Encrypted Volumes for Linux and Windows? 59
share_it asks: "On my Win PC I used a lot of encryption: I had encrypted small files for personal stuff, encrypted virtual disks for programs, music, video, etc. I used PGPdisk and mounted 3 big virtual disks (for a total of 170 gigs) on startup with just one single passphrase and those 'disks' were even quite fast. I have now switched to GNU-Linux for most of my interests, but sometimes I have to use Windows and I want my data to be encrypted and accessible from both OSes The only software that I found which can mount the same encrypted disk on both platforms is BestCript, but from Linux I can't store file with long names. Is there a better way to share encrypted data between when I dual-boot?"
Re:WTF IS THIS?!?! (Score:4, Funny)
I'd honestly love to see ActiveX ads. Especially if they become more popular than Flash ads. Why? Because none of the browsers/OSes I use support ActiveX. Built-in ad blocking at its finest
Re:WTF IS THIS?!?! (Score:2)
ho ho (Score:2)
And of course you wont be cleaning much spyware off their PC if they don't use IE either!
Sam
Re:WTF IS THIS?!?! (Score:2)
But, as a disclaimer, I still run Firefox quite a bit because it's so blindingly fast. The problem keeping me from switching to Firefox completely is that the Ad Block extension is utter
Re:WTF IS THIS?!?! (Score:2)
Use Opera (Score:2)
Disable loading of images by default which is the best thing to do
and when you get to a page where you need to view the images, just press 'g' (without quotes
That you can enable this per-tab is an extremely good option in Opera. In IE and Firefox enabling/disabling images seem to get applied to all windows/tabs which is quite annoying to say the least. I guess there'd be some plugin available for both those browsers but needless to
Re:Use Opera (Score:1)
Re:WTF IS THIS?!?! (Score:1)
Re:Do they have to be encrypted? (Score:1, Troll)
He is just John Asscroft asking for how to encrypt the top secret database of foreign lobbyists. Doesn't want to risk it on that nearly failing hard drive so he is planning to back it up.
NAH6's Secure-Notebook project covers this (Score:5, Informative)
IIRC, this was a secure-ified Debian with encrypted swap, encrypted partitions, running VMWare which ran Win2K as a guest o/s. The idea was to run Windows while treating it as a small child that keeps burning itself on the stove. Everything was filtered thru the Linux host o/s, including network and hardware access.
Also, I believe the encryption key was provided in two parts: a dongle containing part of the key, and then also a key requested of the user during boot.
Worth a look.
Re:NAH6's Secure-Notebook project covers this (Score:1, Funny)
Ha. You said dongle.
tin foil (Score:3, Interesting)
I have been around the crypto block a time or two and unless i completely missed it, I don't think there is a solution for what the poster is looking for other then bestcrypt.
I was once where the poster is, encrypting all my partitions including swap with a USB token required for boot. it was a nice excercise in orwellian paranoia and i learned a lot, but it is completely impractical and a total pain in the ass.
best of luck to the poster [lynchzone.com] in his quest for ultimate, um, security.
Re:tin foil (Score:3, Insightful)
Re:tin foil (Score:2)
None of the mainstream distros have idiot-proof "check to use encryption" interfaces. It probably took a lot of work to set this beast up.
Re:tin foil (Score:2)
Ack!
Thread.... Broken.... reply [slashdot.org] under different parent.... Triggering nurosis!
Re:tin foil (Score:3, Informative)
Safe deposit (Score:3, Funny)
Re:Safe deposit (Score:2)
Re:Safe deposit (Score:4, Funny)
I hope they used lead-free solder.
Re:Safe deposit (Score:2)
Mmmm, Aria Giovanni (Score:1)
Re:Mmmm, Aria Giovanni (Score:1)
Re:tin foil (Score:2, Informative)
I view my machines as extensions of my mind. Whatever I have in my mind is private. No one's business except my own. I have nothing "illegal" on any of my machines, but I was once involved with what some people might deem "fringe" politics. The worst thing that could have happened was for someone to take information from me and use it against someone who shared my goals.
For
Try a modified approach (Score:5, Interesting)
Now, to make things easy, you probably will only need to access
Of course, in windows, you never know where it may leave temp files laying around, so you might want to encrypt the entire win volume using a seperate utility.
Re:Try a modified approach (Score:2, Interesting)
If you're concerned about someone editing one of the binaries, then you want the OS to be encrypted.
Re:Try a modified approach (Score:2)
No, you want it to be digitally signed, which is related in some ways but not the same thing.
Re:Try a modified approach (Score:3, Interesting)
First, you don't need the OS encrypted. The most you'll need is /var, /tmp, /home and swap (and /data or wherever you put your bulk data files).
Right. Encrypting the OS is encrypting known data. <paranoia>This may lead to a key recovery by just comparing the encrypted OS and the unencrypted OS.</paranoia> Regarding encrypted swap: I think encrypting swap slows down too much. Just a dd if=/dev/random of=swappartition in the shutdown script should do the job as well. OK, if someone knocks you
Re:Try a modified approach (Score:2)
<paranoia>This may lead to a key recovery by just comparing the encrypted OS and the unencrypted OS.</paranoia>
No.. almost all decent encryption algorithms are secure against this "known plain-text" attack. AES (and all decent ciphers) can withstand attacks where the attacker can choose the plain-text to be encrypted and then is given the result.
Simon.
Re:Try a modified approach (Score:2)
That's the difference between a weak and strong cryptoalgorithm (nothing to do with key size). And the last weak algorithm in use is the zip password protection. Anything even remotely seriously considered for cryptography does not have this vunerability.
That being said, I had a lot of fun in my day recovering zip files. Change passwords? Repost
Re:Try a modified approach (Score:2, Informative)
Samba/IPSEC (Score:2)
BestCrypt is great (Score:5, Informative)
I have been using BestCrypt for several years and it's great. Unfortunately it's the only solid product available on Linux and Windows that I know of.
Why can't you store long filenames on Linux? BestCrypt just provides a block device on which you can use any filesystem. FAT32/VFAT is fine for Linux-Windows work. I've formatted a Bestcrypt volume with fat, vfat, iso9660, ext2, ext3, reiserfs, all without any problem.
Another alternative is to use VMware and then use ext3 on Bestcrypt and serve Windows needs with Samba.
Re:BestCrypt is great (Score:1)
Re:BestCrypt is great (Score:1)
Try the munitions site (Score:2, Informative)
At home w/ SuSE I use cryptofs, but if you don't have SuSe here's something else that looks pretty good (And I think OpenBSD has this one too)-- CFS [crypto.com]. I think there are actually a lot of options out there for you, just look around through Google.
2nd The BestCrypt Recommendation. (Score:1)
Grab the evaluation versions and give it a whirl.
http://www.jetico.com/
ok what do you need ? (Score:3, Interesting)
how about a file e.g. tar/zip of all your files that is encrypted each time you login/logout ?
use a standard AES/DES and secure deletion
whats wrong with this ?
slow
unsecure if power fails
but with everthing else you are at vendors mercy
I would use PGP disk or a secure online file server...
regards
John Jones
fileserver+terminal (Score:1)