[Novalug] Opinions on whole Disk encryption (for Linux)
David A. Cafaro
dac@cafaro.net
Mon Feb 4 14:36:46 EST 2008
Though not in the realm of what I need, still good stuff to have.
Thanks,
David
On Feb 1, 2008, at 2:26 PM, Megan Larko wrote:
> David A.Cafaro wrote:
>> Ok, I wanted to solicit any experience/opinions on whole disk
>> encryption.
>> I will be implementing some form of whole disk encryption on a new
>> server being setup. I've already double the hardware (cpu/memory)
>> to help deal with the extra load that will be generated.
>> The idea is that on boot the system will start the encryption/
>> decryption process. When shutdown, the server will stop the
>> process. This way if for some reason the server is stolen (or a
>> HD fails and must be sent off for repairs/replacement) there is no
>> fear of the data being exposed.
>> I've started looking at loop-AES, but was curious if anyone else
>> has any experience with other solutions or this solution.
>> OpenSource/Free is preferred, and something that doesn't involve
>> messing with the kernel besides loading modules is required.
>> Ideally it would be built in to my distribution already and just
>> require setup/tweaking. The OS will be RHEL5.
>
> This is a little different that what you had described, but I'll
> share anyway...
>
> I use the TrueCrypt product to encrypt drives (thumb, USB,
> slave, ....).
> It runs on Windows and linux and Mac. I have found it easy to use
> and one may set-up various access mechanisms (ro, rw, x, -x). On a
> USB stick, one may have the TrueCrypt program on the stick itself.
> A touch less secure because it may be brought to any computer, not
> just a system on which truecrypt is already installed, but at the
> same time, I can share data (church budget stuff is what I have
> used it for) so than a user can pop it into a USB port and supply
> the password and away they go. I have used the GUI tool on
> Windows and the CLI interface on linux.
>
> Truecrypt home page:
> http://www.truecrypt.org/
>
> SourceForge site:
> http://www.howtoforge.com/truecrypt_data_encryption
>
> megan
>
>> Thanks,
>> David
>> David A. Cafaro <dac@cafaro.net>
>> Cafaro's Ramblings: www.cafaro.net
>> _______________________________________________
>> Novalug mailing list
>> Novalug@calypso.tux.org
>> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>
David A. Cafaro <dac@cafaro.net>
Cafaro's Ramblings: www.cafaro.net
More information about the Novalug
mailing list