[wellylug] Paranoid....

Valient Gough vgough at pobox.com
Sun Jan 18 18:25:41 NZDT 2004


On Sun, 2004-01-18 at 23:09, Vincent Cox wrote:


> 
> Also this link for another way of doing it, just came across this site 
> the other day.
> 
> http://arg0.net/users/vgough/encfs.html
> 
> 
> I have thought about trying it out but have never got around to it, what 
> I am concerned about is
> 
> 1. File system speed, how much of an impact is this going to have on the 
> system.
> 2. What about recoverability.  Suppose you have to re-install/change 
> distro for what ever reason, will the encrypted
> files be recoverable.
> 


Interesting coincidence..  That happens to be my web site, so I can give
some opinions on options (although they may well be biased).  I'll
mention speed later, but for recoverability, everything necessary to
recover the data is stored in the base filesystem.  However if you
forget the password, then forget it, because there is no password
recovery included.

Like Donald mentioned earlier in the thread, encrypted partitions don't
really guarantee security of the data.  If your system has an encrypted
partition at the time it is compromised, then there is a good chance
your encrypted files will be compromised as well.

The reason I wrote EncFS was to protect files in the case my laptop was
stolen.  The difference being that it is meant to protect against the
case of the computer being compromised when the partition is *not*
mounted. 

EncFS is an instance of a pass-through filesystem, which means that it
does not deal with storage issues itself but instead encrypts everything
and passes it down to another filesystem layer.  This has some
advantages and some disadvantages, which I try to summarize on the web
page.  I consider the advantages to greatly outweigh the disadvantages
(my bias here), which is why it is designed the way it is.  

Many years ago when I traveled for business with a laptop full of
proprietary source code, I used CFS (Matt Blaze's original encrypted
filesystem) or TCFS (a much more feature-full and complex filesystem
from Italy) to store encrypted data.  Both solutions used variations on
NFS, and were somewhat slow (especially on a 90Mhz laptop).  EncFS is
nearly invisible on my machine, in that it is nearly undetectable in
benchmarks like bonnie++ because it can encipher and decipher data
faster then the disk can read and write it.  But a lot of that is due to
increases in computer speeds -- my laptop now has a 1.6Ghz Pentium-M
processor..

I'm happy to answer any questions if I can.  But I agree with Donald's
suggestion, that you will accomplish more by thinking about what sort of
threats you want to protect against, an go from there.

regards,
Valient





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20040118/8ccc22e6/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20040118/8ccc22e6/attachment.pgp 


More information about the wellylug mailing list