An integral part of host and network security is data encryption.

An integral part of host and network security is data encryption. There are a vast amount resources of information on the Internet available on the topic of data security. Various data encryption mechanisms are available for use with Linux.

Many means of encrypting disks involve patching the kernel and possibly other programs.

  • CFS is a way of encrypting entire directory trees and allowing users to store encrypted files on them. It uses an NFS server running on the local machine and is quite slow due to the nature of the program and algorithms used. More information is available at Matt Blaze's site and zedz.net
  • TCFS is an improvement on CFS, but unlike CFS requires kernel patches. It is also only available for the outdated 2.0.x kernels. More information is available in the TCFS FAQ
  • The Steganographic File System (SFS) attempts to "hide the information in such a way as to discredit its very existence." Designed by Adi Shamir (of RSA), and doesn't appear to be developed any longer.
  • StegFS seems to have picked up where SFS left off. It is reportedly more elaborate and stable than SFS. More information is available at the StegFS homepage.
  • The Encrypted Home Dir combines a patch of the /bin/login binary with a kernel patch to mount an encrypted loopback filesystem as your home directory. Once your initial login password is supplied, a passphrase is required to decrypt and mount your home directory.
  • The Loopback Encrypted Filesystem HOWTO describes another loopback filesystem kernel patch. Many types of encryption can be used, including DES, twofish, blowfish, IDEA, and others.

Several other disk encryption mechanisms (including ones for CDROMS and other media) are available.

Resources