It's been passed to me from on high that one of our file servers needs to be encrypted. I'm considering either whole-disk encryption or folder encryption. I like the latter since, well, it's less work. Is there any particular folder encryption systems out there that the folks around here can recommend? -- Aaron Clausen mightymartianca at gmail.com
On Wed, Apr 20, 2011 at 09:28:28AM -0700, Aaron Clausen wrote:> It's been passed to me from on high that one of our file servers needs > to be encrypted. I'm considering either whole-disk encryption or > folder encryption. I like the latter since, well, it's less work. > > Is there any particular folder encryption systems out there that the > folks around here can recommend?I don't know of any folder encryption in a normal Linux filesystem. There are several per-filesystem encryption mechanisms. Samba also supports over-the-wire transport encrpytion (and has done for many years), but only for non-Windows clients (I'm bugging Steve French and Jeff Layton to get this into the Linux CIFSFS client asap). Jeremy.
On Wed, Apr 20, 2011 at 12:28 PM, Aaron Clausen <mightymartianca at gmail.com> wrote:> It's been passed to me from on high that one of our file servers needs > to be encrypted. ?I'm considering either whole-disk encryption or > folder encryption. ?I like the latter since, well, it's less work. > > Is there any particular folder encryption systems out there that the > folks around here can recommend?You can encrypt *filesystems* on individual partitions on the back end easily enough, in the Linux world. There are numerous technologies for this, though there is an inevitable performance penalty, but that's pretty muchb invisible to the Samba system. The webpage at http://encryptionhowto.sourceforge.net/Encryption-HOWTO-4.html consistently refers to them as "folders", which may be where the confusion arises. I've been hearing good things about AES for robustness and blowfish for speed, but haven't had the chance to try it for Samba serviced filesystems.