by: Jonas

Tue, 10 Oct 2006 07:50:41 +0000

dm-crypt has had security problems in the past, so I’d recommend loop-aes (http://loop-aes.sf.net).

You’re still required to enter a passphrase when you mount the encrypted file system, because as Steve Holden said, otherwise it’s not worth doing (you also have to make sure you use a secure passphrase, of course).

This is no problem with key management, but a problem of convenience. You can still build a *highly available* system by putting redundancy in the right places, though.

by: Steve Holden

Mon, 09 Oct 2006 06:41:40 +0000

That’s a feature, not a bug. If the key is on the system then it can be stolen along with the media, and your encrypting filesystem then just becomes an expensive way to burn CPU cycles with no security value whatsoever.

Comments on: Encrypting file systems

by: Jonas

by: Steve Holden