Ask Slashdot: Tools For Linux Disk Encryption and Integrity? 123
An anonymous reader writes "I have been using Gentoo Linux for a long time now and have always been satisfied with one of its many disk encryption tools: cryptsetup (dm-crypt and LUKS). However, I recently gave FreeBSD a try and, although I concluded BSD is not for me, I was amazed at geli(8), FreeBSD's disk encryption tool. It happens this tool also provides what it calls an 'authentication mode.' Besides encrypting the disk sector-by-sector, it also stores checksums (sha256 in my case) in it on every write. On reads, if the checksum mismatchs, it propagates the error up, resulting in, say, a read() error. Thus I do not have to trust my disk (except of course for the boot partition) any longer: any data inconsistency will be detected before the data is used. Having searched for a long time without answers, I want to ask: is there something similar to this in Linux? Note: Using Btrfs is a valid solution, but is far from stable (got a few oopses during my tests)."
Yep (Score:5, Informative)
You can use IMA (2.6.30 and later) and EVM (2.6.38 and later). :)
Re: (Score:1)
Will someone please mod up the parent?
Re: (Score:1)
Linux IMA at LWN: https://lwn.net/Articles/227937/ [lwn.net], https://lwn.net/Articles/326747/ [lwn.net]
IBM (involved in Trusted Computing Group) link: http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html [ibm.com]
Bullet-point summary of EVM:
EVM Mailing-list announce: https://lwn.net/Articles/393673/ [lwn.net]
ZFS? (Score:1)
ZFS has checksumming on every block
Re: (Score:1)
I'm honored that you spelled Doofus with a capital D. Now read the comments below.
Re: (Score:2)
Please keep in mind the current 0.5.2 stable release does not yet support a mountable filesystem.
And considering that btrfs was not stable enough for the author, I don't think that is an option either.
Re: (Score:2)
Yes but some people are too busy to read the summary! Have a heart.
Re: (Score:3, Informative)
Re: (Score:2)
Oh go on, i'll start it off.
There are some who would argue the license is dangerous.
Re: (Score:2)
Why's that?
Honest question, I've not heard the argument.
Re: (Score:1)
Have you read the license? Not GPL, Apache etc. Not really open source, although the source is available.
http://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt [fedoraproject.org]
Re: (Score:2)
The link says that Fedora says the license is dangerous, but doesn't go into it at all.
Here [debian.org] is a more detailed explanation on the dangers from debian-legal, though it's 5 years old so I can't say whether or not it's even still relevant...
Re:TrueCrypt (Score:5, Funny)
For pr0n you should definitely use blowfish, along with analfish
Re: (Score:1)
Geez, moderators, where's your sense of humor ?! :_))
LMAO at this guy's pun...
Re: (Score:2)
my important info (mostly pr0n)
I think your definition of the words important and info must differ radically from mine.
Re: (Score:1)
Re: (Score:2)
Last I checked TC didn't do file or block checksumming the way the posed question is looking for...
Re: (Score:3)
Re:TrueCrypt (Score:4, Informative)
Volume encryption?
Why is it needed? Unless you have a requirement that dictates this, there are more ways for volume encryption to fail.
I am surprised no one has mentioned encfs. You could run it in userspace over whatever precious checksumming system your heart desired.
http://www.arg0.net/encfs [arg0.net]
Advantages of pass-thru system vs an encrypted block device
Disadvantages
Re: (Score:2)
What I find ironic is that Google has not included this with Android, as it is the perfect tool for securing data on SD cards.
Re: (Score:2)
From Google's own invasive searchbots.
Context is *all* (Score:1)
Thanks for reminding us that many things can be misrepresented if taken without regard to their context.
Re: (Score:1)
Rather than using some obscure thingo nobody's heard of, made by whats-his-name, I would speculate that the FreeBSD is safer, because they have people who understand crypto.
Philip Zimmer (of PGP fame) used to say that most people screw up in the implementation part.
Now, TrueCrypt you can trust, because it was used in a high-profile financial case in Brazil (it was mentioned here in Slashdot) and the Feds from Brazil and the USA (Brazilians asked for help) couldn't get the data out.
All charges against the ba
Re: (Score:2)
Sorry, that was "all charges were dropped"
Without checksumming? (Score:2)
Re: (Score:1)
dm-crypt doesn't protect you against someone who is manipulating your hard drive while you're using it. It's intended to protect you after the hard drive is stolen. This is how most full disk encryption software works. It's not really "retarded".
Use VDMFEC or other FEC for ECC (Score:1)
What? What do you mean? You mean someone would be retarded enough to write an encryption method that doesn't use ECC or such internally?
Most encryption algorithms, whether implemented on a file or real-time on a disc, are not primarily concerned with ECC. Plenty use hashes, but not for the purpose of correcting errors caused by disk corruption. There are even less of the kind the author is looking for (real-time total disc encryption with ECC seamlessly integrated). It's not my speciality so I don't know of them
But if we're talking about sending and receiving data from long-term storage (rather than real time), that is easily attainable if
Re: (Score:2)
Re: (Score:3)
You have no clue about block-oriented storage encryption, obviously. There is no space for checksums and the task is done on a lower layer (the disk) and can be done on filesystem layer. Doing it on block layer in addition to the encryption breaks block alignment.
Re: (Score:2)
Absolutely. Just take an extra hard drive with the pad on it whenever you need to access your data...
Re: (Score:2)
... and how does this let you detect or correct corruption?
Jesus people, at least read the whole question.
Re: (Score:2)
Probably the same reason why Linux is my main OS right now rather than FreeBSD, there's a few specific applications which I haven't been able to get running on FreeBSD, which work fine on Linux. Most applications can be made to work on FreeBSD if they work on Linux, but a few like Truecrypt won't.
Re: (Score:1)
Re: (Score:1)
Hmmm, I believe you just bit a very common troll, how does it taste?
Surely you've seen the "BSD doesn't support xyz" (where BSD clearly does support xyz) troll before? The other one we see a lot here is the "Netcraft confirms it... BSD is dying". That one never gets replies, though.
Your comment is informative, however.
TrueCrypt (Score:1)
Nuff said.
http://www.truecrypt.org/ [truecrypt.org]
Re: (Score:3)
As far as I am concerned, you already said too much. Your post does not even remotely address the question asked. Please read the summary next time. As for the original poster: sorry, I don't know any such tool for Linux. ZFS has already been mentioned. Maybe you could compile Geli on Linux?
Re: (Score:1)
Re: (Score:3, Informative)
Nuff said.
also : https://tails.boum.org/support/truecrypt/index.en.html [boum.org]
I'll never say this enough : Don't trust Truecrypt when you have a shitload of similar/better tools that you can actually trust on linux.
I mean just look at this [slashdot.org]
Re: (Score:1)
What such tools would you suggest? Your last two linked articles don't work for me - could you summarise their content?
I suggested TrueCrypt because the NHS in the UK use it quite a bit (so I'm informed), for a free product (and one which I believe the source code is available for) it does the job quite nicely IMHO.
Re: (Score:3)
I Usually use LUKS with DM-Crypt [gentoo-wiki.com], but there are other tools more user-friendly that come with gnome.
Last day I discovered a gnome applet that manages crypted volumes written on the fly as you modify the mounted folder, that scale with the size of the content of the volume. (Dm-crypt has a defined volume size that you cannot outgrow, and the chiffered file used to mount the volume always has the maximum size i
Re: (Score:1)
Not open source. Do keep up.
Re: (Score:1)
Not open source.
The code is available, but under terms of a license so insane that neither the FSF nor the Open Source Initiative (who maintain the definition of 'open source': on their list of approved licenses) consider it free.
This is also one of the reasons RMS prefers free/libre software -- it avoids this whole "well it's open, but not really" ridiculousness when it comes to insane licensing.
Re: (Score:1)
Nobody said all you have to do is make a program's code readable for audits to magically happen.
TrueCrypt development is done in a closed fashion, with extremely few (any?) patches from outside sources, and a lead team actively hostile towards critique.
Furthermore, it is extremely difficult to build close-to-identical versions of TrueCrypt due to build system ridiculousness.
That is more why no audits have taken place.
Spread your free software FUD elsewhere, that last bit is a fun little straw man...
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
The definition of open source is maintained here: http://www.opensource.org/osd.html [opensource.org]
It does not meet the requirements, therefore it is not technically open source.
Re: (Score:1)
Re: (Score:2)
The question posed is asking about disk integrity specifically. TrueCrypt does not do this.
Just trolling (Score:1)
I have been using Gentoo Linux for a long time now
No takers?
Re:Just trolling (Score:4, Insightful)
Gentoo recently postponed using GNOME3 [blogspot.com] because it seemed like a "work in progress". Meanwhile, Fedora has shipped it, Ubuntu is now on the even less mature Ubiquity, and CentOS can't even get a modern release shipped out the door at all. Gentoo is looking like a stable Linux aimed at old geezers nowadays.
Re: (Score:2)
Re: (Score:2)
U-fucked-Up is the next Linux desktop project, I hear.
I love Linux. I hate Linux desktops.
Re: (Score:2)
Or Linux desktops still just look like the metric ass-load of crap they've all been since Enlightenment.
Re: (Score:2)
The beauty of Gentoo is that you can mix and match...
There is a gnome3 overlay if you want it.
I like being able to have control over the system, so i can mix and match package versions at will... With most binary distros its an all or nothing upgrade - if you want new gnome3, you also need to take new x11, new glibc, new gcc etc.
Re: (Score:1)
Re:Just trolling (Score:5, Funny)
... and I just finished compiling Firefox so I could submit this story to Slashdot!
*crickets* .. gee, tough crowd.
Re:Just trolling (Score:5, Funny)
<@insomni> it only takes three commands to install Gentoo /dev/hda && mkfs.xfs /dev/hda1 && mount /dev/hda1 /mnt/gentoo/ && chroot /mnt/gentoo/ && env-update && . /etc/profile && emerge sync && cd /usr/portage && scripts/bootsrap.sh && emerge system && emerge vim && vi /etc/fstab && emerge gentoo-dev-sources && cd /usr/src/linux && make menuconfig && make install modules_install && emerge gnome mozilla-firefox openoffice && emerge grub && cp /boot/grub/grub.conf.sample /boot/grub/grub.conf && vi /boot/grub/grub.conf && grub && init 6
<@insomnia> cfdisk
<@insomnia> that's the first one
Re: (Score:1)
My personal favorite gentoo quote [bash.org]:
<@insomni> it only takes three commands to install Gentoo
<@insomnia> cfdisk /dev/hda && mkfs.xfs /dev/hda1 && mount /dev/hda1 /mnt/gentoo/ && chroot /mnt/gentoo/ && env-update && . /etc/profile && emerge sync && cd /usr/portage && scripts/bootsrap.sh && emerge system && emerge vim && vi /etc/fstab && emerge gentoo-dev-sources && cd /usr/src/linux && make menuconfig && make install modules_install && emerge gnome mozilla-firefox openoffice && emerge grub && cp /boot/grub/grub.conf.sample /boot/grub/grub.conf && vi /boot/grub/grub.conf && grub && init 6
<@insomnia> that's the first one
Ehh.... not to rain on the joke, but there's nothing in partition /dev/hda1 after mkfsing it. Why so quick to chroot into it? It's missing the stage3 download!
Re: (Score:2)
Also didn't mount/bind the proc or dev file systems.
And what the hell @ installing _gnome_ before grub!
Re: (Score:2)
Re: (Score:2)
They're all waiting for a broken Firefox emerge bug to be fixed.
TPM, please? (Score:2, Interesting)
It would be nice to have a TPM based authentication system as an option. This way, a Linux server can grab a memory image, have the hash of that passed to the TPM, and if unchanged, the boot process continues.
Add a PIN to the process, and the TPM will start denying access after a certain amount of missed tries, so brute forcing a filesystem key isn't going to happen.
This way, someone pulling disks, or booting the server from other media will be unable to decrypt the machine.
Essentially, BitLocker functiona
Re: (Score:2)
That is you have a recovery password or keyfile saved off on a USB flash drive. Same procedure with BitLocker.
The TPM is an advantage, an option in addition to the usual typed in passphrase. I wish other operating systems would take advantage of it, and not just Windows, because it brings with it some good security functionality.
Re: (Score:2)
In the past, this might have been an issue, but virtually every x86 server and server motherboard out there comes with a TPM present, but disabled and unowned.
Yes, it can be used for DRM, but since the functionality is there, might as well use it for good, and to ensure that a machine hasn't been tampered with, and that the MBR is intact.
Another use for it is a secure keystore for public/private keypairs. For example for code signing, you copy a public/private keypair into it (keeping a backup in a secure,
Re: (Score:1)
Yeah, using the TPM would be great. Using a pin instead of a passphrase at most startups would be much less cumbersome.
Obviously you would still need a backup passphrase when you change your motherboard or exhaust the maximum numer of pin tries.
Re: (Score:3)
You will probably get your wish, as there are people working on a secure boot using UEFI (modern replacement for BIOS) and the sort of cryptographic integrity validation you are talking about: https://lwn.net/Articles/447381/ [lwn.net] (subscription required, but free from 23 Jun 2011)
This can be used for good (if you own your own keys, you can compile and install your own kernel etc) or bad (if the hardware vendor or OS vendor owns the keys, you have no way to install anything else, i.e. you have a Tivoized system).
Lazy-man's encryption (Score:1)
Just use FreeBSD (Score:1)
Linux users growing frustrated at the increasingly superior feature set of FreeBSD can take heart that FreeBSD is also open source, and runs all of your favorite software. The adjustment necessary is roughly that of moving from one Linux distribution to another.
OpenPGP (Score:1)
Why not PGP (free for non-commercial use) or Gnu Privacy Guard (GPG, free). Both use the OpenPGP method and are interoperable with each other. While neither is open source, the source code for both are supposed to be available to anyone who wants to check the integrity of either application (e.g., lack of back doors).
Debian kfreebsd (Score:2)
University of Wisconsin - Madison (Score:2)
This [wisc.edu] looks like a project to address adding checksums in the md(4) Multiple Device layer (not ideally named, because MD is perfectly usable on a single drive). Because MD is a layer under the filesystem, any filesystem is supported. They only support RAID4C (checksumming RAID4) and RAID5C (checksumming RAID5), though they show how to implement it on a single volume, albeit with a large performance penalty.
There is an excellent paper which analyzes the integrity issue you are trying to address.
I wish this
"when will btrfs be ready?" (Score:2)
That's how I interpret the question. Soon, by this fall, most likely.
ZFS (Score:1)
Messes up alignment (Score:2)
The checksums need storage space. So you either have to reduce usable block size or use extra sectors. Both options mean you lose the 1:1 block mapping that both dm-crypt and LUKS (the latter with an offset) provide. This can cause all sorts of problems, unless the file-system layer is also optimized for it and therefore dm-crypt and LUKS delegate any such checking in addition to what the disks themselves already do to the file-system layer.
But the second thing is this: You have to basically trust your disk
Re: (Score:2)
You should never trust your disk. The amount of unrecognized single sector failures on modern disks is so big, that with a >90% probability, at any given moment, a stripe/raid with four 2TB disks will contain at least one of them. All professional grade storage systems have disc scrubbi
Re: (Score:2)
What ZFS does is perfectly fine. But dm-crypt and LUKS is a block-level crypto mapper, there this is about the worst thing you could do.
ZFS encryption (Score:3)
ZFS has very good per-block checksumming and many other features, and now has encryption support, which should be in OpenIndiana (the non-Oracle fork of OpenSolaris): http://milek.blogspot.com/2010/10/zfs-encryption.html [blogspot.com]. ZFS is a combination of volume manager (like LVM), software RAID and filesystem. Here's a useful HOWTO on setup: http://hardforum.com/showthread.php?t=1573272 [hardforum.com]
Unfortunately ZFS support in Linux is userland only due to licensing issues. It may not have encryption yet either - however you could run TrueCrypt on top of a ZFS volume (like an LVM logical volume), bypassing the ZFS filesystem part.
Re: (Score:2)
So, I can't speak to the licensing issues, but there is native ZFS support. Granted it's got a ways to go to be completely stable (from the posix layer level) but the vdev stuf
Re: (Score:2)
I was aware of this, but mountable filesystems are still only in a release candidate so it's some way from being usable. Also you do need to compile it yourself due to legal issues if it's distributed with Linux: http://zfsonlinux.org/faq.html#WhatAboutTheLicensingIssue [zfsonlinux.org]
FreeBSD (Score:1)
Re: (Score:1)
Re: (Score:1)
I saw that episode. Archie can't choose between Betty and Veronica.