I got a good security one more ya.
Harijs Buss
harijs at info-shelter.net
Sun Apr 2 11:00:59 UTC 2006
Sorry, I don't know yet about Ubuntu. I just start to try Ubuntu and sofar
have big problems with my video cards (2 x GeForce 6600 GT, SLI) which by the
way work OK in another distribution... Flight 6 can not even start X.
Later I am definitely going to find out about encrypted filesystems and
compatibility between Ubuntu and Mandriva in this aspect. Theoretically this
shouldn't be problem because encryption should be essentially the same. In
Mandriva 2006, making encrypted filesystem is just one more checkmark in
advanced parameters when creating file system, that's so simple :)
Harijs
On Sunday 02 April 2006 13:05, Gromitigo rakstija:
> Is there any option to install Ubuntu with an excrypted file system?
> While I'm installing, is it as simple as setting up the filesystem as EFS?
>
> On 3/31/06, Harijs Buss <harijs at info-shelter.net> wrote:
> > On Friday 31 March 2006 18:49, Kent Borg rakstija:
> > > If you do have a good key and encryption, if you lose your key,
> > > you are completely hosed. There is no key recovery if you have
> > > a secure system.
> >
> > Yep. That's the point :-)
> >
> > > Disclaimer 1: I have not experimented with corrupting encrypted data
> > > and seeing what happens and how lethal it is. It might not be as bad
> > > as I suggest, or it might be worse.
> >
> > Some time ago I started to use external USB enclosures with IDE disks as
> > backup devices. (Yeah, I know, but this is better than nothing anyway :-)
> > Enclosures are "rotated" according to usual backup scheme. Only one of
> > these devices are at the same time near backup source, the rest of them
> > are kept off-site. Files on enclosure disks are synced with original ones
> > using group of rsync commands. File system is XFS encrypted by AES method
> > with 1024 bit key. (This was done in another distro but probably there
> > are no big differences).
> >
> > Naturally I wanted to know what will happen if, for example, suddenly USB
> > cable will be pulled out in the middle of big writing. So I did try that
> > :-) because in the worst case I simply would have to re-format the drive
> > and re-write the info which is available. Sure my 3 attempts can not
> > count as "scientific experiment" but they give some impression anyway.
> > All three times after re-boot (to get rid of any buffered info) and
> > re-connecting enclosure I was able to mount it as read-only and get off
> > all files except one which was in writing process when USB cable was
> > plugged out. One of my colleagues who made similar experiment, in one
> > case could not mount the disk and therefore could not get anything out
> > because of encryption. In all cases specific XFS utility programs could
> > not do anything to repair file system, so I had to re-format partition
> > and write all info that should be there.
> >
> > Encrypted file systems can be used quite easily but people should really
> > understand that exactly because of good encryption it would be impossible
> > to de-crypt info when key is lost. Any tech glitch can also lead to
> > inaccessibility of info.
> >
> > But hey, we all make regular backups, don't we? :-)
> >
> > Harijs
More information about the ubuntu-users
mailing list