Ask Slashdot: Tools For Linux Disk Encryption and Integrity? 123
An anonymous reader writes "I have been using Gentoo Linux for a long time now and have always been satisfied with one of its many disk encryption tools: cryptsetup (dm-crypt and LUKS). However, I recently gave FreeBSD a try and, although I concluded BSD is not for me, I was amazed at geli(8), FreeBSD's disk encryption tool. It happens this tool also provides what it calls an 'authentication mode.' Besides encrypting the disk sector-by-sector, it also stores checksums (sha256 in my case) in it on every write. On reads, if the checksum mismatchs, it propagates the error up, resulting in, say, a read() error. Thus I do not have to trust my disk (except of course for the boot partition) any longer: any data inconsistency will be detected before the data is used. Having searched for a long time without answers, I want to ask: is there something similar to this in Linux? Note: Using Btrfs is a valid solution, but is far from stable (got a few oopses during my tests)."
Yep (Score:5, Informative)
You can use IMA (2.6.30 and later) and EVM (2.6.38 and later). :)
Re:TrueCrypt (Score:3, Informative)
Re:TrueCrypt (Score:4, Informative)
Volume encryption?
Why is it needed? Unless you have a requirement that dictates this, there are more ways for volume encryption to fail.
I am surprised no one has mentioned encfs. You could run it in userspace over whatever precious checksumming system your heart desired.
http://www.arg0.net/encfs [arg0.net]
Advantages of pass-thru system vs an encrypted block device
Disadvantages
Re:TrueCrypt (Score:3, Informative)
Nuff said.
also : https://tails.boum.org/support/truecrypt/index.en.html [boum.org]
I'll never say this enough : Don't trust Truecrypt when you have a shitload of similar/better tools that you can actually trust on linux.
I mean just look at this [slashdot.org]