Consider this scenario... Your computer running Linux somehow ran into a hardware glitch and had to be hauled to the neighborhood Computer service center. And you are asked to leave the machine at the service center and come back after a couple of days so that the technician can have a good look at it. But you are a bit worried because the harddisk contains the blue prints of the most secret project you are currently working on ;-) .Ever been faced with such a situation where you have to contend with wringing your fingers in despair ? This is where the use of an encrypted file system gains prominence. If you had created an encrypted volume on your hard disk and were in the habit of saving all your sensitive data on to the encrypted volume, you could have had a sound sleep while your computer is being repaired at the service center.
In Linux there are a number of solutions to create encrypted volumes and encrypting and decrypting data on the fly. Some of them are as follows:
Qryptix - Qryptix consists of a PAM object and utilities for session- and key-management for encrypted home directories using the International Kernel (CryptoAPI) patches for Linux. It simplifies login/logout, mounting/unmounting, and key generation and changing. Unfortunately, it needs selinux to work properly. One OS which has selinux installed is Red Hat/Fedora.
eCryptfs - An enterprise-class cryptographic filesystem for Linux.The kernel module component of eCryptfs is upstream in the -mm tree of the Linux kernel.
Truecrypt - One of the best and easily available disk encryption solution for both Windows and Linux platform.
Encfs - EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface.
LUKS - LUKS is the upcoming standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not only facilitate compatibility among distributions, but also provide secure management of multiple user passwords. In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.
dm-crypt - Dm-crypt is a device mapper target which provides transparent encryption of block devices using the new Linux 2.6 cryptoapi.The user can basically specify one of the symmetric ciphers, a key (of any allowed size), an iv generation mode and then he can create a new block device in /dev. Writes to this device will be encrypted and reads decrypted. You can mount your filesystem on it as usual. But without the key you can't access your data.
CryptoFS - CryptoFS is a encrypted filesystem for Filesystem in Userspace (FUSE) and the Linux Userland FileSystem (LUFS).
Justin Korelc and Ed Tittel have done an interesting benchmark of three of the above encryption tools namely LUKS, EncFS and CryptoFS, and have posted their findings online. And their verdict is that LUKS shines over the other two in the ease of use department because of better integration with the Gnome desktop and PGP keyring management facilities.
No comments:
Post a Comment