Encrypted filesystems for Linux

Extracted from debian-user
Tip provided by John Kuhn
> I am wondering what is the recommended way to secure a sizeable volume
> (0.5-2GB) of confidential data such that it is non-retreivable/unusable even
> in the event that a hacker has gained user level or <shudder> root access?
 
 There are a few encrypted filesystems for Linux.
 
 Ones aimed at distributed filesystems (NFS replacements):
 - "CFS", which has been packaged and is available from non-us.debian.org.
 - "TCFS", http://tcfs.dia.unisa.it/
 
 I used CFS several years ago and it seemed to work well.  My only
 complaint was that triple DES was a bit slow on my 486/33.
 
 Another approach which I am currently using involves patching the
 kernel to provide kernel level encrypted filesystems.  I have updated
 a patch for kernel 2.0.36 which was originally released in 1996 for
 kernel 2.0.11.  I have gotten good results with this using IDEA
 encryption on systems ranging from a 486/33 to PII-350.
 
 There are now encryption patches available for the new 2.2.x kernels.
 ftp://ftp.kerneli.org/pub/linux/kerneli/v2.2/patch-int-2.2.1.1.gz
 will add encryption to linux 2.2.1.  I have not used this patch yet,
 but I will give it a try as soon as I update to slink and have a
 2.2.x compatible system.
 
 When unmounted, the ability to scan the raw partition will not give
 your cracker any useful information.  If they are really determined,
 they could scan raw /tmp and swap partitions for traces of sensitive
 data.  Whether this is an issue depends on your required security level.
 When mounted, a root cracker would be able to read the all files on
 the partition.  Mounting the partition requires a passphrase.
 
 The kernel approach will require patching and building custom versions
 of the kernel and mount programs.

Follow-up :
| Previous | Next | Index of category | Main Index | Submit |


Appears in section(s) : security disk kernel
Tip recorded : 21-03-1999 18:11:10
HTML page last changed : 27-07-1999 20:12:20