I've written a short howto on creating and mounting an encrypted filesystem using dm-crypt. The doc currently lives on our internal wiki (Trac) at work, but I'd love to rewrite and post for a general readership. I suppose the proposed URL would be something like http://wiki.centos.org/TipsAndTricks/EncryptedFilesystem -- Paul Heinlein <> heinlein at madboa.com <> www.madboa.com
Paul Heinlein wrote:> I've written a short howto on creating and mounting an encrypted > filesystem using dm-crypt. The doc currently lives on our internal > wiki (Trac) at work, but I'd love to rewrite and post for a general > readership. I suppose the proposed URL would be something like > > http://wiki.centos.org/TipsAndTricks/EncryptedFilesystemAssuming that your username on the wiki is PaulHeinlein, that page is now all yours to fool around with. Thanks, Ralph -- Ralph Angenendt......ra at br-online.de | .."Text processing has made it possible Bayerischer Rundfunk...80300 M?nchen | ....to right-justify any idea, even one Programmbereich.Bayern 3, Jugend und | .which cannot be justified on any other Multimedia.........Tl:089.5900.16023 | ..........grounds." -- J. Finnegan, USC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos-docs/attachments/20060907/016284f9/attachment.sig>
Paul Heinlein wrote:> I've written a short howto on creating and mounting an encrypted > filesystem using dm-crypt. The doc currently lives on our internal > wiki (Trac) at work, but I'd love to rewrite and post for a general > readership. I suppose the proposed URL would be something like > > http://wiki.centos.org/TipsAndTricks/EncryptedFilesystem >go ahead, send us a draft here :) btw, i've used your svn + trac guide ! { it could use some fluffing up though... } -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq
(Sorry for top-posting, I have just added myself to the list.) Hi Paul,> I've written a short howto on creating and mounting an encrypted > filesystem using dm-crypt.Thanks for the HOWTO. Some (fairly trivial) suggestions for improvement: - Although cryptsetup is in base, it would be nice to mention what packages are involved. - Using a partition as physical storage is such a common use case, that it seems useful to me to describe this explicitly. - The HOWTO describes writing zeros to the file that will hold the encrypted file system, and how to use this file afterwards without any further measures to obscure the virtual device. This is bad, because an attacker can easily determine what parts of the raw file contain data blocks, and what parts contain no data. It is much better to set up the encrypted device first, and write zeros to the encryped device (i.e. /dev/mapper/secretfs). This will look like random data in the raw file or partition, making it virtually impossible to grab data blocks for further analysis. - The following line is fairly useless without any further parameters: "tune2fs /dev/mapper/secretfs" - A wishlist item: encrypted CDs. Very handy for having secured backup copies. -- Daniel
Apparently Analagous Threads
- LUKS create_encrypted_fs
- I would like to create a Samba share supporting named writers, named readers, and no guests ...
- Migrating R packages from svn/R-Forge to git/Github
- LSUB "" "" vs LIST "" "" (hacked Apple Mail problem)
- Encryption software for CentOS 5.0