This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

For cold (offline) storage, this is excellent.

Posted by: Administrator on June 16, 2004 01:47 PM
Encrypted filesystems are not for protection while the machine is up and running, but for protection when the machine is off.

Couple examples of where encrypted filesystems come into play:

You have a laptop with client source code on it, and you want to make sure that even though its covered by theft insurance, you want to make sure a thief has no access to the contents.

You have some very sensitive work projects on a multi-user server that you want separated, where one user that happens to get root on a machine cannot access the contents. (This example fails somewhat, as its not hard for a root user to make a keylogger utility though.)

You have a coloc box at an ISP which you may not trust 100%, but is giving a good deal for access that has some security at the console.

You are sending CDs to friends whose contents need to be encrypted, so you make a mountable encrypted images.

You use hard disks or removable storage for access, and want some means of protecting the contents when they are stored offsite.

This isn't a be all and end all for security, but it is a lock on another door that may be normally wide open. For example, even the best network security can't stop a local user from sticking a hard disk on another machine and booting it, the best hard drive encryption can't stop an intrusion while the machine is on.


Return to Encrypting partitions using dm-crypt and the 2.6 series kernel