Object encryption on linux

From Gender and Tech Resources

For cryptography concepts see Encrypting everything.


Disk encryption

Encrypting LVMs

  • All Operating Systems (linux, windows, mac) support Logical Virtual Memory (in alphabet-soup-speak named LVM).
  • On linux distro’s you can encrypt the entire disk (LVM). Why full disk encryption? Encrypted hard drives may not be safe. And when using full disk encryption (LVMs), most of the file system is encrypted but your boot partition and GRUB are not. And this is a vulnerability that can get you pwnd.
  • Recommended for linux are dm-crypt + LUKS. It comes with the kernel.

Encrypting swap

The swap-partition is not located within ram but on your hard drive – writing into this partition will leave traces of activities on the hard drive itself. If your computer happens to use swap during your use of encryption tools it can happen that the passwords to the keys are written to swap and can then be extracted. You can encrypt the swap space to prevent unauthorised people from reading your virtual memory. Ecryptfs is an excellent tool for that.

For wiping swap, see Permanently delete files (including data in RAM or swap)

File encryption

There are 3 ways to hide files: You can physically hide files (put yer files on a CD or USB stick, then hide the stick), you can encrypt files (encrypted data cannot be read directly, it must be unlocked with a key first) and you can use misdirection (hiding the file within another file, container or vault where people do not think to look). And of course you can combine these techniques. How about an encrypted USB stick with an encrypted vault on it that is kept in a secret safe place where nobody would look for it?

Note: The fact that an encryption program "works" does not mean that it is secure. Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. ~ Bruce Schneier.