[NBLUG/talk] Crypt Filesystems

[David]

Jacob Appelbaum wrote:
> 
> This isn't true. You can use journaling file systems with loop-aes. The
> key (pun intended!) is to not use it on a FILE backed loop. It's fine if
> you're doing DEVICE backed loops.
You are correct that it can be used on DEVICE backed loops, but write cache on
the drive must be disabled, a minor performance slow down but usually worth the
security.

>> The other one is a "container" system called Truecrypt; not to difficult to
>> setup, works with both windows and linux, and provides for hidden volumes.  This
>> gives plausible deniability so if someone forces you to reveal the password on
>> the outer volume you can have a hidden volume with really sensitive stuff on it.
>>  Truecrypt is VERY secure.
> I've heard good things about truecrypt but I'm not sold just yet. The
> mere fact that it works with windows makes me worry. How does it protect
> against the keys being written to disk?
Truecrypt attempts to lock the cached passwords and encryption keys in memory so
that data is not leaked to paging files.  Because there is no way to garentee
the memory locked will not get passed to the paging file they recommend for
really sensitive things the paging file is disabled.  Note that this is not a
problem in linux.

  Does truecrypt provide a method
> to encrypt swap space?
No, truecrypt does not encrypt a whole partition or disk or file system.  It
lets you create a virtual filesystem in a file (container) that you can then
mount.  Therefore it cannot encrypt the swap partition.

~David~

> Regards,
> Jacob
> 
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>