Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a samba server and I would love to encrypt the shares using a rather strong encryption method on a file or filesystem level. tcp/ip isnt necessary.
Is this possible? What are the performance hits? The clients are of course windows xp boxes.
How do you want the encryption to work? have the files or directories encrypted and decrypted only when accessed. Or decrypted when the machine boots up etc..... If you want to encypted partitons or complete drives you may want too look at AES-loop encryption. Or if you just want to envrypted files or directories Gnupg maybe what you are after.
You could use Samba to share a directory. The directory can contain a file that has an encrypted file system. The client would connect to the Samba share and then mount the container file through crypto-loop. This way the information is encrypted over the network and is decrypted at the client. I wrote instructions for the encrypted container file here: http://www.linuxquestions.org/questi...33#post2416433
The main problem with this as it is described is that the password is also the encryption key seed. People who can access the encrypted file system have to know the encryption key seed and you cannot change the encryption key seed. I have heard about LUKS, which stands for Linux Unified Key System. This system allows up to twelve keys/passwords for users. These keys/passwords have nothing to do with the encryption key. You can add and subtract authorized users at will. I have not yet implemented this so I don't have details.
Last edited by stress_junkie; 10-03-2006 at 01:26 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.