[Cryptography] Wrong uses of filesystem encryption

grarpamp grarpamp at gmail.com
Sat Jan 31 18:23:01 EST 2015

On Sat, Jan 31, 2015 at 7:57 AM, U.Mutlu <for-gmane at mutluit.com> wrote:
> Hi, thanks, I know, I just wanted to point to a weak point
> in filesystem encryption if auto-mount gets used, and the
> filesystem/HD/comp gets stolen/seized...
> In such cases the current solutions don't help much; there belongs
> some more steps to cover also these cases.

If you don't want someone to just mount your stuff, then
don't use keys wihout passphrases, that's crypto 101.
All these tools support passphrases. Consider using,
writing, carrying a deadman/blackener/unmount tool.

> BTW, I'm using Linux (Debian 8), currently testing 'cryptsetup'
> and 'cryptmount' for encrypting personal home directory in a
> mountable encryped filesystem file (_not_ whole disk or partition
> encryption).
> Any other alternatives I should check?

All the unix will offer those basics scheme:
[file] - device - crypto - fs - mountpoint

Then you have more varieties and use cases:

And an old hat tip:

More information about the cryptography mailing list