[Cryptography] Wrong uses of filesystem encryption

U.Mutlu for-gmane at mutluit.com
Sat Jan 31 07:57:36 EST 2015

grarpamp wrote, On 01/30/2015 10:36 PM:
> On Fri, Jan 30, 2015 at 10:33 AM, U.Mutlu <for-gmane at mutluit.com> wrote:
>> What 'best practices' for filesystem encryption are there?
> As other have said, look at what your threat model is and
> your processes. Since you didn't mention an OS, you'd
> need to survey what's out there to match needs. And then
> consider if any of it has been audited by others and/or is
> sufficiently open in line with any expectations there as well.
> https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
> http://www.markus-gattol.name/ws/dm-crypt_luks.html
> https://www.freebsd.org/cgi/man.cgi?query=geli
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
> https://github.com/t-d-k/doxbox
> https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption
> https://en.wikipedia.org/wiki/TrueCrypt
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/crypto.9
> http://www.openbsd.org/papers/asiabsdcon2010_softraid/softraid.pdf

Hi, thanks, I know, I just wanted to point to a weak point
in filesystem encryption if auto-mount gets used, and the
filesystem/HD/comp gets stolen/seized...

In such cases the current solutions don't help much; there belongs
some more steps to cover also these cases.

BTW, I'm using Linux (Debian 8), currently testing 'cryptsetup'
and 'cryptmount' for encrypting personal home directory in a
mountable encryped filesystem file (_not_ whole disk or partition encryption).
Any other alternatives I should check?

More information about the cryptography mailing list