[ltp] Re: Good FS for laptop

[Tino Keitel]

On Tue, Jun 01, 2004 at 11:20:07 -0400, Bob Toxen wrote:
> I've been running PPDD on top of ext3 for my ThinkPad R31 for 1.5 years
> with no problems, despite a few crashes (all but 2 being operator error).
> 
> PPDD is an encrypted file system available from:
> 
>      http://linux01.gwdg.de/~alatham/ppdd.html
> 

Well, it looks more like a device driver with a crypto layer than like
a file system.

> It supports ext2, ext3, reiserfs and maybe more.  I run it on top of my
> /home and /home2 partitions.  Thus, if my laptop is shut down and stolen
> or lost, my business data is not lost.  Unless an encrypted file system
> is mounted (with a password needed for mounting), all file system data,
> including file names, is strongly encrypted and unavailable.
> 
> It does require some kernel patches be installed.  I don't build kernels
> every day but I am a very experienced C programmer and it took me about
> a day's effort to set up.

Another way to do that is dm-crypt [1], which is part of the kernel
2.6. All it does is plugging the existing device mapper (which is known 
to all peaple using LVM2) and crypto API together. You can use any of  
the encryption algorithms supported by the crypto API, e.g. AES, 3DES  
etc. It took me half an hour to set up an encrypted partition.

> One also can have one's root file system encrypted due to some booting
> tools that come with it.  (The risk of not encrypting the root file system
> is that "deleted" temporary files can be found by hackers.  I periodically
> run a script that fills up all free space on each file system and then
> frees it to deal with this.)

Another way is to use tmpfs for /tmp. So all contents of /tmp are lost
after a reboot and you don't have to care about it. If /tmp fills up
more than you have RAM, it will be swapped out, and reside on the swap
partition, which you have encrypted, too (using a random key).

Regards,
Tino