I all ways wanted to go crypto for my data storage but until now I never owned any big storage device. Now I have an external 250 gig USB disk which I want to secure.
The thing with crypted disk all ways comes down to where can I read the disk? Only on my computer, only with one specific OS, etc. For me it's basically Linux and from time to time Windows. The two solutions I found where BestCrypt which is commercial (at least for Windows) and dm_crypt/FreeOTFE which is free and has much more features.
I ended up using dm_crypt/FreeOTFE.
dm_crypt is the Linux part of the crypto solution and is in part of Linux Kernel since 2.6.4. With cryptsetup its super simple to setup. You can setup a partition or a file based crypto device. The device then can be formated with whatever filesystem you want. Of course you need one which is readable by Windows (e.g. vfat/fat32).
FreeOTFE is the Windows counterpart of dm_crypt and can mount whatever you created with dm_crypt. I guess multi-disk volumes don't work but I haven't tryed it. When mounting a filesystem use mount Linux... otherwise it doesn't work :)
For the external USB disk I have two partitions, one small partition which is not encrypted - this holds the Windows drivers (FreeOTFE), the second partition is the crypto filesystem. With this you can also take your disk to a friend without downloading drivers and stuff from the net. All in all a nice solution.
frank wrote
Hi Collin, ich finde dm-crypt von der OS-Integration auch ziemlich gut. Es ist vorallendingen auch schick, dass man von Windows an seine Daten kommt. Was mich an der Sache aber stört ist, dass die Cryptographie wohl nicht ganz so sicher ist (vgl. dm-crypt Website/FAQ sowie diverse Bugtraq-Postings). Ich kann bei diesen Sachen aber nicht so ganz einschätzen, ob es ernste Angriffe sind oder ob es sich um theoretische Schwächen handelt. Naja, ich denke ich werde mich fürs erste mal an Loop-AES halten (auch wenn ich lieber dm-crypt einsetzen würde).
Collin wrote
naja man muss halt immer ein paar Sachen beachten wenn man crypto Filesysteme benutzt, z.B. sollte man das vollmuellen des CryptoImages vor dem anlegen des Filesystems nicht vergessen. Naja die Divise ist sowieso lieber schlecht verschluesselt als garnicht :)
your comment...