Solved

Suse 10.1 Native Crypto File system versus TrueCrypt

Posted on 2006-11-05
4
1,017 Views
Last Modified: 2011-10-03
I have a very specific task that I need to accomplish.  I want to encrypt a partition on a Suse 10.1 machine.  The encrypted partition will house MYSQL databases.  

It is important that the data is always encrypted when the machine is turned off or restarted.  It is also important that the encrypted partition is mounted at boot-time (i.e.- prompts user for passphrase) and BEFORE THE MYSQLD service starts.  I do not want the mysqld service to encounter errors at boot-time, because the partition is not ready or unavailable.  

I have been given two recommendations:
(1) http://en.opensuse.org/SDB:Using_the_Crypto_File_System
(2) TrueCrypt (www.truecrypt.org)

My Question:  Is one of the solutions above better than the other for my specific problem?  If you have experience with either solution, do you have any warnings / caveats / advice?  
0
Comment
Question by:cs76737
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 17878895
Crypto FS and treucrypt can do this... back to square one ;p
http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Automatic_mounting_during_bootup
http://slax.linux-live.org/forum/viewtopic.php?p=68799&sid=41cf7fcf67188ffae4ddf95e877dab51
I've not done either, but I do use TrueCrypt on M$ and Linux, it is very easy and secure.
-rich

0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 17879058
I would point to a benchmark: check perfomance of each version of encryption.

http://linuxhelp.blogspot.com/2006/08/disk-encryption-tools-for-linux-and.html

http://www.wlug.org.nz/HarddiskBenchmarks

Tolomir
0
 

Author Comment

by:cs76737
ID: 17886481
I have decided to give TrueCrypt a try.  Problem is that it only has a man-page.  I am not an advanced user.  If anybody has easier instructions for creating and automatically mounting a truecrypt partition (not file container), I would greatly appreciate it.  
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17887174
Well just scroll down to the examples part:

See http://www.truecrypt.org/docs/linux-manpage.php as reference:



Create  a  new  volume hosted at the second primary partition of the first ATA disk:

truecrypt -c /dev/hda2


--


Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount  its  filesystem at /mnt/tc. Default user-id is set, which is useful when mounting a filesystem like FAT under a  non-admin user account:
 
truecrypt -u /dev/hda2 /mnt/tc

--

Regaring the boot mechanism I have found this here:

http://ubuntuforums.org/showthread.php?p=1103275

You might want to keep the passphase on an USB stick, this way you can make sure to grant access to it just at boot time...


Tolomir
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question