Re: [arch-general] Encrypted ram disk?

30 Oct 2009

      Santhosh Joseph schrieb:
...
On Fri, Oct 30, 2009 at 4:21 PM, Thomas Bächler  wrote:
...
Santhosh Joseph schrieb:
...
For disk encryption, why not use  truecrypt  ?
Why use truecrypt?
http://www.truecrypt.org/
You didn't answer my question. We discussed dm-crypt and you suggested 
to use truecrypt - without relating in any way to the problem being 
discussed or providing a solution that truecrypt may or may not have for 
it. Why is that? Can you even boot from a truecrypt-encrypted volume on 
Linux? If so, is that implemented on Arch Linux? How secure is 
truecrypt's key setup and how does it work?

The only advantage of truecrypt against LUKS is the plausible 
denialbility feature that LUKS doesn't have, and the "hidden volumes", 
which IIRC only work with FAT32 file systems on truecrypt and are thus 
useless.

Also, truecrypt has had serious security problems in the past, and 
instead of fixing them right away and informing the public, they just 
took the website down for several months until they released a new 
(on-disk incompatible) version (this is only as far as I remember it 
though, and I don't have a source for it, but it must have been 3 years 
ago or so).

LUKS has a mathematically/cryptographically well-founded key setup 
procedure that makes brute force attacks against the passphrase 
infeasible in pratice and thus provides a very high level of security. 
It also allows to use any cipher and cipher operation mode available in 
the Linux kernel, which includes (but is not limited to) the ones 
provided by truecrypt.