[Centos-docs] Re: Encrypted partition short howto
Daniel de Kok
danieldk at pobox.com
Thu Sep 7 10:07:16 UTC 2006
(Sorry for top-posting, I have just added myself to the list.)
Hi Paul,
> I've written a short howto on creating and mounting an encrypted
> filesystem using dm-crypt.
Thanks for the HOWTO. Some (fairly trivial) suggestions for improvement:
- Although cryptsetup is in base, it would be nice to mention what
packages are involved.
- Using a partition as physical storage is such a common use case,
that it seems useful to me to describe this explicitly.
- The HOWTO describes writing zeros to the file that will hold the
encrypted file system, and how to use this file afterwards
without any further measures to obscure the virtual device.
This is bad, because an attacker can easily determine what parts
of the raw file contain data blocks, and what parts contain no data.
It is much better to set up the encrypted device first, and write
zeros to the encryped device (i.e. /dev/mapper/secretfs). This will
look like random data in the raw file or partition, making it
virtually impossible to grab data blocks for further analysis.
- The following line is fairly useless without any further
parameters: "tune2fs /dev/mapper/secretfs"
- A wishlist item: encrypted CDs. Very handy for having secured
backup copies.
-- Daniel
More information about the Centos-docs
mailing list