Five of the Best Free Linux Disk Encryption Tools 135
An anonymous reader writes "Disk encryption uses software to encrypt the entire hard disk. The onus is therefore not on the user to determine what data should be encrypted, or to remember to manually encrypt files. By encrypting the entire disk, temporary files, which may reveal important confidential data, are also protected. Security is enhanced further when disk encryption is combined with filesystem-level encryption. To provide an insight into the open source software that is available, we have compiled a list of five notable disk encryption tools. Hopefully, there will be something of interest here for anyone who wants easy-to-use data encryption and security."
Link? List? (Score:3, Informative)
Or a linked list even?
Re:Link? List? (Score:5, Funny)
Re:Link? List? (Score:5, Informative)
Re: (Score:1)
Can't the editor, "Roblimo," proofread the submission? Isn't that practically their entire function?
Re:Link? List? (Score:5, Interesting)
Can't the editor, "Roblimo," proofread the submission? Isn't that practically their entire function?
Can they? Yes. Do they? No. They don't even run basic spell-checkers as evidenced by multiple finalized submissions. I'd personally be ashamed to put my name to much of the work they produce. If they worked in the other 99.99999% of job positions bearing the title "editor" they would be fired due to poor job performance. In this shitty job market I imagine there are many thousands of people who would be happy to do better.
I don't get to slack like that in my job. If the "editors" here started acting like they were semi-worthy of the title I would seriously consider a paid subscription. Note, I don't expect perfection or anything like that. I just want them to at least try.
They should stop calling themselves "editors". Another title like perhaps "reposters" would be more appropriate and would remove the expectation that they act like, well, editors.
I notice that any post pointing out that the ad-laden blog they chose to link in the summary is one of the worst and least-direct (second-hand or third-hand) sources available for the story, or pointing out that (particularly for book reviews) the story itself is likely a Slashvertisement, well those get very quickly modded to oblivion. And I do mean *quickly*. I wouldn't notice most of them at all except that I browse at -1.
While I cannot prove that it's solely the editors doing that, it is known that editors have infinite modpoints. So I consider it quite plausible, especially considering that I can't be the only user who considers it useful information when someone points out what may be an undisclosed marketing motive. I tend to mod those "Informative" myself so long as they are thoughtful and can back up what they say. I have seen more unlikely things happen, I admit, but I have a hard time imagining that the majority of moderators find such information so objectionable.
Re: (Score:1)
They should stop calling themselves "editors". Another title like perhaps "reposters" would be more appropriate and would remove the expectation that they act like, well, editors.
Even "reporters" gives them too much credit. I think "copy-and-pasters" would be much more accurate.
Re: (Score:2)
He said "reposters", not "reporters". You are as bad at reading as they are.
Re: (Score:2, Funny)
You start paying me to comment, I can guarantee a massive improvement.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
The link works for me in both Chrome and Firefox. I don't have Explorer handy, so I can't test it with that browser.
I'm sorry you're having problems, but I don't see anything wrong.
And yes, I proofread everything and check all links.
Re: (Score:2)
You must have fixed it, because when it first went up there was no link.
Re: (Score:2)
Nope. Didn't touch a thing. But there's no point in arguing. The backend was doing some strange things earlier, but not *that* strange. Another mystery of the Internet.
Re:Link? List? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
The 'submitter' has been updated to reduce the chances of a reoccurrence, though it still might happen.
Goatse (Score:2)
Re: (Score:1)
"Ugh. Goatse. You asshole."
"I hope you die in a fire before you are old enough to contaminate the gene pool."
"Ugh. Goatse. NSFW. Asshole (poster and picture, both)."
"Why the sudden coordinated campaign for Goatse? Is someone making money off this?"
"I did not even bother to look, but this same idiot has been doing this for weeks now. Fuck off asshole."
"Thanks, I'm reading slashdot in class like a good student and just got tubgirl'd."
"you are one dedicated troll."
"Parent should
Best of slashdot editing! (Score:4, Insightful)
Today we bring you the best of slashdot editing. We cut out all the hard parts for you, like links, and real information.
FYI: http://www.linuxlinks.com/article/2011040308270275/DiskEncryption.html
Re: (Score:2)
XKCD (Score:5, Funny)
http://xkcd.com/538/
Re: (Score:3)
That xkcd always amused me.
The only way to really delete something is to encrypt it. Then forget the key.
Going to burn through a few wrenches before you find that out. Too bad most people only have two knees.
Relevant to the topic? I have about a dozen CDs of 'encrypted' Linux files that can no longer be opened. Apparently the old cryptoloop encryption implementation on my particular distro was somewhat buggy. The encrypted file system that was contained in those files could only be opened on the
Re: (Score:1)
Sure that is funny, but that comic isn't as true as you think. The only people who will beat you until you give up the key are those that a) can get away with it, b) know that you have what they want. Criminals who steal hard drives, etc. aren't going to go breaking legs for the encryption keys because they don't know whats on the disk and would likely goto jail for it. Even government agents would have to know that you have what they're looking for, and in the US they aren't likely to be torturing you u
Re: (Score:2)
Sure that is funny, but that comic isn't as true as you think. The only people who will beat you until you give up the key are those that a) can get away with it, b) know that you have what they want. Criminals who steal hard drives, etc. aren't going to go breaking legs for the encryption keys because they don't know whats on the disk and would likely goto jail for it. Even government agents would have to know that you have what they're looking for, and in the US they aren't likely to be torturing you unless you're actually important. They might put you in jail however.
Government agents won't torture you themselves, they will convict you for obstructing their investigation and lock you up for many years with a bunch of violent people. This applies to anyone who doesn't willingly hand over their encryption keys. Most likely it also applies to people who really have forgotten or lost their encryption keys.
Encryption is only protection from unskilled thieves, and agencies who don't want you to know they are watching.
Re: (Score:1)
So, I guess you've not heard about all the FAIL that the US gov't bought itself by waterboarding prisoners? Evidence obtained illegally is inadmissable (in theory).
You ARE important (Score:2)
You are important - once you've been tortured - then your freedom and even life is very embarrassing.
It only takes one idiot with an itchy torture finger and then they can never afford to let you go.
Re: (Score:1)
Yes, but no. The US 9th Circuit recently affirmed that the government has the right to seize and search, without a warrant, any laptop entering the US. For activists who travel, this is a big deal. Will Yemeni security beat you with a wrench? Yes. Will the US? Not in a US airport. The assumption used to be that the US also wouldn't make copies of your data for offsite inspection just for the hell of it, but they are, some 5000 times in the last five years.
Re: (Score:1)
Hey, it used to be $1 wrench in this comic. Inflation finally getting to XKCD?
loopback-AES changed recently? (Score:2, Interesting)
I've had some loopback containers using AES-256 since years and years. Recently after upgrading to Ubuntu 11.04, the same containers no longer will mount, yet I can create brand new ones which work fine. It seems that the old ones are not forward compatible.
Has anyone else noticed this, and if so, what can be done about it? It's really kind of annoying to have to install a whole VM of an older OS just to access my old loopback container files!
Re: (Score:2)
It's open source. You can write your own code to solve it :)
Re: (Score:3, Informative)
The default cipher and flags changed, be sure to find out what they used to be.
I had this problem too and by setting explicit opt got it working
Re: (Score:1)
encfs? (Score:2, Informative)
Really, no encfs? Used it for years -- works great, never had any hiccups with it.
Re: (Score:2)
There can be only one (Score:5, Informative)
http://www.truecrypt.org/ [truecrypt.org]
There we go.. I don't understand this is still a question.
Re: (Score:1)
Everyone using Truecrypt would be as bad as everyone using Internet Explorer was. Monocultures are foolish, period. The more targets there are for adversaries to attack, the less likely it is that any of them will be breached.
Re: (Score:1, Insightful)
Because of these reasons:
http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ [privacylover.com]
Don't misunderstand me, I like Truecrypt. But security must also involve trust, and, to date, there is no total transparency about Truecrypt's developers.
Re: (Score:2)
> But security must also involve trust, and, to date, there is no total transparency about Truecrypt's developers.
Wow, the developers who created regime-threatening encryption software registered their domain at a fake address. The makers of a powerful privacy tool seem to like privacy? Scandal!
Code review or STFU. I don't see what else could matter than what's in the source.
Re:There can be only one (Score:5, Interesting)
dmcrypt for me!
But yeah, truecrypt and dmcrypt are all people really need to know about. They both do mostly the same thing with slight variation, which people choose is down to preference.
LoopAES is outdated, cryptsetup is a userspace tool linked to dm-crypt, and the other is specialized.
Pretty lame article.
Re:There can be only one (Score:5, Informative)
I used to set up encryption using fuse and encfs. That worked well enough for me. The problem I have with Truecrypt is that I have to define a file size before hand. Is there a function for Truecrypt to use cowfs or auto resizing files?
Re: (Score:1)
Is there a function for Truecrypt to use cowfs or auto resizing files?
Yes. I thought "dynamically expanding file" was the default during volume creation?
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:3, Informative)
Re: (Score:2)
Regarding TrueCrypt, some of the stuff is simple enough. Encrypted filesystem inside a file, or encrypted partition. Okay. I've done enough under linux with mounting filesystems within files and other stuff to understand how that works very easily.
But then... what boggles my mind, is, how do some of the features of full disk encryption even work?
What performs the decryption while the operating system (whether it be windows or whatever) loads?
And how can your system disk be in a half encrypted half not state
Re: (Score:2)
Re: (Score:2)
I've never understood using truecrypt when you can just use the built-in LUKS feature set.
Re:There can be only one (Score:5, Interesting)
Which leads to another benefit, my mom is no system administrator, but she can open a file, enter a password, and double click the file within.
Further more, if I want to deal with it - I can put it on my Linux machines.
Finally, if a technician needs to fiddle with the system, I can unmount the drives and let them in with (less) worry about what they may find. (Tend to deal with health care information.) In other words, I can compartmentalize who can see what.
Re: (Score:2)
I can put something (like my tax info) on a true crypt disk on my Mac, and then email it to my mom (an accountant) who can open it on her windows PC.
You really don't have to go to the extreme of mailing your Mac. Just have her use logmein [logmein.com] for instance.
Re: (Score:1)
Check this out:
http://sourceforge.net/projects/stlth/ [sourceforge.net]
It's like Truecrypt but based on dm-crypt, GPL and supports unlimited numbers of hidden volumes.
That's real plausable deniability, unlike Truecrypt.
Re: (Score:2)
This is why [debian.org]. Also, dm-crypt/luks is included with Linux by default and Debian makes it dead simple to setup whole disk encryption on a fresh install; I believe that truecrypt won't work for whole disk encryption for Linux.
All due respect to the truecrypt guys and their work (cross-platform encrypted images are awesome), but the only reason Windows and OSX need truecrypt is because they don't have something like Linux's dm-cr
Re: (Score:2)
With OS X you can use Disk Utility to create encrypted sparse images, which are nicer than Truecrypt volumes for some things. Especially since sparse disk images only take up as much space as what is stored on them. Not cross platform though. :-(
Re: (Score:1)
WTF did you bother to post that?!? Do you seriously believe that adds anything to the discussion, any discussion? Are we voting on an optimum solution? Then yours will be attributed "hearsay from AC", and so won't count.
FFS, do better!
Here is the link from the submission (Score:2, Informative)
Re: (Score:1)
Well do you trust proprietary encryption implementations? I don't.
http://www.rohos.com/2010/02/hardware-encryption-vulnerability-of-kingston-and-sandisk-usb-flash-drives/ [rohos.com]
Where's eCryptfs? (Score:2, Insightful)
eCryptfs is the default disk encryption technology shipping in Ubuntu. You can turn it on from the installer. How does that not make the list? I've never even heard of SD4L.
Re: (Score:2)
Possibly because it's a file system level encryption tool vice a full disk encryption tool. Then again, they included cryptsetup which is just a userspace utility for dm-crypt, so I'd chalk this up to just being a lame article!
Hardware encryption? (Score:2)
https://secure.wikimedia.org/wikipedia/en/wiki/Hardware-based_full_disk_encryption [wikimedia.org]
Re: (Score:1)
You'd have to trust Seagate, Maxtor, Hitachi & co. to not do something idiotic, such as storing the keys on-disk and NOT sealed to a TPM or somesuch (which they used to do with the ATA security features, and you can get any disk unlocked for a few $$).
And you'd also have to trust them not to have been co-opted by a state government.
I.e, you have to be a dumbass to trust hardware security.
Re: (Score:2)
Well do you trust proprietary encryption implementations? I don't.
http://www.rohos.com/2010/02/hardware-encryption-vulnerability-of-kingston-and-sandisk-usb-flash-drives/ [rohos.com]
Honest question about encryption (Score:1)
Yes its wonderful, but what if a user stores his /home on same partition as OS install (bad I know, but happens) and uses encryption? If the OS crashes how can recovery be done of users data? Is there a way to recover encrypted data on a drive? Or is it a double edge sword kind of thing?
Re: (Score:2)
Re: (Score:1)
I recommend encrypting disks (Score:1)
For most of you this will be obvious, but -
If someone steals you computer (home or laptop) your password is useless to protect it; all they have to do is put your drive in their system and presto, they have access to everything on your disk(s).
And you might be surprised at how many logins are saved on your disk (web pages, mail servers, etc.), and how many are unencrypted or only very weakly encrypted. (For that matter, they can just run the same application using your configuration files, and never have to
Re: (Score:2)
I usually recommend the opposite. There are cases where encryption is necessary because confidential data is being handled. The flip side is that full disk encryption makes it difficult, if not impossible, to recover data from corrupt file systems or failing hard drives.
Re: (Score:2)
I usually recommend the opposite. There are cases where encryption is necessary because confidential data is being handled. The flip side is that full disk encryption makes it difficult, if not impossible, to recover data from corrupt file systems or failing hard drives.
I recommend instead making regular backups to a separate disk, also encrypted.
Re: (Score:2)
Backups are a better solution than disk recovery.
I don't recover disks anymore, we just reformat and reinstall for everything these days. I can reinstall a Linux box in under an hour and a Windows machine in a bit more. Restoring from backups is simple enough after that.
I don't want data on the drives to be recoverable, because it may not be me doing the recovering.
Re: (Score:2)
You should encrypt the disks on every computer.
What, even when it's massively inappropriate to do so? I can't think of any circumstances under which I'd ever use even FS encryption, never mind full-disk encryption. Disks are slow enough as it is.
Submission untouched by human hands (Score:4, Informative)
It's an ad link site [linuxlinks.com].. Turn off your cookies on these guys..
Information that is provided to advertisers consists of aggregate statistics that we collate. This includes geographical and psychographic* information.
When links are submitted to our site, we request that the sender provides us with their real name and email address.
You know the routine..
*Huh??
left out the obvious choice (Score:2)
Doesn't matter if the link is in the post or not. The article left out luks
Re: (Score:3)
Doesn't matter if the link is in the post or not. The article left out luks
No, it didn't.
Trying it now (Score:1)
I bought a cheapie netbook. I'm trying this out now with Ubuntu Alternate. Should be interesting on the Atom based piggie.
Re: (Score:1)
I bought a cheapie netbook. I'm trying this out now with Ubuntu Alternate. Should be interesting on the Atom based piggie.
I've done what you describe and would like to share my experience. I've been running ubuntu with a luks encrypted root drive on an atom netbook for over a year on several systems. I've installed luks on internal HD's, external HD's, SD cards and USB sticks. Also I did experiment with further encryption of home directories using ecryptfs.
Using luks does slow your computer and each additional level of encryption adds to this delay. I have no real measurements but I could "feel" the lag and estimate it to be 1
Temporary files in memory, not encrypted (Score:2)
see subject.
Re: (Score:1)
Re: (Score:2)
it's not unusual for headlines to be verbless.
Re: (Score:1)
Re: (Score:3)
The subject of a message counts as a headline to me.
Re: (Score:1)
OS X Corollary? (Score:1)
Re: (Score:2)
System Preferences -> Security -> FileVault
Turn it on.
Re: (Score:3)
If you're worried that a proprietary framework might be compromised by the Government threatening/bribing Apple into implementing a back door ...
Nota bene: I have not tried this yet myself.
Re: (Score:2)
Erm, even the author of that states that these issues are now fixed with Snow Leopard and recommends against using EncFS on OS X.
Also, you can't use EncFS on your whole home dir as it doesn't support some extended attributes that OS X relies on.
Re: (Score:2)
I agree that you might need to look at a proprietary solution for OSX.
PGP (now owned by Symantec) and Guardian Edge (also owned by Symantec) would work.
Pointsec (now owned by Check Point) also supports OSX.
x x x x (Score:1)
incomplete list - bitvisor not mentioned (Score:2)
BitVisor [bitvisor.org] is open sourced (BSD licensed). It can provide both disk encryption and transparent VPN/IPsec support to multiple OSes (Win, Linux, ...)
It's a little annoying when people try to make definitive lists, but don't include rather popular options on their list. Do list makers not have Google?
Re: (Score:2)
Your loss then. It is open source and very well written. It has been mentioned in numerous places before, including on Slashdot. It's often used as a testing ground for security experiments along with Xen. Probably because the code for BitVisor is simpler and easier to hack.
For those who are venerating TrueCrypt: Not Safe (Score:1)
http://en.wikipedia.org/wiki/Cold_boot_attack [wikipedia.org]
http://it.tmcnet.com/news/2010/03/30/4700389.htm [tmcnet.com]
ANY WHOLE HARD DRIVE ENCRYPTION IS PRONE TO A SIDE-CHANNEL ATTACK.
Re: (Score:1)
Re: (Score:1)
But the Passware forensic tool is focused on Truecrypt and Bitlocker Whole Disk Encryption... and it is so trivial that even a trained monkey could do it (aka. IT guy)
Always links (Score:1)
Tool no good for corporate use - Personal use only (Score:1)
These tools are fine for personal use - but not easily adapted to corporate use e.g. PCI DSS. Mandatory requirements for PCI DSS include key management under dual control and split knowledge.
As such, commercial tools still rule in the storage encryption space.
And I'm no programmer, so I can't resolve these shortcomings.
lyalc
Interesting technological support (Score:1)
Re: (Score:2)
Anyone who keeps any of the following on his/her laptop:
Remember: identity theft is an equal opportunity crime. Identity thieves don't care if you are rich, poor, man, woman, famous, or obscure.
Re: (Score:3)
Setting aside the fact that I may have cached passwords and financial information stored on my hard drive, the fourth amendment [wikimedia.org]
is meant to guard against unreasonable searches and seizures. Since the US government has chosen to ignore the constitution [aclunc.org], I believe that a "better safe than sorry" approach is quite prudent to say the least. You might want to check if you're curre
Re: (Score:2)
From who? And for what? Why would anyone think their data is so important that anyone else would want it and that it needs encrypting?
I think my bank account numbers and banking passwords should be kept secret.
I also have a duty to protect any passwords or authentication keys I was trusted with to other people's systems. In fact that one is a condition of employment.