Re: linux newbie versus Mandrake

[pplf <pplf@wanadoo.fr>]

Earl wrote:
> With WIN, I have SCRAMDISK and DRIVECRYPT and feel that my
> confidential data is safe no matter what.

Scramdisk (the source is free) or Drivecrypt (here, no source-code at 
all!) are not secure because Windoze is not secure. And you cannot 
encrypt the swap.


> I understand that Mandrake 9.0 has crypto out-of-the-box, but what
> does that really mean?

That means that you can create some encrypted partitions (/home, /var, 
/tmp) - but there you *must* enter a passphrase at the boot -, or create 
some encrypted containers (or "folders") on an existing Linux partition.

The container solution is more easy to use, IMHO.

You create a container (personaly, I use the Michel Bouissou script to 
create it automatically : 
https://www.bouissou.net/wws/d_read/open-crypto/linux-crypto/mkcryptfs/mkcryptfs-0.5.4-1mdk.noarch.rpm 
), you mount it + enter passphrase, and all datas located in this 
/home/.../secret are encrypted/decrypted on-the-fly.

No data is written in plain text on the disk.

In Mandrake 9.0, the swap is automatically encrypted when /etc/fstab 
contains the flag "encrypted" in the swap line like this :
/dev/hda4 swap swap encrypted 0 0



-- 
pplf - French OpenPGP page "OpenPGP en francais"
http://www.openpgp.fr.st
pplf@wanadoo.fr
"Microsoft solutions aren't solutions. They are problems" C.Casteyde

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/