Best encryption available for Linux ?

LegionOfHell · 10-30-2020, 03:24 PM

I am looking for an encryption mechanism that isn't flawed...

(1) DM-crypt is unreliable because if you are using an SSD and you enable trim, it exposes information about the file system:? here is what the manpage says:

Quote:

WARNING: This command can have a negative security impact
because it can make filesystem-level operations visible on the
physical device. For example, information leaking filesystem
type, used space, etc. may be extractable from the physical
device if the discarded blocks can be located later. If in
doubt, do not use it.

(2) Encfs is an abandoned project and has a flaw ?

(3) Cryfs is slow ?

I am taking a look at ecryptfs....Is this a reliable method ?

sgosnell · 10-30-2020, 03:33 PM

The state of the art seems to be LUKS. Is this going to be a new install, or do you want to encrypt something already running? If you encrypt a drive or partition, all data on it will be lost, no matter what system you use. Encryptfs is reliable, AFAIK. Another option is Veracrypt, which is useful if you just want to encrypt a drive, or have data that needs to be encrypted. You can use an encrypted file which veracrypt uses as an encrypted filesystem, which it can mount for you. I really can't say what would work for you, because you haven't said what your goal is. What do you want to encrypt? How do you want to use it?

syg00 · 10-30-2020, 08:26 PM

Quote:

Originally Posted by LegionOfHell

(1) DM-crypt is unreliable because if you are using an SSD and you enable trim, it exposes information about the file system:?

More likely you don't understand what you read. Are you planning on using hidden volume ?.

ondoho · 10-31-2020, 06:33 AM

FWIW, I use LVM on LUKS.
But I'm not getting into any "best of" discussion. It works.

pan64 · 10-31-2020, 11:19 AM

you ought to look for answers first: https://askubuntu.com/questions/8132...hat-to-use-now

LegionOfHell · 10-31-2020, 03:33 PM

I guess the quote block in my first post is wrong....I just fixed it.

sgosnell · 10-31-2020, 06:41 PM

One final time - what is your goal? What do you want to encrypt, for what use? A file? A directory? A partition? An entire drive? If a drive, what kind of drive? Without knowing your actual need, it's not possible to make an informed recommendation.

rknichols · 11-01-2020, 09:48 AM

FYI, LUKS is just a front end for DM-crypt.

Using trim is going to reveal information about the filesystem regardless of what sort of encryption you use, but the only thing revealed is the areas of free space. That trimmed free space will read back from the raw device as all-zero, whereas all used space will read back as apparently random data. That pattern can indicate something about the filesystem type and usage. If you can figure out a way to use trim and avoid that, you should write a paper about your technique.

LegionOfHell · 11-01-2020, 05:01 PM

Quote:

Originally Posted by rknichols

FYI, LUKS is just a front end for DM-crypt.

Using trim is going to reveal information about the filesystem regardless of what sort of encryption you use, but the only thing revealed is the areas of free space. That trimmed free space will read back from the raw device as all-zero, whereas all used space will read back as apparently random data. That pattern can indicate something about the filesystem type and usage. If you can figure out a way to use trim and avoid that, you should write a paper about your technique.

Does ecryptfs suffer from the same problem dm-crypt has ? trimming exposes the filesystem too with ecryptfs...

rknichols · 11-02-2020, 08:38 AM

Quote:

Originally Posted by LegionOfHell

Does ecryptfs suffer from the same problem dm-crypt has ? trimming exposes the filesystem too with ecryptfs...

As I understand it, ecryptfs encrypts individual files within an existing filesystem. The entire filesystem structure remains exposed whether or not trim is used.