[Novalug] Opinions on whole Disk encryption (for Linux)
larkoc at iges.org
Fri Feb 1 14:26:52 EST 2008
David A.Cafaro wrote:
> Ok, I wanted to solicit any experience/opinions on whole disk encryption.
> I will be implementing some form of whole disk encryption on a new
> server being setup. I've already double the hardware (cpu/memory) to
> help deal with the extra load that will be generated.
> The idea is that on boot the system will start the encryption/decryption
> process. When shutdown, the server will stop the process. This way if
> for some reason the server is stolen (or a HD fails and must be sent off
> for repairs/replacement) there is no fear of the data being exposed.
> I've started looking at loop-AES, but was curious if anyone else has any
> experience with other solutions or this solution.
> OpenSource/Free is preferred, and something that doesn't involve messing
> with the kernel besides loading modules is required. Ideally it would
> be built in to my distribution already and just require setup/tweaking.
> The OS will be RHEL5.
This is a little different that what you had described, but I'll share
I use the TrueCrypt product to encrypt drives (thumb, USB, slave, ....).
It runs on Windows and linux and Mac. I have found it easy to use and
one may set-up various access mechanisms (ro, rw, x, -x). On a USB
stick, one may have the TrueCrypt program on the stick itself. A touch
less secure because it may be brought to any computer, not just a system
on which truecrypt is already installed, but at the same time, I can
share data (church budget stuff is what I have used it for) so than a
user can pop it into a USB port and supply the password and away they
go. I have used the GUI tool on Windows and the CLI interface on linux.
Truecrypt home page:
> David A. Cafaro <dac at cafaro.net>
> Cafaro's Ramblings: www.cafaro.net
> Novalug mailing list
> Novalug at calypso.tux.org
More information about the Novalug