:: Re: [DNG] encryption
Kezdőlap
Delete this message
Reply to this message
Szerző: Gregory Nowak
Dátum:  
Címzett: dng
Tárgy: Re: [DNG] encryption
On Mon, May 30, 2016 at 07:34:11AM +0800, Robert Storey wrote:
> Maybe we had this discussion before and I missed it. I did a Google search
> and didn't find it. Anyway, here is my question...
>
> I want to create one encrypted folder on my hard drive. I don't necessarily
> need heavy-duty industrial-strength encryption, but "secure" is nice.
> Reliability is very important - I don't want it to break so I wind up
> losing data.


The native option for encryption in gnu/linux is LUKS, part of the
cryptsetup package which you already mentioned. If you were to install
devuan using encryption, LUKS is what would be used. Actually, cryptsetup is a frontend that gets
everything setup. the cryptsetup package also supports dmcrypt. On the
one hand, dmcrypt is less secure than luks, because it just does plain
encryption without any safeguards. On the other hand, dmcrypt has no
header, so nobody can prove that a file encrypted with dmcrypt is
anything other than junk. Neither of these will give you an encrypted
folder, but they will both give you an encrypted file container, in
which you can create folders and files, just like on any other medium
with a file system.

>
> In the past I've used TrueCrypt, and I didn't have to search long to find
> this page:
>
> https://wiki.debian.org/TrueCrypt/Install/Wheezy
>
> For those too lazy to click the link, it says that TrueCrypt is still
> available but no longer under active development. There is a link to some
> downloadable tar archives on SourceForge. From the looks of it, there are
> NO dependencies, and since there is no further development there should be
> no danger that TrueCrypt will get Potterized.


Truecrypt was dropped by its developers like a hot potato a couple of
years ago. Speculation as to why this happened is still ongoing. The
possible danger with truecrypt being abandoned is that at some point,
it will cease to be secure. It could even be argued that it is already
insecure because it isn't being maintained, and I believe there are
some theoretical attacks against truecrypt already. You have a couple
alternatives to truecrypt:

<http://www.truecrypt.ch>

This is truecrypt written from scratch (the devs of the former
truecrypt didn't allow their source to be used as a base). The last
time I checked, it was in alpha. Another alternative is veracrypt:

<http://veracrypt.codeplex.com>

It was forked from the original truecrypt while the original truecrypt
was still maintained, and uses the truecrypt code base. It has been
improved to guard against the theoretical attacks on the original
truecrypt. It supports reading of the original truecrypt volumes, and
can migrate most volumes created with the original truecrypt to the
veracrypt format. There are other projects based on the original
truecrypt if you search, but I don't believe any of them has gnu/linux
packages. Veracrypt doesn't have a debian package specifically, but
has a self contained binary meant to install on all gnu/linux distros,
including devuan. What you go with is up to you of course. I think
that both LUKS and veracrypt are good choices, and use both personally
depending on my needs.

Greg


--
web site: http://www.gregn.net
gpg public key: http://www.gregn.net/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
If we haven't been in touch before, e-mail me before adding me to your contacts.

--
Free domains: http://www.eu.org/ or mail dns-manager@???