LinuxSA Mailing list archives

  From: Net Media Solutions <john@vodka.lynx.net.au>
  To  : nickelodeon@heaps.fully.cx
  Date: Wed, 15 Sep 1999 11:47:00 +0930 (CST)

Re: Encryption (was Re: Linux Console Security)

> There's a filesystem type you can add to your collection that actually
> encrypts the entire filesystem on the drive.  ie - if you stole someone's
> encrypted disk and put it in your own machine, you'd need that $99,999
> machine to crack it open in a hurry.  They'd see garble.

	The crypto extensions to the loop device.
	Lets you use 128-bit IDEA, 56-bit DES (very slow), or xor (*gasp*).xa,
	with passphrases up to 128 characters.
	It runs on 2.0.36/37 kernels, yet to be ported to anything newer.
	Should also really have something like blofish/twofish (faster than 
	IDEA, bigger keysizes --  another AES candidate).

	Then there's CFS, which I believe is being maintained regularly. 
	AFAIK, however, you need to use non-standard versions of certain 
	unix commands (like mkdir etc).

	There's one other one out there, also...

> you'll have is in RAM, or in swap.  And I'm sure there's a way to make sure
> it doesn't ever go to swap.  Is there?  *shrug*  It's an interesting concept
> and will probably be fun to play with :)

	mlock(2) will prevent pages of memory from being swapped out. Only 
	root can utilise this, for obvious reasons, however.

Jb

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject