# crypted file system: what's the best solution?

## micron

I would like to have a crypted filesystem on my usb-key, where I can store some private files.

Some time ago I used bestcrypt, and I think it's a very good program.

I like very much the possibility to create an hidden container into another one, and it works also under windows!

But now I would like to use a really open source solution...

I've read something about a direct support into the kernel, is this a good (secure and practical) solution  :Question: 

I don't need to see the crypted files also under windows, the only thing I need is to transport this files.

What solutions do you suggest?

----------

## smart

i'm using the kernels cryptoloop and coders

----------

## micron

 *smart wrote:*   

> i'm using the kernels cryptoloop and coders

 

what do you think about it, it's reliable? it's secure? : :Shocked: :

it's the best solution I can try?

----------

## dice

I've been using cryptoloop on my file server's RAID array for a couple months now and everything's running just fine.  I'm far more inclined to trust Open Source crypto than I am to trust a closed source solution, at least the OS one can theoreticaly be disected and analyzed for weak points by any number of people who are interested in evaluating it's security.

----------

## micron

 *dice wrote:*   

> 'm far more inclined to trust Open Source crypto than I am to trust a closed source solution, at least the OS one can theoreticaly be disected and analyzed for weak points by any number of people who are interested in evaluating it's security.

 

I agree with you.

I thik I'll look cryptoloop  :Wink: 

----------

## MacMasta

Another possibility is to format the gadget with fat32 and then use gpg to encrypt all the files...

~Mac~

----------

## micron

 *MacMasta wrote:*   

> Another possibility is to format the gadget with fat32 and then use gpg to encrypt all the files...

 

In my situation I would use the crypted space to hide some important file like: gpg and ssh keys... so your solution isn't good for me...  :Crying or Very sad: 

I need a crypted space protected by a simple password...

----------

## cataenry

Hi, could u post how we can do that?

I've patched the kernel 2.4 with crypto loop device support and compiled it...

And now...?

Sorry to boring u....  :Rolling Eyes: 

Thanks   :Wink: 

----------

## micron

 *cataenry wrote:*   

> Hi, could u post how we can do that?
> 
> I've patched the kernel 2.4 with crypto loop device support and compiled it...
> 
> And now...?
> ...

 

I haven't yet tried this solution, I was just asking some personal idea abou it  :Wink: 

----------

## lord

 *micron wrote:*   

> In my situation I would use the crypted space to hide some important file like: gpg and ssh keys... so your solution isn't good for me...  I need a crypted space protected by a simple password...

 

This solution will only give you a notion of security and not actual security... Even if your gpg and ssh keys are a million bit, but only protected by a simple password, say 4 digits... they're worthless and easily exposed if you know what I mean.

Encryption & encrypted space, regardless of algorithm, is only as strong as the password protecting it...

----------

## ifconfig

You have nice docs here @kerneli.org. Just forget the kernel patch stuff since it's already included.

Here you have the serpent cipher homepage  :Very Happy:  which IMHO I think it's the best solution...

Ah, look at tldp.org there is a howto called Loopback Encrypted Filesystem. But I guess the first would be enough.

Good luck   :Cool: 

----------

## Carlo

 *ifconfig wrote:*   

> Here you have the serpent cipher homepage  which IMHO I think it's the best solution...

 

Really!?

Carlo

----------

## cataenry

Thanks really much  :Wink: 

----------

## cataenry

Just a question.. the how to says that passwd is used also to generate the key...

I guess that the key is included on the cd... isn't it? i mean, not in cd's data, but in cd's structure...

Isn't it? Is it's so, is there a way to don't put the key there and have it in an external file?

The target is to have a cdypted cd and  a key (not on cd)....

----------

## micron

 *ifconfig wrote:*   

> You have nice docs here @kerneli.org. Just forget the kernel patch stuff since it's already included.
> 
> Here you have the serpent cipher homepage  which IMHO I think it's the best solution...
> 
> Ah, look at tldp.org there is a howto called Loopback Encrypted Filesystem. But I guess the first would be enough.
> ...

 

Thanks a lot, I'll study yuor solution  :Wink: 

----------

