Encrypted Dapper filesystems?
Daniel Carrera
daniel.carrera at zmsl.com
Sat Jun 10 08:21:07 UTC 2006
Carlos Picazzo wrote:
> Recently, I've been thinking more seriously about re-installing my
> laptop and setting up the filesystems on a Dapper install to be
> encrypted. Does anyone have any pros/cons/suggestions about doing
> this? I've looked at
> http://www.ubuntuforums.org/showthread.php?t=120091 and it doesn't sound
> too difficult but was wondering if anyone had any first hand experience
> on setting up and maintaining an encrypted fs and what their thoughts were.
Depending on your threat model you may want to consider True Crypt:
http://www.truecrypt.org/
True Crypt makes an encrypted volume that can be mounted as any disk.
What True Crypt provides and the other doesn't is plausible deniability:
* The volume is indistinguishable from random data.
* The file on the filesystem that represents the TC module can have any
extension (.iso, .png, .raw) or no extension at all. TC leaves no trace
when it accesses this file (the timestamp doesn't change).
* True Crypt volumes do not have a "signature" and they are not listed
on the partition table. Again, it looks like random data (e.g. left over
from when the disk was manufactured).
* Hidden volumes. It may happen that the attacker (e.g. FBI, the mafia)
forces you to give up your password (e.g. through a court order, or a
gun). You can have a hidden TC volume inside a TC volume. You put some
medium-secrecy files in the outside volume and the top-secret files in
the second one. You give the attacker the password for the outer volume
and they never find out that there is another hidden volume. It is not
possible to prove the existence of the hidden volume
Cheers,
Daniel.
--
"It's like a rainbow. Without an observer at a 23 degree angle to
the light reflected a cloud of spherical droplets, there is no
rainbow. The whole universe is like that. Our spirits stand at a
23 degree to the universe." -- Zoya Boone, Red Mars
More information about the ubuntu-users
mailing list