[Cryptography] Wrong uses of filesystem encryption
grarpamp
grarpamp at gmail.com
Sat Jan 31 18:23:01 EST 2015
On Sat, Jan 31, 2015 at 7:57 AM, U.Mutlu <for-gmane at mutluit.com> wrote:
> Hi, thanks, I know, I just wanted to point to a weak point
> in filesystem encryption if auto-mount gets used, and the
> filesystem/HD/comp gets stolen/seized...
> In such cases the current solutions don't help much; there belongs
> some more steps to cover also these cases.
If you don't want someone to just mount your stuff, then
don't use keys wihout passphrases, that's crypto 101.
All these tools support passphrases. Consider using,
writing, carrying a deadman/blackener/unmount tool.
> BTW, I'm using Linux (Debian 8), currently testing 'cryptsetup'
> and 'cryptmount' for encrypting personal home directory in a
> mountable encryped filesystem file (_not_ whole disk or partition
> encryption).
> Any other alternatives I should check?
All the unix will offer those basics scheme:
[file] - device - crypto - fs - mountpoint
Then you have more varieties and use cases:
https://en.wikipedia.org/wiki/List_of_cryptographic_file_systems
https://en.wikipedia.org/wiki/Filesystem_in_Userspace
https://wiki.freebsd.org/PEFS
And an old hat tip:
http://www.crypto.com/software/
More information about the cryptography
mailing list