Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
on the fly is a tearm used to discribe a special kind of encryption. Basically it means that the files are allways stored in enqrypted format (usually in i special partition) and only decrypted to the ram.
if you want to know more google it.
Look into loop-aes (http://sourceforge.net/projects/loop-aes/). Basically, you setup a partition, but create a separate device to access it. That device consists of the encrypt/decrypt actions for anything passing through it. Then you read/write to/from that device and its all encrypted.
I will also point out something that I realized while reasearching crypto file systems (CFSs). A CFS is of little value if the volume you are crypting is always mounted. If your system is compromised and the volume is already mounted, someone can read/write through the same mechanism that you do, effectively ruining the whole purpose of the CFS. If you have a removable volume (e.g. zip, CD, external HDD, etc), then you need to take care to unmount the volume when it is not in use for maximum security.
Also, encrypted file systems are hard to use for anything that must be mounted at boot time: it requires user input. (I suppose you could store the key somewhere else, but that defeats the point, doesn't it?)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.