[arch-general] Encrypted ram disk?
Thomas Bächler
thomas at archlinux.org
Fri Oct 30 08:12:30 EDT 2009
Santhosh Joseph schrieb:
> On Fri, Oct 30, 2009 at 4:21 PM, Thomas Bächler <thomas at archlinux.org> wrote:
>> Santhosh Joseph schrieb:
>>> For disk encryption, why not use truecrypt ?
>> Why use truecrypt?
>>
>>
> http://www.truecrypt.org/
You didn't answer my question. We discussed dm-crypt and you suggested
to use truecrypt - without relating in any way to the problem being
discussed or providing a solution that truecrypt may or may not have for
it. Why is that? Can you even boot from a truecrypt-encrypted volume on
Linux? If so, is that implemented on Arch Linux? How secure is
truecrypt's key setup and how does it work?
The only advantage of truecrypt against LUKS is the plausible
denialbility feature that LUKS doesn't have, and the "hidden volumes",
which IIRC only work with FAT32 file systems on truecrypt and are thus
useless.
Also, truecrypt has had serious security problems in the past, and
instead of fixing them right away and informing the public, they just
took the website down for several months until they released a new
(on-disk incompatible) version (this is only as far as I remember it
though, and I don't have a source for it, but it must have been 3 years
ago or so).
LUKS has a mathematically/cryptographically well-founded key setup
procedure that makes brute force attacks against the passphrase
infeasible in pratice and thus provides a very high level of security.
It also allows to use any cipher and cipher operation mode available in
the Linux kernel, which includes (but is not limited to) the ones
provided by truecrypt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20091030/a3745e46/attachment-0001.bin>
More information about the arch-general
mailing list