On Tue, 17 Aug 2004 18:34, Ole Arntzen <Ole.Arntzen@xxxxxxxxx> wrote: > Most of what you are trying to do is described in the "Disk Encryption > HOWTO". Have a look at: > http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ Using offsets in loopback devices isn't going to work. As the HOWTO notes it's written for 2.4.x and we get more options in 2.6.x. The HOWTO recommends encrypting the entire disk to conceal the fact that Linux is being used. I think it's better to assume that the attacker already knows which OS we use. It is still a benefit to conceal the partition table, this is probably best achieved by running cryptsetup on /dev/hda (or whatever the disk is) and using that encrypted mapper device as a PV for LVM (so we get multiple file systems). Another issue is that the threat model may prevent encrypting the entire disk. The attack that we are concerned with may come from another OS on the same disk on a dual-boot system (a duel-boot system). For example it's common to run Windows for games and Linux for serious work, but it would suck if the first Windows worm that came along copied off all the Linux data... I think that there is benefit in having two Linux file systems with different encryption keys too so again with multiple boot partitions you don't lose them all if you lose one (requires multiple USB keys to do properly). Thanks for the URL, it gave me the idea of encrypting a PE. Although I don't think it's practical for me to work on this idea until after we get Anaconda to support encrypted LV's and partitions. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
