Encrypted volume interaction with Windows...

Thorsten Sick modern_ronin at web.de
Wed Dec 19 17:07:16 UTC 2007


Am Mittwoch, den 19.12.2007, 09:33 -0500 schrieb John Richard Moser:
> 
> Thorsten Sick wrote:
> > Hello List
> > 
> > Am Montag, den 17.12.2007, 11:49 -0500 schrieb John Richard Moser:
> >> In Gutsy, the alternate installer can now create encrypted LVM layouts 
> >> (but with no fancy manipulation tools...).  I am now curious about 
> >> interoperability with Windows for encrypted external drives.
> >>
> >> External hard disks and flash drives using NTFS or FAT32 work in Linux 
> >> or Windows now.  The FreeOTFE program allows Windows to access a LUKS 
> >> partition (NOT LVM) as well.
> > 
> > For data-exchange media I would suggest something that runs on windows
> > out-of-the box (and on ubuntu of course).
> > Either automatically put a driver for windows in a non-encrypted part or
> > use something like the truecrypt traveller mode.
> > 
> 
> truecrypt installs drivers in traveler mode.  So does FreeOTFE in 
> portable mode.  FreeOTFE can read Linux LUKS partitions (which is what 
> dm-crypt uses).
> 
> Truecrypt does not run on windows out of teh box.  If you're not 
> administrator level, you can't use it.  Same with FreeOTFE.

Well I think if you want to "mount" it, there is no way around admin
rights.
I will have to ask a windows guru.

> > A user having encrypted data on a usb memory stick wants to use them on
> > about 99% of the computers he works with. If this is not possible, the
> > user will not encrypt at all.
> > 
> 
> So, they have the same ability on Windows with LUKS or truecrypt, and 
> better on Linux with LUKS.

As long as it works, it's fine with me :-)

> >>  Logically, it would help users with 
> >> encryption needs to have a tool in GNOME to create LUKS-encrypted USB 
> >> flash or hard drives, and request/change the key (file?  Or just 
> >> password?) when gnome-volume-manager detects them.
> > 
> > Maybe automatically ask the user if he wants to encrypt the volume or
> > parts of it as soon as he attaches a new and empty usb device (stick or
> > external hd)
> >
> 
> Every time he attaches it?  "Do you want to destroy all data on this?" 
> That's like asking to format a disk every time it's put in!

- Ubuntu must remember the choices of the user for this special device
(USB ID). So the user will be asked once for every usb drive. the first
time he attaches it.
- There must be space on the device to use (scenario with crypto
container not crypto partition)
I did not think about crypto partitions yet. You are right, data will be
lost to easy if we add a klick-and-delete button.

What about writing own CDs ? We should also add the option "Encrypt all
files on CD" when burning. The british government will love it.


Thorsten Sick

-- 
Thorsten Sick <modern_ronin at web.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071219/ed895b3e/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list