Rashid Jamil

Encrypted filesystems for Linux

Extracted from debian-user Tip provided by John Kuhn I am wondering what is the recommended way to secure a sizeable volume (0.5-2GB) of confidential data such that it is non-retreivable/unusable even in the event that a hacker has gained user level or root access? There are a few encrypted filesystems for Linux. Ones aimed at distributed filesystems (NFS replacements): - "CFS", which has been packaged and is available from non-us.debian.org. - "TCFS", http://tcfs.dia.unisa.it/ I used CFS several years ago and it seemed to work well. My only complaint was that triple DES was a bit slow on my 486/33. Another approach which I am currently using involves patching the kernel to provide kernel level encrypted filesystems. I have updated a patch for kernel 2.0.36 which was originally released in 1996 for kernel 2.0.11. I have gotten good results with this using IDEA encryption on systems ranging from a 486/33 to PII-350. There are now encryption patches available for the new 2.2.x kernels. ftp://ftp.kerneli.org/pub/linux/kerneli/v2.2/patch-int- will add encryption to linux 2.2.1. I have not used this patch yet, but I will give it a try as soon as I update to slink and have a 2.2.x compatible system. When unmounted, the ability to scan the raw partition will not give your cracker any useful information. If they are really determined, they could scan raw /tmp and swap partitions for traces of sensitive data. Whether this is an issue depends on your required security level. When mounted, a root cracker would be able to read the all files on the partition. Mounting the partition requires a passphrase. The kernel approach will require patching and building custom versions of the kernel and mount programs.

Rashid Jamil

About Rashid Jamil -

Subscribe to this Blog via Email :

Thanks for comments.