From owner-freebsd-hackers@FreeBSD.ORG Thu Jun 26 07:51:39 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C74D937B415; Thu, 26 Jun 2003 07:51:39 -0700 (PDT) Received: from mother.ludd.luth.se (mother.ludd.luth.se [130.240.16.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1817C43FAF; Thu, 26 Jun 2003 07:51:38 -0700 (PDT) (envelope-from pb@ludd.luth.se) Received: from brother.ludd.luth.se (brother.ludd.luth.se [130.240.16.78]) by mother.ludd.luth.se (8.11.6+Sun/8.9.3) with ESMTP id h5QEpa820259; Thu, 26 Jun 2003 16:51:36 +0200 (MEST) From: Peter B Received: (from pb@localhost) by brother.ludd.luth.se (8.11.6+Sun/8.9.3) id h5QEpaP12720; Thu, 26 Jun 2003 16:51:36 +0200 (MEST) Message-Id: <200306261451.h5QEpaP12720@brother.ludd.luth.se> To: freebsd-fs@freebsd.org, freebsd-hackers@freebsd.org Date: Thu, 26 Jun 2003 16:51:36 +0200 (MEST) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Encrypted filesystems X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2003 14:51:40 -0000 I have searched for encrypted filesystems for un*x. Is there any better encrypted filesystems than the ones I have found for *bsd (+freebsd)..? Note that some comments are based on what others have said. I think it's important to keep in mind the different approches used, per-file vs disc-block aswell. I'm looking for something convinient to enrypt cdrom's. Which will also suit dvd-r media. It should preferable be portable and not require specific kernel hacks. To ensure feature stability & availability. The encrypted filesystems arena looks like a collection of software rather than a unified solution across platforms. Which operating systems manage to effectivly to use encrypted swap..? Openbsd seems to handle it nativly, while freebsd could possible use vncrypt in conjuction with swapon, or cfsd with swapon-file. Netbsd might use cgd? ==== Interesting encrypted filesystem projects ==== The following is directly usable on freebsd: cfs 2 GB limit (nfsv2), easy portable vncrypt Unstable? (and needs kernel module) geom(4) Modular disk I/O request transformation framework The following seems usable althought might require some work: loop-aes Only ported to linux so far http://sourceforge.net/projects/loop-aes/ cryptfs Port for freebsd available (btw, check out FiST!) http://www1.cs.columbia.edu/~ezk/research/cryptfs/index.html http://ftp.vit.edu.tw/pc/programming/hacktic/disk/ BestCrypt Source avail, 30day trial period. http://www.jetico.com/ Available, BUT not directly applicable: PPDD Linux specific, needs 100MHz+ pentium pgpdisk M$/win+Mac binary only http://mail.lab.net/lists/archive/cryptography-exploder/2003-February.txt PGPdisk + Linux ..? Janis Jagars, handle Disastry tcfs Alias cfs? (available for Linux,Netbsd,Openbsd) http://www.tcfs.it/ ncryptfs Follow up from cryptfs, not publicly released yet. http://www1.cs.columbia.edu/~ezk/research/ncryptfs/ncryptfs.html#sec:eval-feature