Solved

Suse 10.1 Native Crypto File system versus TrueCrypt

Posted on 2006-11-05
4
1,019 Views
Last Modified: 2011-10-03
I have a very specific task that I need to accomplish.  I want to encrypt a partition on a Suse 10.1 machine.  The encrypted partition will house MYSQL databases.  

It is important that the data is always encrypted when the machine is turned off or restarted.  It is also important that the encrypted partition is mounted at boot-time (i.e.- prompts user for passphrase) and BEFORE THE MYSQLD service starts.  I do not want the mysqld service to encounter errors at boot-time, because the partition is not ready or unavailable.  

I have been given two recommendations:
(1) http://en.opensuse.org/SDB:Using_the_Crypto_File_System
(2) TrueCrypt (www.truecrypt.org)

My Question:  Is one of the solutions above better than the other for my specific problem?  If you have experience with either solution, do you have any warnings / caveats / advice?  
0
Comment
Question by:cs76737
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 17878895
Crypto FS and treucrypt can do this... back to square one ;p
http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Automatic_mounting_during_bootup
http://slax.linux-live.org/forum/viewtopic.php?p=68799&sid=41cf7fcf67188ffae4ddf95e877dab51
I've not done either, but I do use TrueCrypt on M$ and Linux, it is very easy and secure.
-rich

0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 17879058
I would point to a benchmark: check perfomance of each version of encryption.

http://linuxhelp.blogspot.com/2006/08/disk-encryption-tools-for-linux-and.html

http://www.wlug.org.nz/HarddiskBenchmarks

Tolomir
0
 

Author Comment

by:cs76737
ID: 17886481
I have decided to give TrueCrypt a try.  Problem is that it only has a man-page.  I am not an advanced user.  If anybody has easier instructions for creating and automatically mounting a truecrypt partition (not file container), I would greatly appreciate it.  
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17887174
Well just scroll down to the examples part:

See http://www.truecrypt.org/docs/linux-manpage.php as reference:



Create  a  new  volume hosted at the second primary partition of the first ATA disk:

truecrypt -c /dev/hda2


--


Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount  its  filesystem at /mnt/tc. Default user-id is set, which is useful when mounting a filesystem like FAT under a  non-admin user account:
 
truecrypt -u /dev/hda2 /mnt/tc

--

Regaring the boot mechanism I have found this here:

http://ubuntuforums.org/showthread.php?p=1103275

You might want to keep the passphase on an USB stick, this way you can make sure to grant access to it just at boot time...


Tolomir
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question