Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Suse 10.1 Native Crypto File system versus TrueCrypt

Posted on 2006-11-05
4
Medium Priority
?
1,025 Views
Last Modified: 2011-10-03
I have a very specific task that I need to accomplish.  I want to encrypt a partition on a Suse 10.1 machine.  The encrypted partition will house MYSQL databases.  

It is important that the data is always encrypted when the machine is turned off or restarted.  It is also important that the encrypted partition is mounted at boot-time (i.e.- prompts user for passphrase) and BEFORE THE MYSQLD service starts.  I do not want the mysqld service to encounter errors at boot-time, because the partition is not ready or unavailable.  

I have been given two recommendations:
(1) http://en.opensuse.org/SDB:Using_the_Crypto_File_System
(2) TrueCrypt (www.truecrypt.org)

My Question:  Is one of the solutions above better than the other for my specific problem?  If you have experience with either solution, do you have any warnings / caveats / advice?  
0
Comment
Question by:cs76737
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 17878895
Crypto FS and treucrypt can do this... back to square one ;p
http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Automatic_mounting_during_bootup
http://slax.linux-live.org/forum/viewtopic.php?p=68799&sid=41cf7fcf67188ffae4ddf95e877dab51
I've not done either, but I do use TrueCrypt on M$ and Linux, it is very easy and secure.
-rich

0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 500 total points
ID: 17879058
I would point to a benchmark: check perfomance of each version of encryption.

http://linuxhelp.blogspot.com/2006/08/disk-encryption-tools-for-linux-and.html

http://www.wlug.org.nz/HarddiskBenchmarks

Tolomir
0
 

Author Comment

by:cs76737
ID: 17886481
I have decided to give TrueCrypt a try.  Problem is that it only has a man-page.  I am not an advanced user.  If anybody has easier instructions for creating and automatically mounting a truecrypt partition (not file container), I would greatly appreciate it.  
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17887174
Well just scroll down to the examples part:

See http://www.truecrypt.org/docs/linux-manpage.php as reference:



Create  a  new  volume hosted at the second primary partition of the first ATA disk:

truecrypt -c /dev/hda2


--


Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount  its  filesystem at /mnt/tc. Default user-id is set, which is useful when mounting a filesystem like FAT under a  non-admin user account:
 
truecrypt -u /dev/hda2 /mnt/tc

--

Regaring the boot mechanism I have found this here:

http://ubuntuforums.org/showthread.php?p=1103275

You might want to keep the passphase on an USB stick, this way you can make sure to grant access to it just at boot time...


Tolomir
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question