[Novalug] Opinions on whole Disk encryption (for Linux)

David A. Cafaro dac@cafaro.net
Mon Feb 4 14:36:46 EST 2008


Though not in the realm of what I need, still good stuff to have.

Thanks,
David


On Feb 1, 2008, at 2:26 PM, Megan Larko wrote:

> David A.Cafaro wrote:
>> Ok, I wanted to solicit any experience/opinions on whole disk  
>> encryption.
>> I will be implementing some form of whole disk encryption on a new  
>> server being setup.  I've already double the hardware (cpu/memory)  
>> to help deal with the extra load that will be generated.
>> The idea is that on boot the system will start the encryption/ 
>> decryption process.  When shutdown, the server will stop the  
>> process.   This way if for some reason the server is stolen (or a  
>> HD fails and must be sent off for repairs/replacement) there is no  
>> fear of the data being exposed.
>> I've started looking at loop-AES, but was curious if anyone else  
>> has any experience with other solutions or this solution.
>> OpenSource/Free is preferred, and something that doesn't involve  
>> messing with the kernel besides loading modules is required.   
>> Ideally it would be built in to my distribution already and just  
>> require setup/tweaking.  The OS will be RHEL5.
>
> This is a little different that what you had described, but I'll  
> share anyway...
>
> I use the TrueCrypt product to encrypt drives (thumb, USB,  
> slave, ....).
> It runs on Windows and linux and Mac.  I have found it easy to use  
> and one may set-up various access mechanisms (ro, rw, x, -x).  On a  
> USB stick, one may have the TrueCrypt program on the stick itself.   
> A touch less secure because it may be brought to any computer, not  
> just a system on which truecrypt is already installed, but at the  
> same time, I can share data (church budget stuff is what I have  
> used it for) so than a user can pop it into a USB port and supply  
> the password and away they go.   I have used the GUI tool on  
> Windows and the CLI interface on linux.
>
> Truecrypt home page:
> http://www.truecrypt.org/
>
> SourceForge site:
> http://www.howtoforge.com/truecrypt_data_encryption
>
> megan
>
>> Thanks,
>> David
>> David A. Cafaro <dac@cafaro.net>
>> Cafaro's Ramblings:  www.cafaro.net
>> _______________________________________________
>> Novalug mailing list
>> Novalug@calypso.tux.org
>> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>

David A. Cafaro <dac@cafaro.net>
Cafaro's Ramblings:  www.cafaro.net






More information about the Novalug mailing list