Linux-Voice-Issue-001

Recommendations

Info

GROUP TEST ENCRYPTION Performance Do they add much overhead? Mounting volumes Working with the encrypted containers. AES is the fastest cipher, with Blowfish just behind. Twofish is relatively slower, and Serpent is the slowest. TrueCrypt supports parallelised encryption for multicore systems. This means that it can use all the cores in a multicore processor in parallel to encrypt and decrypt the data. Furthermore, header key derivation is also parallelised, which means TrueCrypt can also mount volumes faster. However, one performance enhancing feature in TrueCrypt, pipelined read/write operations, is only available on the Windows version of the tool. The Quad-Core AMD A8 processor on one of our test machines supports hardware-accelerated encryption, and thanks to this instruction set, which makes the encryption/decryption several times faster than when performed on a purely software implementation. TrueCrypt isn’t the only app to take advantage of hardware acceleration. So too can eCryptfs and BestCrypt. However, we couldn’t find the option to control the state of the AES hardware acceleration, either in the graphical front-end or the CLI version. There’s no information on whether zuluCrypt uses hardware acceleration but cryptsetup does support it. FUSE boost Since EncFS ties in to the Filesystem in User-Space kernel (FUSE) module, you should expect some drop in performance when using it. For the same reasons the authors of eCryptFS claim their tool is faster than EncFS because there is no overhead caused by context switching between the kernel and userspace. Many tools have a benchmarking tool built into them to help you compare the performance of the various ciphers for your setup. Some tools, such as BestCrypt, measure performance by averaging the time it takes to encrypt small amounts of data several times, while others let you specify the size of the buffer you wish to encrypt. In our tests, TrueCrypt was the fastest, writing over a gigabyte of files in under a minute. eCryptfs was marginally slower while BestCrypt took over three minutes and was the slowest of the lot. EncFS, despite its userspace disadvantage, repeatedly edged out zuluCrypt sometimes by as much as 20 seconds. VERDICT TrueCrypt BestCrypt zuluCrypt eCryptfs EncFS eCryptfs bundles a script that can use cryptsetup to encrypt the swap partition, as well as the more usual dasa partitions, such as /home. To mount an encrypted volume you provide the correct password and/or keyfile. Once mounted, an encrypted volume behaves like any other disk. You can even play or record multimedia content, like a video from a mounted encrypted volume – the app will load bits of the video and decrypt it in RAM. The biggest advantage with both eCryptfs and EncFS is that they can be used to protect existing filesystems without block device access, such as Samba shares or cloud storage folders. They also allow offline file-based backups of encrypted files. eCryptfs has its own set of scripts to mount and unmount encrypted directories. eCryptfs also has utilities that can mount the encrypted directories from an Ubuntu live CD to help you recover data. EncFS also has its own CLI tool to mount encrypted folders. Like eCryptfs it also needs two directories -- one to hold encrypted data and the other to hold unencrypted data. You can mount BestCrypt and TrueCrypt encrypted volumes from the graphical interface as well as the CLI. The graphical interfaces of both tools enable the user to mount the volumes as read-only. BestCrypt additionally lets you specify a mount point for the container. More Zulu excellence But both are topped by zuluCrypt, which includes the zuluMount tool. This is a general-purpose mounting tool that can mount all encrypted volumes supported by zuluCrypt, including LUKS and TrueCrypt volumes. You can also mount volumes from the main zuluCrypt app, but zuluMount has a simpler interface and is designed with the sole purpose of mounting and unmounting filesystems. In fact zuluMount can mount and unmount unencrypted volumes as well and can even manage plugged-in devices. Like zuluCrypt, the zuluMount tool has a CLI interface as well. zuluMount also lets you make a mount point public and share it with other users. VERDICT TrueCrypt BestCrypt zuluCrypt eCryptfs EncFS 34 www.linuxvoice.com
ENCRYPTION GROUP TEST OUR VERDICT ENCRYPTION TOOLS Block device vs filesystem encryption. Broadly speaking we have covered two types of encryption tools in this group test. Three do block device encryption and two do stacked filesystem encryption. You’d use the latter if you wanted to keep an encrypted folder within, say, your home directory. For this purpose you can use either eCryptfs or EncFS. If you want speed, go with eCryptfs, which operates in the kernel space. The other three tools create encrypted containers. In their encrypted form these file containers appear like unintelligible files, and you can work with them just like any other file on the system, within your file manager. A worthy runner-up The most popular tool for creating such containers is TrueCrypt. The biggest advantage of the app is its portable nature, which means you can run in without installing the app. This is truly a useful feature especially when combined with the fact that the app is available on multiple- platforms. In effect you can bundle TrueCrypt executables in a removable device along with the encrypted containers and decrypt them under any OS. The app also offers denial encryption just like BestCrypt. But the use of hidden folders can be dangerous in the hands of inexperienced users: any changes you do to the mounted main part can overwrite and damage the hidden part. All things considered, zuluCrypt “zuluCrypt gives you most of TrueCrypt’s functionality with a clearer licence.” comes out on top, as it has several distinct advantages over TrueCrypt. To begin with, the app doesn’t expect you to have a sudo setup like TrueCrypt. Also with zuluCrypt you get most of TrueCrypt’s functionality with a clearer licence. zuluCrypt can create encrypted volumes in both files and partitions and allows the use of keyfiles. zuluCrypt can also encrypt individual files and can read different types of containers. To top it off, it has a nice intuitive graphical interface and a specialised tool for managing encrypted and unencrypted partitions. If you are serious about encryption, pick a distro that offers the option to encrypt all contents in your disk. 1st zuluCrypt Licence GNU GPL v2 Version 4.6.7 http://code.google.com/p/zulucrypt Built on a solid foundation, the tool’s intuitive graphical interface makes up for the lack of documentation. 2nd TrueCrypt Licence TrueCrypt Licence Version: 7.1a www.truecrypt.org One of the most popular encryption tools currently undergoing an audit to iron out some long pending issues – such as its licensing. 3rd eCryptfs Licence GNU GPL v2 Version 103 http://ecryptfs.org One of the strengths of this tool are its wonderful utilities that can also help locate and recover encrypted data. 4th EncFS Licence GNU GPL v2 Version 1.7.4 www.arg0.net/encfs The lack of an official graphical tool is made up by the availability of a pretty good third-party one. 5th BestCrypt Licence Proprietary Version 2.0-3 www.jetico.com The proprietary tool doesn’t offer anything worth recommending over its open source competitors. Did we mention it costs €49.95? YOU MAY ALSO WISH TO TRY… zuluCrypt is a front-end to the cryptsetup and tcplay command-line utilities. As we’ve mentioned earlier in the group test, the cryptsetup utility lets you create encrypted volumes based on the dm-crypt kernel module. Then there’s tcplay, which is a feature-rich BSD-licensed implementation of TrueCrypt. If you prefer you can use these utilities without the zuluCrypt GUI – that is, direct from the command line. dm-crypt/LUKS can be applied to any type of device that is natively understood by the kernel. It can encrypt whole disks, removable media, partitions, software RAID volumes, and logical volumes. It can also encrypt the swap partition and in fact the eCryptfs tool uses the utility to encrypt the swap partition. It can also encrypt files as long as they mounted as a loopback device (with the losetup utility), and thus available under the /dev directory. cryptsetup can take advantage of accelerated encrypted hardware, and you can format the container with any filesystem that’s supported by the kernel. www.linuxvoice.com 35
Page 1: The magazine that gives back to the
Page 4 and 5: CONTENTS We are all in the gutter,
Page 6 and 7: ANALYSIS NEWSANALYSIS The Linux Voi
Page 8 and 9: DISTROHOPPER DISTROHOPPER We’ve t
Page 10 and 11: GAMING ON LINUX GAMING ON LINUX The
Page 12 and 13: MAIL YOUR LETTERS Got something to
Page 14 and 15: MAIL SATNAV SIGHS Linux Voice! I’
Page 16 and 17: LUGS ON TOUR LUGS ON TOUR Blackpool
Page 18 and 19: SHOW REPORT FOSDEM The crazy cats o
Page 21 and 22: REVIEWS INTRO REVIEWS The latest so
Page 23 and 24: MAGEIA 4 REVIEWS direct links to re
Page 25 and 26: LIGHTWORKS PRO 11.5 REVIEWS Lightwo
Page 27 and 28: NEXUS 5 REVIEWS Google Nexus 5: thr
Page 29 and 30: REVIEWS BOOKS Culture & Empire: Dig
Page 31 and 32: ENCRYPTION GROUP TEST Supported cip
Page 33: ENCRYPTION GROUP TEST zuluCrypt Zul
Page 37 and 38: NEXT MONTH NEXT MONTH IN ON SALE TH
Page 39 and 40: FREE SOFTWARE FEATURE For so long,
Page 41 and 42: FREE SOFTWARE FEATURE MIR Few thing
Page 43 and 44: 29 30 We should have a new release
Page 45 and 46: REACTOS 44 Version 0.4 will include
Page 47 and 48: FLORIAN EFFENBERGER INTERVIEW “Wh
Page 49 and 50: FLORIAN EFFENBERGER INTERVIEW of th
Page 51 and 52: BITCOIN FEATURE HASHTAG Sellers can
Page 53 and 54: BITCOIN FEATURE ANONYMITY Bitcoin h
Page 55 and 56: BITCOIN FEATURE These two things al
Page 57 and 58: CROWDFUNDING FEATURE TOP TIPS FOR C
Page 59 and 60: CROWDFUNDING FEATURE MIKE SAYS… T
Page 61 and 62: FAQ WAYLAND cheap terminals could c
Page 63 and 64: SYSADMIN put them in /etc/systemd/s
Page 65 and 66: CLOUDADMIN Cloud anatomy OpenStack
Page 67 and 68: FOSSPICKS Free-form data organiser
Page 69 and 70: FOSSPICKS Log file monitor BEOBACHT
Page 71 and 72: FOSSPICKS FOSSPICKS BRAIN RELAXERS
Page 73 and 74: TUTORIALS INTRO TUTORIALS Dip your
Page 75 and 76: TUTORIAL PGP DIGITAL SIGNING OpenPG
Page 77 and 78: BREWPI TUTORIAL somewhere and a Ras
Page 79 and 80: BREWPI TUTORIAL THE BREWPI SURVIVAL
Page 81 and 82: BREWPI TUTORIAL are three different
Page 83 and 84: BREWING YOUR OWN BEER: A BRIEF ENCO
Page 85 and 86:
OWNCLOUD 6 TUTORIAL “config” di
Page 87 and 88:
OWNCLOUD 6 TUTORIAL OwnCloud’s ca
Page 89 and 90:
TUTORIAL ADA LOVELACE go in a singl
Page 91 and 92:
TUTORIAL ADA LOVELACE stage (A0), a
Page 93 and 94:
ARCH TUTORIAL 2 FIRST BOOT Before y
Page 95 and 96:
ARCH TUTORIAL another operating sys
Page 97 and 98:
PYTHON CODING compact forecast for
Page 99 and 100:
PYTHON CODING You’ll find a compr
Page 101 and 102:
EUCLID CODING euclid(100,140) The i
Page 103 and 104:
GREP GAMES CODING However, this doe
Page 105 and 106:
GREP GAMES CODING Challenges Test y
Page 107 and 108:
VIM MASTERCLASS followed by a manda
Page 109 and 110:
FIREFOX IN DEPTH Web developer tool
Page 111 and 112:
FOUNDERS PAGES Beal, James Derrick,
Page 113 and 114:
DVDPAGES Developers’ paradise Fed
Page 115:
Supernova remnant Cassiopeia A Data
show all

Linux-Voice-Issue-001

Create successful ePaper yourself

Delete template?

Save as template?