Encrypting directories - Suse

This is a discussion on Encrypting directories - Suse ; Vahis skrev: > > This is too bad to be true. I can't believe it. > Neither can I... The 'truecrypt' module is for instance delivered along side the SystemRescueCd , where it should be quite easy to recover the ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 29 of 29

Thread: Encrypting directories

  1. Re: Encrypting directories

    Vahis skrev:
    >
    > This is too bad to be true. I can't believe it.
    >


    Neither can I... The 'truecrypt' module is for instance delivered along
    side the SystemRescueCd , where it should be
    quite easy to recover the data.

    --
    Best regards Jacob Tranholm
    Karl R. Popper: Observation statements and statements of experimental
    results are always interpretations of the facts observed.

  2. Re: Encrypting directories

    houghi wrote:
    >> This is too bad to be true. I can't believe it.

    >
    > Well, if you are locked out, you are locked out. That is the whole idea.
    > :-D


    And now for the REAL answers instead of speculating things:
    http://www.truecrypt.org/faq.php

    Some importand quotings from that page:
    Q: Will I be able to mount my TrueCrypt partition/container on any
    computer?
    A: TrueCrypt volumes are independent of the operating system. You will
    be able to mount your TrueCrypt volume on any computer on which you can
    run TrueCrypt (see also the question "Can I use TrueCrypt on Windows if
    I do not have administrator privileges?").

    Q: Will I be able to mount my TrueCrypt partition/container after I
    reinstall the operating system?
    A: Yes, TrueCrypt volumes are independent of the operating system.
    However, you need to make sure your operating system installer does not
    format the partition where your TrueCrypt volume resides.

    So it should be possible to read it after the new kernel. If that was
    not the case, the problem was not with tc, but elsewhere.

    houghi
    --



    This space left blank intentionaly

  3. Re: Encrypting directories

    houghi wrote:
    >> But that is my choice, and you are free to make your own...

    >
    > Please do not let people make their own choices. That is how we got with
    > so many people using Windows. They choose not to choose.


    Just to make it clear: _I_ will choose for everybody. I have never been
    wrong with anything. EVER!

    houghi
    --



    This space left blank intentionaly

  4. Re: Encrypting directories

    houghi skrev:
    >
    > These are the files I have installed:
    > * /usr/bin/truecrypt
    > /usr/share/man/man1/truecrypt.1.gz
    > /usr/share/truecrypt
    > /usr/share/truecrypt/doc
    > /usr/share/truecrypt/doc/License.txt
    > /usr/share/truecrypt/doc/TrueCrypt-User-Guide.pdf
    > /usr/share/truecrypt/kernel
    > /usr/share/truecrypt/kernel/truecrypt-2.6.22.ko
    >
    > That is what came with my version of truecrypt
    >


    You're right... And looking at the installation scripts in the package:

    -----
    jt@hp-dv6207ea ~/truecrypt-4.3a $ rpm -qp --scripts
    ../truecrypt-4.3a-0.i586.rpm
    postinstall scriptlet (using /bin/sh):
    rm -f /usr/share/man/man1/truecrypt.1
    exit 0
    preuninstall scriptlet (using /bin/sh):
    rmmod truecrypt >/dev/null 2>/dev/null
    V="$(lsmod | grep ^truecrypt)"
    [ "$V" ] && echo Error: All volumes must be dismounted first. && exit 1
    exit 0
    -----

    It is not copying the module to the /lib/modules directory. But that
    does not change, that the module is compiled for that specific kernel.
    If you attempt to use the same module for a different kernel, there
    might be problems. I have not tested this with the current package, but
    have seen the problem with earlier packages.

    >
    > Please do not let people make their own choices. That is how we got with
    > so many people using Windows. They choose not to choose.
    >


    I know... And this is also what makes giving advises for linux users
    difficult. I understand why Novell (and other distributors) has chosen
    to make an Enterprise edition with fewer choices.

    --
    Best regards Jacob Tranholm
    Karl R. Popper: Observation statements and statements of experimental
    results are always interpretations of the facts observed.

  5. Re: Encrypting directories

    Jacob Tranholm wrote:
    > I know... And this is also what makes giving advises for linux users
    > difficult.


    Advice? Who is giving advice? I certainly am not giving advice. I am
    giving orders.

    houghi
    --



    This space left blank intentionaly

  6. Re: Encrypting directories

    On 2008-01-04, houghi wrote:
    > Vahis wrote:
    >> Are you saying that once you've installed TrueCrypt you can't change the
    >> kernel? This is hard to believe, but in case it's true, it will go.

    >
    > I have some kernel updates waiting and will check it out this weekend.
    >
    >> I installed it already but haven't configured it yet.

    >


    I installed the rpm.

    > Configured?
    > truecrypt --type normal --size 100M -c volume.tc


    I din't type thats line yet. I called that configuring it.
    Maybe it's not configuring, maybe it's implementing or whatever.

    > Follow instructions by basicaly clicking on enter most of the time
    > That is all there is to it


    I'm sure that's the case. But I didn't do it cos I thought I'll make
    sure of this possible kernel update issue first.

    >
    >> I'll refrain from doing that for a while...

    >
    > I see that there is a kernel in the openSUSE thing. However when you
    > download the rpm from truecrypt, I do not see anything kernel related.
    > For that reason I will test it.
    >
    >>> Then, one of the upgrades to SUSE upgraded
    >>> my kernel and I was completely locked out of that directory!!!

    >>
    >> This is too bad to be true. I can't believe it.

    >
    > Well, if you are locked out, you are locked out. That is the whole idea.
    >:-D


    No problem here with me, but the original purpose was to support this
    damn thing over ssh. I'm not going to put my self in a situation where I
    can't get off the hook.

    >
    >>> Fortunately, I managed to find a CD with that information that I had burned
    >>> before using Truecrypt. Caveat Emptor, as they say.

    >>
    >> I'm sure there must be another way.

    >
    > One could re-install the old kernel. I am still not that happy with
    > overwriting the kernel. Better would be to keep copies, but I can see
    > the disadvantages for that as well. A bit damned if you do and damned if
    > you don't and I understand why they have choosen this option.
    >
    > I also do not know truecrypt well enough but will see what happens if
    > you try to read something on two different machines.


    I need to supply him with something that just works.
    I'm sure this will be sorted out.

    've already told him I'm working on this and as soon as I can dry run
    it on my own system, I'll put it on his.

    Vahis
    --
    "The only thing more expensive than training is the lack of it"
    Henry Ford

  7. Re: Encrypting directories

    Vahis wrote:
    >> Configured?
    >> truecrypt --type normal --size 100M -c volume.tc

    >
    > I din't type thats line yet. I called that configuring it.
    > Maybe it's not configuring, maybe it's implementing or whatever.
    >
    >> Follow instructions by basicaly clicking on enter most of the time
    >> That is all there is to it

    >
    > I'm sure that's the case. But I didn't do it cos I thought I'll make
    > sure of this possible kernel update issue first.


    The best way to make sure is to test it yourself. Just don't put any
    files in it that you need. I believe you have more then one machine
    running different versions of whatever.

    Make the file volume.tc, copy it to another device and try to read what
    you put in it. If 100M is too big, use 10M or 1M


    > No problem here with me, but the original purpose was to support this
    > damn thing over ssh. I'm not going to put my self in a situation where I
    > can't get off the hook.


    Basicaly it is something you mount, so you can do whatever you like with
    it. I would however think that you would first test it on your own
    machine, so that you know what problems could rise.

    > I need to supply him with something that just works.
    > I'm sure this will be sorted out.


    Sure. You can. It depends on how carefull you^h^h^hhe needs to be.
    You can have an icon that opens a terminal. All he needs to do is press
    [ENTER] and fill out the password.
    The terminal is closed and he can access the truecrypt directory.
    Click it again and it 'umounts'
    However the tricky part of the terminal is that if he does `-P[ENTER]`
    he can access the hidden part of the truecrypt file.

    > 've already told him I'm working on this and as soon as I can dry run
    > it on my own system, I'll put it on his.


    :-D

    houghi
    --



    This space left blank intentionaly

  8. Re: Encrypting directories

    houghi wrote:
    > Basicaly it is something you mount, so you can do whatever you like with
    > it. I would however think that you would first test it on your own
    > machine, so that you know what problems could rise.


    Please note that I have downloaded from truecrypt.org, so any other
    files might do things differently or not.

    As it needs mounting, ypu need root access. Not something you would
    like to do each time. I came across the following (untested)
    http://gentoo-wiki.com/HOWTO_Truecry..._a_normal_user

    However there is no group truecrypt with openSUSE, so what I did was the
    following: as root `visudo` and added the following line:
    houghi ALL=NOPASSWD: /usr/bin/truecrypt

    However when I now do the following, the directory is owned by root,
    making the user houghi unable to write to it. Strange.

    houghi
    --



    This space left blank intentionaly

  9. Re: Encrypting directories

    Vahis wrote:

    > I made a 10.3 "newbie-installation" to a friend. So I'm able to ssh in and
    > maintain the system. The system logs the only user in automatically.
    >
    > Now, he's using the machine together with his sambo and he asked if it's
    > possible to put some directories behind a password.
    > I think I know why. I told him the girl will discover there's a
    > hidden place on that machine and there's going to be inquisition
    >


    I get requests to break into protected areas from a SO all the time. If
    they are suspicious, one can almost guarantee that it hidden material will
    be noticed.

    > He still wants there to be just this one single user with automatic
    > login to K.I.S. so this needs to be taken care of by encrypting.
    >
    > I have no experience of making encrypted directories (or partitions to
    > that matter)
    >
    > Can a directory be both encrypted and hidden? (start with a dot)
    > How should I proceed by ssh/YaST?
    >
    > Vahis


    --
    Later,
    Darrell Stec darstec@neo.rr.com

    Webpage Sorcery
    http://webpagesorcery.com
    We Put the Magic in Your Webpages

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2