Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am looking for an encryption mechanism that isn't flawed...
(1) DM-crypt is unreliable because if you are using an SSD and you enable trim, it exposes information about the file system:? here is what the manpage says:
Quote:
WARNING: This command can have a negative security impact
because it can make filesystem-level operations visible on the
physical device. For example, information leaking filesystem
type, used space, etc. may be extractable from the physical
device if the discarded blocks can be located later. If in
doubt, do not use it.
(2) Encfs is an abandoned project and has a flaw ?
(3) Cryfs is slow ?
I am taking a look at ecryptfs....Is this a reliable method ?
Last edited by LegionOfHell; 10-31-2020 at 03:34 PM.
The state of the art seems to be LUKS. Is this going to be a new install, or do you want to encrypt something already running? If you encrypt a drive or partition, all data on it will be lost, no matter what system you use. Encryptfs is reliable, AFAIK. Another option is Veracrypt, which is useful if you just want to encrypt a drive, or have data that needs to be encrypted. You can use an encrypted file which veracrypt uses as an encrypted filesystem, which it can mount for you. I really can't say what would work for you, because you haven't said what your goal is. What do you want to encrypt? How do you want to use it?
One final time - what is your goal? What do you want to encrypt, for what use? A file? A directory? A partition? An entire drive? If a drive, what kind of drive? Without knowing your actual need, it's not possible to make an informed recommendation.
Using trim is going to reveal information about the filesystem regardless of what sort of encryption you use, but the only thing revealed is the areas of free space. That trimmed free space will read back from the raw device as all-zero, whereas all used space will read back as apparently random data. That pattern can indicate something about the filesystem type and usage. If you can figure out a way to use trim and avoid that, you should write a paper about your technique.
Using trim is going to reveal information about the filesystem regardless of what sort of encryption you use, but the only thing revealed is the areas of free space. That trimmed free space will read back from the raw device as all-zero, whereas all used space will read back as apparently random data. That pattern can indicate something about the filesystem type and usage. If you can figure out a way to use trim and avoid that, you should write a paper about your technique.
Does ecryptfs suffer from the same problem dm-crypt has ? trimming exposes the filesystem too with ecryptfs...
Does ecryptfs suffer from the same problem dm-crypt has ? trimming exposes the filesystem too with ecryptfs...
As I understand it, ecryptfs encrypts individual files within an existing filesystem. The entire filesystem structure remains exposed whether or not trim is used.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.