Solved

Suse 10.1 Native Crypto File system versus TrueCrypt

Posted on 2006-11-05
4
1,015 Views
Last Modified: 2011-10-03
I have a very specific task that I need to accomplish.  I want to encrypt a partition on a Suse 10.1 machine.  The encrypted partition will house MYSQL databases.  

It is important that the data is always encrypted when the machine is turned off or restarted.  It is also important that the encrypted partition is mounted at boot-time (i.e.- prompts user for passphrase) and BEFORE THE MYSQLD service starts.  I do not want the mysqld service to encounter errors at boot-time, because the partition is not ready or unavailable.  

I have been given two recommendations:
(1) http://en.opensuse.org/SDB:Using_the_Crypto_File_System
(2) TrueCrypt (www.truecrypt.org)

My Question:  Is one of the solutions above better than the other for my specific problem?  If you have experience with either solution, do you have any warnings / caveats / advice?  
0
Comment
Question by:cs76737
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 17878895
Crypto FS and treucrypt can do this... back to square one ;p
http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Automatic_mounting_during_bootup
http://slax.linux-live.org/forum/viewtopic.php?p=68799&sid=41cf7fcf67188ffae4ddf95e877dab51
I've not done either, but I do use TrueCrypt on M$ and Linux, it is very easy and secure.
-rich

0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 17879058
I would point to a benchmark: check perfomance of each version of encryption.

http://linuxhelp.blogspot.com/2006/08/disk-encryption-tools-for-linux-and.html

http://www.wlug.org.nz/HarddiskBenchmarks

Tolomir
0
 

Author Comment

by:cs76737
ID: 17886481
I have decided to give TrueCrypt a try.  Problem is that it only has a man-page.  I am not an advanced user.  If anybody has easier instructions for creating and automatically mounting a truecrypt partition (not file container), I would greatly appreciate it.  
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17887174
Well just scroll down to the examples part:

See http://www.truecrypt.org/docs/linux-manpage.php as reference:



Create  a  new  volume hosted at the second primary partition of the first ATA disk:

truecrypt -c /dev/hda2


--


Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount  its  filesystem at /mnt/tc. Default user-id is set, which is useful when mounting a filesystem like FAT under a  non-admin user account:
 
truecrypt -u /dev/hda2 /mnt/tc

--

Regaring the boot mechanism I have found this here:

http://ubuntuforums.org/showthread.php?p=1103275

You might want to keep the passphase on an USB stick, this way you can make sure to grant access to it just at boot time...


Tolomir
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Recommended Android live viewer for IP cam sys? 1 38
7 camera surveillance system hacked 6 51
Risks of using Camtasia Studio 9 47
php extract($_REQUEST) 5 46
Ensuring effective and secure communication in the age of healthcare BYOD.
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question