypto 101.
All these tools support passphrases. Consider using,
writing, carrying a deadman/blackener/unmount tool.
> BTW, I'm using Linux (Debian 8), currently testing 'cryptsetup'
> and 'cryptmount' for encrypting personal home directory in a
> mountable encryped filesystem file (_not_ whole disk or partition
> encryption).
> Any other alternatives I should check?
All the unix will offer those basics scheme:
[file] - device - crypto - fs - mountpoint
Then you have more varieties and use cases:
https://en.wikipedia.org/wiki/List_of_cryptographic_file_systems
https://en.wikipedia.org/wiki/Filesystem_in_Userspace
https://wiki.freebsd.org/PEFS
And an old hat tip:
http://www.crypto.com/software/
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic