Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1031
  • Last Modified:

Suse 10.1 Native Crypto File system versus TrueCrypt

I have a very specific task that I need to accomplish.  I want to encrypt a partition on a Suse 10.1 machine.  The encrypted partition will house MYSQL databases.  

It is important that the data is always encrypted when the machine is turned off or restarted.  It is also important that the encrypted partition is mounted at boot-time (i.e.- prompts user for passphrase) and BEFORE THE MYSQLD service starts.  I do not want the mysqld service to encounter errors at boot-time, because the partition is not ready or unavailable.  

I have been given two recommendations:
(1) http://en.opensuse.org/SDB:Using_the_Crypto_File_System
(2) TrueCrypt (www.truecrypt.org)

My Question:  Is one of the solutions above better than the other for my specific problem?  If you have experience with either solution, do you have any warnings / caveats / advice?  
0
cs76737
Asked:
cs76737
  • 2
2 Solutions
 
Rich RumbleSecurity SamuraiCommented:
Crypto FS and treucrypt can do this... back to square one ;p
http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Automatic_mounting_during_bootup
http://slax.linux-live.org/forum/viewtopic.php?p=68799&sid=41cf7fcf67188ffae4ddf95e877dab51
I've not done either, but I do use TrueCrypt on M$ and Linux, it is very easy and secure.
-rich

0
 
TolomirAdministratorCommented:
I would point to a benchmark: check perfomance of each version of encryption.

http://linuxhelp.blogspot.com/2006/08/disk-encryption-tools-for-linux-and.html

http://www.wlug.org.nz/HarddiskBenchmarks

Tolomir
0
 
cs76737Author Commented:
I have decided to give TrueCrypt a try.  Problem is that it only has a man-page.  I am not an advanced user.  If anybody has easier instructions for creating and automatically mounting a truecrypt partition (not file container), I would greatly appreciate it.  
0
 
TolomirAdministratorCommented:
Well just scroll down to the examples part:

See http://www.truecrypt.org/docs/linux-manpage.php as reference:



Create  a  new  volume hosted at the second primary partition of the first ATA disk:

truecrypt -c /dev/hda2


--


Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount  its  filesystem at /mnt/tc. Default user-id is set, which is useful when mounting a filesystem like FAT under a  non-admin user account:
 
truecrypt -u /dev/hda2 /mnt/tc

--

Regaring the boot mechanism I have found this here:

http://ubuntuforums.org/showthread.php?p=1103275

You might want to keep the passphase on an USB stick, this way you can make sure to grant access to it just at boot time...


Tolomir
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now