In 2009 or 2010 someone decided to wrap some of the awesome features of cryptsetup in a simple shell script, enabling humans to actually take advantage of these features. stlth: stealth, the stego crypto container thats a cryptsetup shellscript See how to mount a TC container using cryptsetup. The TrueCrypt support is available as tcrypt and I’ll have to look into that more. If you read nothing else, read the cryptsetup FAQ which is full of information about securing an encrypted drive.įor a while now cryptsetup has supported the TrueCrypt container format along side the native, and far superior, LUKS format. It uses multiple key slots to allow multiple passphrases to decrypt, uses a strong master key to decrypt the drive contents, and is generally pretty awesome as an encrypted container format. LUKS is a hardened on-disk encrypted key storage designed to withstand bruteforce and forensic attack. Originally only supporting some lame on-disk format, cryptsetup was later updated to implement LUKS. The cryptsetup tool is vital to the functioning of encrypted disks on Linux. Tc-play GitHub cryptsetup: Swiss Army Knife of Disk Encryption In the process of developing his reimplementation, he discovered some inconsistencies between the TrueCrypt documentation and the actual container format. UNIX philosophy for the win! tc-play: TrueCrypt for dm-cryptĪ DragonflyBSD developer did a complete reimplementation of the TrueCrypt container format using the dm-crypt module to handle the crypto. It abstracts the entire encryption handling into the kernel and allows the userland programs to treat the encrypted data container as a simple block device, just like any other. This is a powerful kernel module for working with encrypted data stores. Any block device (including loopback devices) can be mapped by dm-crypt as a transparently encrypted virtual block device under /dev/mapper. The dm-crypt module provides transparent encryption as a Device Mapper layer. The Device Mapper is the Linux kernel infrastructure which enable arbitrary data stores to appear as block devices. dm-crypt: Linux Kernel Encrypted Data Storage ( NOTE: there are Windows implementations as well, but I don’t use Windows, so I don’t know anything about them). Fortunately, there are alternative implementations of the TrueCrypt format, particularly on Linux and BSD platforms. This upsets some people who are not comfortable with their encryption software being developed by unknown people. The canonical implementation of the TrueCrypt encrypted container format is developed in a secretive way by anonymous hackers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |