[CALUG] Opinions on whole Disk encryption (for Linux)

John Alan Hastings jah1066 at aol.com
Fri Feb 1 21:46:46 EST 2008 

I did some experimenting a while back.  I wanted to carry data on a USB
stick but have it safe in case of loss.  I created a large file which
was prefilled with random data (very important, but makes a big hit in
your entropy pool), installed the cryptoloop module and created a file
system.  Subsequently it is mounted using cryptoloop.

The project stalled for two reasons, first I have not to date been able
to develop a procedure which works across different distributions.  I am
sure it is possible, but haven't found out how to do it.  Second was
lack of priority, but I am still interested and would like to move forward.

I have some notes I made when I was experimenting, but (naturally) they
are elsewhere.  I will post them soon.

Alan


Alan Hastings
jah1066 at aol.com

dac at cafaro.net wrote:
> Ok, I wanted to solicit any experience/opinions on whole disk  
> encryption.
>
> I will be implementing some form of whole disk encryption on a new  
> server being setup.  I've already double the hardware (cpu/memory) to  
> help deal with the extra load that will be generated.
>
> The idea is that on boot the system will start the encryption/ 
> decryption process.  When shutdown, the server will stop the  
> process.   This way if for some reason the server is stolen (or a HD  
> fails and must be sent off for repairs/replacement) there is no fear  
> of the data being exposed.
>
> I've started looking at loop-AES, but was curious if anyone else has  
> any experience with other solutions or this solution.
>
> OpenSource/Free is preferred, and something that doesn't involve  
> messing with the kernel besides loading modules is required.  Ideally  
> it would be built in to my distribution already and just require  
> setup/tweaking.  The OS will be RHEL5.
>
> Thanks,
> David
>
>
>
> David A. Cafaro <dac at cafaro.net>
> Cafaro's Ramblings:  www.cafaro.net
>
>
>
>
> _______________________________________________
> CALUG mailing list
> CALUG at unknownlamer.org
> http://lists.unknownlamer.org/listinfo/calug
>

More information about the CALUG mailing list