encrypted devices and /etc/crypttab?

Dan Egli ddavidegli at gmail.com
Tue Nov 3 01:30:37 MST 2015


On October 31, 2015, Brandon Gillespie wrote:

> If you install linux and encrypt the hard drive, it uses luks.



That's interesting. Of course, that's usually done via the installer engine
I'm sure. How would that work with Gentoo where YOU are the install engine?
I don't recall seeing any kind of encryption or dm-setup or anything on the
Gentoo minimal CD (which is used for installs frequently). Of course that
was nearly ten years ago that I took a good look so things may have changed
since then.



> luks is specific to Linux, where trucrypt is not.



True, trucrypt is meant to be run on a variety of operating systems. Still,
I know the code for Trucrypt has been vetted by professional cryptographers
and found to be free of any security holes that would allow anyone
unauthorized access to your files. I imagine luks is the same, and I'm not
trying to demean it. Merely stating that just because trucrypt isn't
designed specifically for linux, doesn't make it bad. I'll just have to
take a closer at luks and dm-setup. Thanks for the tips there.


--- Dan

On Sat, Oct 31, 2015 at 1:51 AM, Brandon Gillespie <
brandon.gillespie at kuali.co> wrote:

> crypttab appears to use dm-setup and the various luks internals. Google
> luks for more info.  Personally I'd expect it to equal or be better than
> trucrypt; it uses conventional code and is built-into the kernel (and has
> been for some time).  I use luks to store all my sensitive files, using a
> loopback device and a local file (rather than a block device).  I haven't
> tested the performance of it, however, for a DBMS or other system.
>
> If you install linux and encrypt the hard drive, it uses luks.
>
> luks is specific to Linux, where truecrypt is not.
>
> *Brandon Gillespie*
> SaaS Operations Director, Kuali
> brandon.gillespie at kuali.co
> 801.682.3444
>
>
> On 10/30/15 3:59 AM, Dan Egli wrote:
>
>> While reading about systemd, I saw notice that it has an option to read
>> information about encrypted devices from /etc/crypttab. That's a new one
>> on
>> me. I've not heard of that file before. What programs/services use
>> crypttab, and where could I find more information about them? How do they
>> compare in security strength to something like trucrypt? Is there a way to
>> auto-mount a partition that way, since I don't see any way to auto-mount a
>> partition encrypted via trucrypt (yes, I know of keyfiles vs. passwords,
>> but from what I can tell you still need to manually run trucrypt to mount
>> the encrypted container/device. You just don't need to specify a password
>> to do so)?
>>
>>
>>
>> Any information is appreciated!
>> --- Dan
>>
>> /*
>> PLUG: http://plug.org, #utah on irc.freenode.net
>> Unsubscribe: http://plug.org/mailman/options/plug
>> Don't fear the penguin.
>> */
>>
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list