www.abeowitz.com/crypto -> www.abeowitz.com/crypto/
Last Update: 2/20/2003 What is an Encrypted File System? It is mathematically difficult to decrypt the data in this form, and therefore useless to most people without a password and knowledge of the encryption algorithm. This allows the media storage structure and file names to be seen, while hiding the contents within each file. Each file may be encrypted with a different password and/or algorithm. Given sufficient computing power, I believe all algorithms are crackable. The difference is in the amount of computing power and time the cracker has available to him. In most cases, your data is safe from the average computer geek. In other words, file system encryption is only effective when your data is not mounted.
Losetup /sbin/losetup /dev/loop0 test -e blowfish Available keysizes (bits): 128 160 192 256 Keysize: 256 Password: OK, now you have your virtual device. All your data will go through the loop0 device, get encrypted and stored within the file. Formatting Next we need to place a filesystem on that loop device. Note 2: Use '-b 2048' if you plan to make a CDROM image. Follow the directions for the test above EXCEPT when you make the file system, use a '-b 2048'. Note: Do NOT use EXT3, you don't need a journal for read only file systems, it will only take up space. For example: mke2fs /dev/loop0 -b 2048 The block size of 2048 is necessary since the CDROM block size is 2048. Otherwise, you will see a file directory, but the file data will be offset and thus corrupted. Burn the CD Nothing special here: cdrecord dev=0,0,0 speed=12 -v test Using the CD 1. Note: It is best to experiment with a CDRW and a SMALL file first. Encrypt a Block Device or Partition You can encrypt almost any block storage device, including Zip drives, floppy disks and whole hard drives or individual partitons. Note: dd from urandom to the device before you connect it to a loop device. Modifying your /etc/fstab One of my encrypted file system lines looks like this: /dev/hdd /mnt/ezip ext3 encryption=blowfish,user,noauto,rw,loop 0 0 Note that I can add this line for non encrypted zip disks: /dev/hdd /mnt/zip ext3 user,noauto,rw,loop 0 0 When I type 'mount /mnt/zip', I mount the non-encrypted zip disk. Note that with the encrypted devices in your fstab file, you no longer need to use losetup! If EXT2FS formats based on the geometry of the disk, couldn't this information be used to brute force attack the encryption based on the file size and location of the inodes?
|