| 1 |
Tom schrieb: |
| 2 |
> Hi List, |
| 3 |
> |
| 4 |
> Doesn't really belong here, but security seems dead, so... |
| 5 |
[...] |
| 6 |
> As mentioned above, the disk I want encrypted is a usb device, so it's |
| 7 |
> removable. |
| 8 |
> This among other things requires the encryption method to be usable |
| 9 |
> from multiple machines but also from multiple OSes (Windows and Linux). |
| 10 |
> |
| 11 |
> Now from what I've been reading, there are basically two ways of doing |
| 12 |
> this. TrueCrypt and dm-crypt together with freeotfe on windows. |
| 13 |
> |
| 14 |
|
| 15 |
I can't tell you anything about dmcrypt on Windows or Truecrypt. All I |
| 16 |
use is dmcrypt (LUKS) on Linux which works out of the box these days (at |
| 17 |
least on all major Linux desktop environments) |
| 18 |
|
| 19 |
> The main issue is obviously the filesystem. |
| 20 |
> As far as I understand it, both methods work 'atop' any filesystem that |
| 21 |
> the underlying OS supports. |
| 22 |
> Because I want both windows and linux support, this would mean vfat, |
| 23 |
> ntfs, or ext2(3,4??). |
| 24 |
|
| 25 |
Last time I checked, ext2 didn't work with Truecrypt on Windows due to a |
| 26 |
bug. If you use another solution (or the problem is fixed), I'd |
| 27 |
recommend ext3 or ext4 without extents (so it can still be mounted as |
| 28 |
ext2 by the Windows driver). |
| 29 |
|
| 30 |
I would use NTFS. I dislike using non-journalling filesystems like FAT |
| 31 |
or ext2 on such big disks. However, using the fuse implementation under |
| 32 |
Linux causes a rather high CPU utilization. Together with the encryption |
| 33 |
it could slow down less beefy systems. |
| 34 |
|
| 35 |
> |
| 36 |
[...] |
| 37 |
> Another mayor question is dataloss. |
| 38 |
|
| 39 |
Well, saving all data on a single disk is always risky. That's why |
| 40 |
clever folks invented backups and redundancy ;) |
| 41 |
|
| 42 |
> The usb-disc has 1TB, would it make sense to maybe have more than one |
| 43 |
> partition, both from a performance and reliability standpoint? |
| 44 |
|
| 45 |
I don't think that there would be any performance benefits. Reliability |
| 46 |
would increase if you don't always mount all partitions, however, you |
| 47 |
would also need to type your password again for every partition which |
| 48 |
could become annoying. |
| 49 |
|
| 50 |
If you stick with FAT32, keep in mind that Windows 2k, XP and Vista |
| 51 |
can't create FAT32-partitions of more than 128GB size. However, they can |
| 52 |
still mount 2TB partitions created with linux or third-party tools. |
| 53 |
|
| 54 |
Hope this helps. |
Archives