1 |
Tom schrieb: |
2 |
> Hi List, |
3 |
> |
4 |
> Doesn't really belong here, but security seems dead, so... |
5 |
[...] |
6 |
> As mentioned above, the disk I want encrypted is a usb device, so it's |
7 |
> removable. |
8 |
> This among other things requires the encryption method to be usable |
9 |
> from multiple machines but also from multiple OSes (Windows and Linux). |
10 |
> |
11 |
> Now from what I've been reading, there are basically two ways of doing |
12 |
> this. TrueCrypt and dm-crypt together with freeotfe on windows. |
13 |
> |
14 |
|
15 |
I can't tell you anything about dmcrypt on Windows or Truecrypt. All I |
16 |
use is dmcrypt (LUKS) on Linux which works out of the box these days (at |
17 |
least on all major Linux desktop environments) |
18 |
|
19 |
> The main issue is obviously the filesystem. |
20 |
> As far as I understand it, both methods work 'atop' any filesystem that |
21 |
> the underlying OS supports. |
22 |
> Because I want both windows and linux support, this would mean vfat, |
23 |
> ntfs, or ext2(3,4??). |
24 |
|
25 |
Last time I checked, ext2 didn't work with Truecrypt on Windows due to a |
26 |
bug. If you use another solution (or the problem is fixed), I'd |
27 |
recommend ext3 or ext4 without extents (so it can still be mounted as |
28 |
ext2 by the Windows driver). |
29 |
|
30 |
I would use NTFS. I dislike using non-journalling filesystems like FAT |
31 |
or ext2 on such big disks. However, using the fuse implementation under |
32 |
Linux causes a rather high CPU utilization. Together with the encryption |
33 |
it could slow down less beefy systems. |
34 |
|
35 |
> |
36 |
[...] |
37 |
> Another mayor question is dataloss. |
38 |
|
39 |
Well, saving all data on a single disk is always risky. That's why |
40 |
clever folks invented backups and redundancy ;) |
41 |
|
42 |
> The usb-disc has 1TB, would it make sense to maybe have more than one |
43 |
> partition, both from a performance and reliability standpoint? |
44 |
|
45 |
I don't think that there would be any performance benefits. Reliability |
46 |
would increase if you don't always mount all partitions, however, you |
47 |
would also need to type your password again for every partition which |
48 |
could become annoying. |
49 |
|
50 |
If you stick with FAT32, keep in mind that Windows 2k, XP and Vista |
51 |
can't create FAT32-partitions of more than 128GB size. However, they can |
52 |
still mount 2TB partitions created with linux or third-party tools. |
53 |
|
54 |
Hope this helps. |