1st let's craft a encrypted volume and dmg.
When you 1st build the image, it will ask you for the phassphrase for the image, and rate you level of security.
Now when you click on that encrypted dmg file, it will prompt you for the passphrase. With AES, the encryption is very tight and with a strong passphrase you will have the ultimate in in security. AES256 support strong encryption and both are military grade of encryption.
You can also mount the diskimage from the command line also;
Okay let's move on to linux OS.
1st you have to install the encryption fs utility pkg. Here I'm using apt-get install;
Now to craft a encrypted folder, we would do the following;
It's guided , and will give you a choice of encryption ciphers. I believe the default of aes is 128bit key strength, with the option of a 256 bit key.
Their you have it, 2 ways to encrypted a folder. Now I know a lot of you are going to argue full disk encryption ( FDE ) is supported, blah........ blah ..........blah ............., but here we can encrypt folders or volumes that we can easy move around of transfer between users or systems.
Try moving around a fully encrypted file system and get back to me on that , LOL
Next with encryted folder/volumes, you only place the files of importance within that folder. Not all data imho needs to be encrypted. In my day-2-day practices, I place my tax returns, logins, certs, keys, important word/excel docs into my encrypted folder.
Regardless if my computer was losted in transit like let's say flying, a break in, or somebody within TSA with sticky fingers. My data ( important files ) are 100% secured, and I can go to sleep & rest assured that my sensitive data is protected. Just like with my earlier post on PGP, don't save the key on the host. A combo lock is of no use, if you write the combo on the backside of the lock :)
I will point out some of the pro/con with truecrypt, linux and maxosc
- support for numerous ciphers
- more 256bit key support ciphers
- supported in most OSes
- free source
- very well documentation & detailed
- encrypts volumes, disk partitions and storage devices on-the-fly
- support numerous ciphers both with 128/256 bit keys and supports 128 or 64 bit blocks
- very well packaged
- support simple encryption
MACOSX ( as of lion )
- only supports 2 ciphers ( AES128/256 )
- simple management via the GUI
- easy to use or the typical end user
- nothing to install it's part of the OS
As in all three, the key is storage in RAM, so if some one has access to the host and can read kernel memory ( e.g /dev/memory ) you could be compromised.
Freelance Security/Network Engineer
kfelix --at-- hyperfeed --dot--com