Greetings! I have created a system that runs on two encrypted partitions, ext3 and swap, and it seems very interesting in our days of low hardware costs. Anyway, as I have been working with the systems some questions about the daily running have arisen. I hope this is an appropriate forum. What I am talking about is encrypting the root partition with loop-aes, patching a kernel with loop-aes and replacing the utils necessary for mounting them, like described in Christophe Devine's HOWTO (http://howtos.linuxbroker.com/howtoreader.shtml?file=Encrypted-Root-Filesystem-HOWTO.html) as a starting point. In the future, I would also like to add a gpg layer, like the one described in the loop-aes.README. This far, these are my questions: Journalling file systems. Will it be safe to run journalling file systems, or does one risk loss of data if the power is switched off, etc, on an encrypted file system? Is there a recommended filesystem at all, or is the question itself irrelevant for such encryption? Can write cache be used? Changing of passwords. If one has a system of gpg keys and with passwords contained in USB-dongles, one would like to enforce some regime of password changing requirements on it. It seems that just checking the file dates vs. the hw clock would not be good enough, as it can easily be changed, another thing I have thought of is having a system with a counter stored on the dongle. It might look like a using a dongle with a trusted clock is the best option, but I'm hoping to find out if this can be done through gpg directly or other smart ways. Performance. I would like to see some benchmarking of the performance cost of an encrypted filesystem, so that I would know what to expect from the hardware. Is there any source out there for this? In time the system will be used for operation on very large files. Suspend. I read this in the announcement of the loop-AES-v2.0f file/swap crypto package: --- - Updated loop code to be compatible with Pavel Machek's software suspend code (2.4 and 2.6 kernels). --- ..but I didn't really understand if this means that it is "recommended" or safe to use an encrypted version of software suspend now, or if this is still hazardous. I saw some notes of scepticism among linux kernel developers. Well let me close by saying bunches of thanks for much wonderful software. I hope my questions were adequately phrased and precise enough. -- Cheers, Lars Bungum <lars@xxxxxxxxx> <OpenPGP:E2C5C0A2> - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
