Re: About encryption, or whatever...
- From: Douglas Mayne <doug@xxxxxxxxxxxxxxxxx>
- Date: Tue, 17 Apr 2007 10:06:01 -0600
On Tue, 17 Apr 2007 10:32:22 -0500, dorno wrote:
A question about encryption. I don't use it since I lead a fairly boringI don't know, but I'd guess they were probably talking about truecrypt:
life (crimewise) and never had the need to hide bits. However, if it did
need to, the first thing I would do is make sure that nobody could ever
find the PC with the evidence. But, anyway...
My boss went to a seminar (yes, the typical start of a horror story) about
security and came back with some fairly worthless handouts and a totally
garbled version of what was said. Apparently, it was about encrypting a
hard drive but storing the key and passphrase on a flash drive. Pop in
the flash drive, and up comes the whatever. At this point I am not sure
if he was shown something that encrypted the whole drive and looked for
the key and passphrase on boot, or something that detected the key when it
appeared and then allowed access to the files. One handout says that it
(whatever it is?) is available for both Linux and XP.
No big deal, since any Linux techie could get GPG installed and put the
key somewhere else, but apparently there is a utility or package
specifically for that. I know that there are distros who's main aim is
security, but our servers and certain key laptops are Debian and there is
no way we could switch now. Don't want to since they are solid as a rock.
As we slowly convert from Windows on our desktops (thanks Vista!!!), the
suits in the top office want to make sure that we don't fall into the
problem of our name appearing on the news in the context of all our
customer information suddenly surfacing in Russia, a la TJX.
I am just starting my search for what he was shown, but of course any
security search bring up millions of hits. I assume that I am looking for
a (Linux) whole hard drive encryption utility or an automatic
Opps-I-see-an-encrypted-file - is-there-a-key-available-somewhere?
utility.
Any encryption gurus out there got some pointers?
Dorno
http://www.truecrypt.org/
This is very popular because of its cross platform capability.
The rest of my response is specific to GNU/Linux.
Some projects specific to GNU/Linux for drive encryption:
1) device mapper, an encryption facility in to Linux kernel
2) LUKS (a higher level specification, but uses device mapper)
Google has more information if searching with these keywords.
One nice thing about device mapper encryption is that it allows for
encryption to be easily used on a variety of devices. For example,
individual flash drives, external USB drives, or entire GNU/Linux
systems.
Device mapper is easy to use, and I have advocated it being used whenever
preventing data loss is important. For example, laptops get lost and
stolen. A recent news story showed the IRS lost 490 laptops with
unencrypted taxpayer data. I accept that loss of physical objects is
inevitible, but data loss should not follow. I'd be upset if my
tax data were lost (maybe, it was -who knows); but in any case it's
small consolatation that a small percentage the total number of latops in
use were lost (490/49000). The standard of care should be higher.
Device mapper is easy to use. I setup a project which boots GNU/Linux
using encryption:
http://www.xmission.com/~ddmayne2/erf-dm/
As explained at that site, a big part of the motivation for that project
was to keep the horse in the barn now, than worry what he could take
with him if he get's out.
--
Douglas Mayne
.
- References:
- About encryption, or whatever...
- From: dorno
- About encryption, or whatever...
- Prev by Date: Kernel compile errors for 2.6.9 - qla_os.c errors
- Next by Date: Re: Backtrack not booting after installing with windows xp
- Previous by thread: About encryption, or whatever...
- Next by thread: Re: About encryption, or whatever...
- Index(es):
Relevant Pages
|
