"What can I use to encrypt my Linux filesystem?":
– LUKS/LVM supports full-disk encryption (and optionally 2FA)
– ext4 supports folder-based encryption
– eCryptFS/encfs are outdated/unmaintained
– GoCryptFS uses modern crypto but leaks metadata
– CryFS uses modern crypto and hides metadata but is slower than GoCryptFS
Thanks to Mr. Schumacher from Magdeburger Institut für Sicherheitsforschung
– LVM means Logical Volume Manager, a device mapper to provide logical volume management.
– LUKS means Linux Unified Key Setup, and uses dm-crypt to provide full-disk encryption.
– dm-crypt is a device mapper target for transparent disk encryption.
@infosechandbook Sure. My point was just that LUKS may be used with other partitioning formats (MBR/PBR, GPT, BSD disklabels, raw linear, etc.), or no partitioning at all (filesystem right on top of the mapped device).
@infosechandbook luks supports 2FA how? this sounds awesome.
Just search for 2FA/LUKS using your favorite search engine. We may provide an Arch-based guide in future.
@infosechandbook oh, in the far far future or with (luck :-)) this year?
Likely in 2019. 😉
@infosechandbook oh, i hope so. You Guys are the best.
@infosechandbook I've been planning to use lvm and luks but also needed specific encryption for some folder on top. Didn't know about ext4 support for that. Is it stable and secure? Need to look into it. Thanks
I forget the exact steps, but basically you fill a file with random data (dd if=/dev/urandom of=/whatever bs=1M count=1000), set up a loopback device for it, and then set up LUKS/LVM for it like it was a drive.
Linux kernels >= 4.1 support ext4 encryption out of the box.
There is a section in the Arch wiki about this:
They recommend reading the following blog post:
mastodon.at is a microblogging site that federates with most instances on the Fediverse.