[NBLUG/talk] Crypt Filesystems
Jacob Appelbaum
jake at nblug.org
Tue Jul 25 17:58:32 PDT 2006
David wrote:
> Two systems that I would recommend:
>
> Loop-aes not too difficult to set up, but cannot (or REALLY should not) be used
> with a journaling FS like ext3, so use ext2. Very secure, and is pretty
> transparent once set up.
This isn't true. You can use journaling file systems with loop-aes. The
key (pun intended!) is to not use it on a FILE backed loop. It's fine if
you're doing DEVICE backed loops.
> The other one is a "container" system called Truecrypt; not to difficult to
> setup, works with both windows and linux, and provides for hidden volumes. This
> gives plausible deniability so if someone forces you to reveal the password on
> the outer volume you can have a hidden volume with really sensitive stuff on it.
> Truecrypt is VERY secure.
I've heard good things about truecrypt but I'm not sold just yet. The
mere fact that it works with windows makes me worry. How does it protect
against the keys being written to disk? Does truecrypt provide a method
to encrypt swap space?
Regards,
Jacob
More information about the talk
mailing list