encrypted filesystem

Hi,

as a newbie, I would like to know if there is any way to configure a
server running linux in which I can use strong-encryption (like PGP or
something which is VERY hard to be violeted (like PGPdisk)) which can be
auto-mounted at startup. I wish to be able to access the encrypted data
ONLY with the password or by programs with the privileges to read those
datas. (like the NTFS encryption, which I don't know how much secure is..)

Final question: the speed of this system, would be ok or it would be
compromised?


Thanks!

SiD`

Clinging to sanity, Brad Olin <bwo@bwo1.com> mumbled into her beard:
> On Wed, 26 May 2004 13:27:36 GMT, SiD` <miki28_@T_ngi.it> wrote:
>
>>Hi,
>>
>>as a newbie, I would like to know if there is any way to configure a
>>server running linux in which I can use strong-encryption (like PGP or
>>something which is VERY hard to be violeted (like PGPdisk)) which can be
>>auto-mounted at startup. I wish to be able to access the encrypted data
>>ONLY with the password or by programs with the privileges to read those
>>datas. (like the NTFS encryption, which I don't know how much secure is..)
>>
>
> I have never done this myself, but I have read a few articles about it.
> My suggestion is you do a bit of research yourself. As a linux user,
> new or old, you will find this saves alot of your time and it usually
> provides additional ideas that might be better than your original.
>
> Anyway, point your fav browser to... http://groups.google.com In the
> search criteria box enter something like "linux encrypted disk" for this
> question. There seems to be 100s of articles on this.
>
>>Final question: the speed of this system, would be ok or it would be
>>compromised?

> I'd not sure I understand the question here. My guess is that a
> software encrypted disk would have significant overhead and might
> need additional processor power. A hardware encrypted disk
> controller would be a different story.

AES, Blowfish, and Twofish were designed with a view to being
efficient on general purpose systems, so the overhead should only be
"moderate," as opposed to the "really painful" that is true for 3-DES.

And note that if the disk controller does the work, that is likely to
mean that the whole filesystem is held hostage to the disk controller.
Change controllers and you probably lose all the data. That might not
be what you want...
--
let name="cbbrowne" and tld="ntlug.org" in String.concat "@" [name;tld];;
http://cbbrowne.com/info/linux.html
Rules of the Evil Overlord #156. "If I have the hero and his party
trapped, I will not wait until my Superweapon charges to finish them
off if more conventional means are available."
<http://www.eviloverlord.com/>

SiD` spilled the following:

> Hi,
>
> as a newbie, I would like to know if there is any way to configure a
> server running linux in which I can use strong-encryption (like PGP or
> something which is VERY hard to be violeted (like PGPdisk)) which can be
> auto-mounted at startup. I wish to be able to access the encrypted data
> ONLY with the password or by programs with the privileges to read those
> datas. (like the NTFS encryption, which I don't know how much secure is..)
>
> Final question: the speed of this system, would be ok or it would be
> compromised?
>
AIR encrypted loopback filesystems require a pass-phrase in order to mount
(i.e. it is unlocked when you mount it - not something you would want to
happen un-attended).

Inidividual files can be encrypted using pgp or ssl, and the unix filesystem
and security model can be applied to most cases without resorting to ACLs
(I HATE ACLS!). If allowing un-attended reboots is a must then I suspect
this maybe more apposite to your application than an entire encrypted
filesystem.

Regarding speed - an encrypted filesystem will be slower if you do it in
software - whether the effect will be significant / noticable....we'd need
to know a lot more about the application / hardware / i/o traffic to hazard
a guess.

What NTFS encryption?

C.

Colin McKinnon wrote:

> What NTFS encryption?

He must be talking about the EFS (encrypted file system) in
Win2K/XP.

jmh

> Clinging to sanity, Brad Olin <bwo@bwo1.com> mumbled into her beard:
>>>as a newbie, I would like to know if there is any way to configure a
>>>server running linux in which I can use strong-encryption (like PGP or
>>>something which is VERY hard to be violeted (like PGPdisk)) which can be
>>>auto-mounted at startup. I wish to be able to access the encrypted data
>>>ONLY with the password or by programs with the privileges to read those
>>>datas. (like the NTFS encryption, which I don't know how much secure is..)

>> I have never done this myself, but I have read a few articles about it.
>> My suggestion is you do a bit of research yourself.

Take a look at emacs + crypt++ . This is very convenient for small
files.

Consider using a non-structured filesystem (e.g. ext2) on a floppy
disk with a single file (e.g. image.loop.gpg) on it. Decrypt the
file before mounting with the loop device and after umounting,
encrypt the file and shred(1) the clear version.

>>>Final question: the speed of this system, would be ok or it would be
>>>compromised?

Speed will be impacted, but gpg and other such software tools are
designed to be fast enough that the slowdown should be less than
50% and usually less than 5%.

Hopefully helpful,
--
Dr. Robert J. Meier
Server Vantage Agent Infrastructure

On Wed, 26 May 2004 13:27:36 GMT, SiD` <miki28_@T_ngi.it> wrote:

>Hi,
>
>as a newbie, I would like to know if there is any way to configure a
>server running linux in which I can use strong-encryption (like PGP or
>something which is VERY hard to be violeted (like PGPdisk)) which can be
>auto-mounted at startup. I wish to be able to access the encrypted data
>ONLY with the password or by programs with the privileges to read those
>datas. (like the NTFS encryption, which I don't know how much secure is..)
>
>Final question: the speed of this system, would be ok or it would be
>compromised?
>
>
>Thanks!
>
>SiD`

I am also a Linux newbie also (I got stuck in a bash prompt last night
and couldn't work out how to get back to the gui) . So forgive me if I
am off course here.

Knoppix mib is a cd bootable version of Knoppix that supports
encrypted partitions or containers. It uses AES.

It may or may not be exactly what you want but for a newbie it offers
encryption without having to install anything. It runs from a cd and
wont touch your hard drive unless you tell it to. Your encrypted
container could be a usb device.

Otherwise I think you have to add the encryption functionality to your
own distribution. Something that is beyond my Linux capabilities at
the moment.

http://www.bouissou.net/knoppix-mib/...oppix-Mib.html

I do find however that half the menus are in French even after
starting with lang=en, but coming from someone who gets stuck in bash
prompts it is too early to blame the cd.

Andrew