[wellylug] Paranoid....

Jethro Carr dodocaptain at paradise.net.nz
Mon Jan 19 10:34:33 NZDT 2004 

On Mon, 2004-01-19 at 07:25, Valient Gough wrote:
> On Sun, 2004-01-18 at 23:09, Vincent Cox wrote:
> 
> > Also this link for another way of doing it, just came across this site 
> > the other day.
> > http://arg0.net/users/vgough/encfs.html
> > 
> > 
> > I have thought about trying it out but have never got around to it, what 
> > I am concerned about is
> > 
> > 1. File system speed, how much of an impact is this going to have on the 
> > system.
> > 2. What about recoverability.  Suppose you have to re-install/change 
> > distro for what ever reason, will the encrypted
> > files be recoverable.
> 
> Interesting coincidence..  That happens to be my web site, so I can
> give some opinions on options (although they may well be biased). 
> I'll mention speed later, but for recoverability, everything necessary
> to recover the data is stored in the base filesystem.  However if you
> forget the password, then forget it, because there is no password
> recovery included.
> 
> Like Donald mentioned earlier in the thread, encrypted partitions
> don't really guarantee security of the data.  If your system has an
> encrypted partition at the time it is compromised, then there is a
> good chance your encrypted files will be compromised as well.
> 
> The reason I wrote EncFS was to protect files in the case my laptop
> was stolen.  The difference being that it is meant to protect against
> the case of the computer being compromised when the partition is *not*
> mounted. 
> 
> EncFS is an instance of a pass-through filesystem, which means that it
> does not deal with storage issues itself but instead encrypts
> everything and passes it down to another filesystem layer.  This has
> some advantages and some disadvantages, which I try to summarize on
> the web page.  I consider the advantages to greatly outweigh the
> disadvantages (my bias here), which is why it is designed the way it
> is.  
> 
> Many years ago when I traveled for business with a laptop full of
> proprietary source code, I used CFS (Matt Blaze's original encrypted
> filesystem) or TCFS (a much more feature-full and complex filesystem
> from Italy) to store encrypted data.  Both solutions used variations
> on NFS, and were somewhat slow (especially on a 90Mhz laptop).  EncFS
> is nearly invisible on my machine, in that it is nearly undetectable
> in benchmarks like bonnie++ because it can encipher and decipher data
> faster then the disk can read and write it.  But a lot of that is due
> to increases in computer speeds -- my laptop now has a 1.6Ghz
> Pentium-M processor..
> 
> I'm happy to answer any questions if I can.  But I agree with Donald's
> suggestion, that you will accomplish more by thinking about what sort
> of threats you want to protect against, an go from there.

If I can prevent the data from being mounted by another user, it's what
I want.
It's mainly for my laptop, so if something happens to it, the thief will
not be able to access my data.

How encrypted is the password that you input?

I'll try it out, and see how I get on...
I think I'll just create a protected folder for now, and then see if it
is recoverable of another system.


thanks for the help,


-- 
-- Jethro

dodocaptain at paradise.net.nz

http://homepages.paradise.net.nz/jethroc
http://homepages.paradise.net.nz/jethroc/CV/index.html

More information about the wellylug mailing list