[Cryptography] Wrong uses of filesystem encryption
for-gmane at mutluit.com
Sat Jan 31 07:57:36 EST 2015
grarpamp wrote, On 01/30/2015 10:36 PM:
> On Fri, Jan 30, 2015 at 10:33 AM, U.Mutlu <for-gmane at mutluit.com> wrote:
>> What 'best practices' for filesystem encryption are there?
> As other have said, look at what your threat model is and
> your processes. Since you didn't mention an OS, you'd
> need to survey what's out there to match needs. And then
> consider if any of it has been audited by others and/or is
> sufficiently open in line with any expectations there as well.
Hi, thanks, I know, I just wanted to point to a weak point
in filesystem encryption if auto-mount gets used, and the
filesystem/HD/comp gets stolen/seized...
In such cases the current solutions don't help much; there belongs
some more steps to cover also these cases.
BTW, I'm using Linux (Debian 8), currently testing 'cryptsetup'
and 'cryptmount' for encrypting personal home directory in a
mountable encryped filesystem file (_not_ whole disk or partition encryption).
Any other alternatives I should check?
More information about the cryptography