(Sorry for top-posting, I have just added myself to the list.) Hi Paul, > I've written a short howto on creating and mounting an encrypted > filesystem using dm-crypt. Thanks for the HOWTO. Some (fairly trivial) suggestions for improvement: - Although cryptsetup is in base, it would be nice to mention what packages are involved. - Using a partition as physical storage is such a common use case, that it seems useful to me to describe this explicitly. - The HOWTO describes writing zeros to the file that will hold the encrypted file system, and how to use this file afterwards without any further measures to obscure the virtual device. This is bad, because an attacker can easily determine what parts of the raw file contain data blocks, and what parts contain no data. It is much better to set up the encrypted device first, and write zeros to the encryped device (i.e. /dev/mapper/secretfs). This will look like random data in the raw file or partition, making it virtually impossible to grab data blocks for further analysis. - The following line is fairly useless without any further parameters: "tune2fs /dev/mapper/secretfs" - A wishlist item: encrypted CDs. Very handy for having secured backup copies. -- Daniel