What is Digg?46 Comments
- latrosicarius, on 09/26/2008, -0/+18truecrypt
- karlw, on 09/25/2008, -1/+19Dugg for hiding porn.
- inactive, on 09/26/2008, -0/+15Truecrypt is superior because this encfs still has cleartext inodes, so you see a dir full of files like "big titties five ***** up the ass.wmv" even though they're scrambled.
- wesw02, on 09/26/2008, -0/+11WARNING: The article failed to mention that if your really paranoid about your data, you need to encrypt your swap space. Why you ask? Well in the event your system is running low on memory Linux can (and will) store stuff in the swap space and if your accessing your encrypted files while Linux is writing to your swap, there's a good chance some fragments of those files will be written to the swap drive (without encryption).
- Minters, on 09/26/2008, -0/+11Just installed Ubuntu myself after months of fighting with Windows Vista. Really good operating system that Im finding more and more useful and customisable by the day. The prospect of having an encrypted file is fantastic! I use my laptop at work, and have often found people having a play with it when Im not looking (Theyre not used to seeing anything that isnt Windows or MacOS), so the chance to hide my personal data inside an encrypted folder away from prying eyes is a very welcome one.
- additivefree, on 09/26/2008, -0/+10Published in August 7th, 2008
Posted by Tom in software
eCryptfs is a kernel-native cryptographic filesystem. It’s also a stacked filesystem, eCryptfs must work on top of another filesystem such as Ext3. This means that you don’t need to allocate space for eCryptfs, it will grow and shrink as you add files to it.
eCryptfs will be used in Ubuntu 8.10 to provide an encrypted private directory for every user. I set up my own private directory in Ubuntu 8.04. It’s not a user friendly solution like it will be in the next version of Ubuntu, but it’s not too difficult to simplify mounting and unmounting with some launchers.
Install eCryptfs from the package ecryptfs-utils (click the link to install), or by running the command below in your terminal:
sudo apt-get install ecryptfs-utils
Create a new directory to encrypt. I used a directory called Private in my home folder:
mkdir ~/Private
You don’t want other users on your system snooping on your Private directory, change its permissions to deny anyone but your user access:
chmod 700 ~/Private
Mount a new eCryptfs filesystem in your new folder:
sudo mount -t ecryptfs ~/Private ~/Private
You’ll be asked some questions by eCryptfs. I selected to use a passphrase, the default AES encryption, and 16-byte key length. Notice the defaults, indicated in square brackets, if you’re not sure about an option. (If you’re wondering about the “plaintext passthrough” option like I was, it allows non-encrypted files to be used inside the mount. I selected to turn this off.) eCryptfs will notice that this is the first time you have used your passphrase, and will ask if it can save a hash so it doesn’t have to warn you every time.
Once the mount finishes, try and add some files to your encrypted folder. Unmount the encrypted folder to secure it:
sudo umount ~/Private
If you open the Private directory now, you’ll still see all the filenames. But opening a file will reveal that its contents are encrypted. I examined my test plain text file in a hex editor, and it certainly looks encrypted:
encrypted file in hex editor
Remounting the Private directory can be done with the same mount command we used before. However, you’ll still be asked for the key type, your passphrase, the cipher, and the key length. Who wants to remember all of that and enter it every time?
You can avoid this by providing some options with the mount command. This mount command specifies enough options that you should only be prompted for your passphrase:
sudo mount -t ecryptfs ~/Private ~/Private -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n
Want to streamline mounting and unmounting the your private directory? In Ubuntu 8.10 all of this will be done automatically when you log in and out. For until then, I just created two simple launchers in GNOME, one for mounting and one for unmounting my private directory.
Create a new launcher by right-clicking on your desktop and selecting Create Launcher. Change the type to Application in Terminal. Paste in the command you’re using to either mount or unmount. If you’re using a tilda (~) character in your commands to refer to your home directory, you need to specify the whole path instead if you’re using sudo. (It seems that using a GNOME launcher with sudo will cause a tilda to point to root’s home. In a normal terminal it would point to your own home.)
These launchers should open a terminal, take any input needed, close the terminal, and perform the eCryptfs mount/unmount. - bratterscain, on 09/26/2008, -1/+9Dugg for hiding my plan to take over the world.
- infiniphunk, on 09/26/2008, -0/+7What are you talking about? If I know what I'm looking for I can find something on a unix system waaaaay faster than having to search via the Windows method. With linux by the time I find my file, in Windows I'd still be watching the little dog scratch the ground, wag his tail and blink stupidly at me.
- Frostek, on 09/25/2008, -1/+7Kind of easily defeated by CTRL-H though?
- Onestone, on 09/26/2008, -1/+7The article contains old advice. In the current Intrepid, all that is required to setup the encrypted private dir is:
1. sudo apt-get install ecryptfs-utils
2. ecryptfs-setup-private
For more info: https://wiki.ubuntu.com/EncryptedPrivateDirectory# ... - OneLess, on 09/26/2008, -0/+5You can also lock the screen while you're away from your computer to keep anyone who doesn't know your password out. Then you also get the entertainment of people leaving messages like "PENIS" for you when you get back.
- mrsteveman1, on 09/26/2008, -0/+5Tell you what, you keep your plan, and gimme the porn. Deal?
- oobuntu, on 09/26/2008, -0/+4where's duggmirror nowadays? did that die?
- bratterscain, on 09/26/2008, -0/+4Seriously?
- dougle, on 09/26/2008, -0/+4I've not seen that one, can you send it over.
- aldoyle, on 09/26/2008, -0/+4I tried this method out a little while back. I personally didn't like it too much due to the simple fact of not encrypting the filenames. I found much greater success using EncFS. If anyone's interested: http://ubuntuforums.org/showthread.php?t=148600
- paradox4190, on 09/26/2008, -1/+5http://www.hulu.com/watch/11733/family-guy-where-p ...
- evilWEED, on 09/26/2008, -0/+4full disk encryption is better. if you use the alternate cd, you can encrypt it while installing:
http://learninginlinux.wordpress.com/2008/04/23/in ... - linuxzap, on 09/26/2008, -0/+3Mirror?
- tvanwyk, on 09/25/2008, -1/+4I would think that most of the people who might have reason to snoop around your porn stash know about 'ls -a'.
- tvanwyk, on 09/25/2008, -3/+5Create An Encrypted Private Directory in [most modern distributions]
- poet, on 09/26/2008, -0/+2"user-friendly to use"
I would love to use user-friendly. wtf? - Minters, on 09/26/2008, -0/+2hehe, yeah I do that usually, but I often forget to lock the terminal. Or I think Im only nipping away for 2 minutes and end up being gone for 20.
I dont mind them using the computer so much. I can pretty much guarantee that the only program to have been opened in my absence is Blackjack, but still, nice to have some added security! - martalli, on 09/27/2008, -0/+2Newbies - that mean a recursive deletion - so don't do it. In fact, it is pretty poor encryption, since it merely hides the filename and not the file. The file remains on the hard drive, but the computer's user can't see it anymore. In order to completely erase the file, you need to use something like "wipe", which writes over the top of the file several times with random data. Nonetheless, journalized filesystems like ext3 can even throw off programs like wipe by keeping their journals.
- antdude, on 09/26/2008, -0/+2Mirror: http://209.85.173.104/search?q=cache:uS9_mfdBCMkJ: ...
- andycr512, on 09/26/2008, -0/+2There's almost no overhead to well-done full drive encryption, like TrueCrypt.
- 1n4007, on 09/26/2008, -1/+2Boring troll is boring.
- ethana2, on 09/26/2008, -1/+2I have a whole gig of RAM. I know well enough not to have firefox open while I'm doing something that actually needs memory. I can't recall a single time when I've even come close to running out.
- additivefree, on 09/26/2008, -0/+1the lazy man's mirror
- skyshock1, on 09/26/2008, -0/+1Don't you mean ls -a? :P Of course it's easily defeated, I didn't mean for it to be any sort of awesome trickery or anything. Just one more thing that's easily done to make it not-so-apparent is all.
- divinediva, on 09/25/2008, -3/+4crypt keeper is easier, user-friendly to use
- martalli, on 09/27/2008, -0/+1You can lock the screen in OSX and Windows, too....
- Narishma, on 09/27/2008, -0/+1Intrepid hasn't been released yet, has it? This article isn't about Intrepid but Hardy, which is the current released version.
- martalli, on 09/27/2008, -0/+1I think that's the plan.
- martalli, on 09/27/2008, -0/+1The author makes it pretty clear he is talking about hardy and older versions of ubuntu...
- lionel1024, on 09/26/2008, -0/+1What?
You're saying its stupid to encrypt data, and in the next sentence say its easy for people to connect the HD to another machine to read the data? You state one reason data should be encrypted. - mintblogger, on 09/26/2008, -1/+1Nice piece of information for hiding folders on Ubuntu
- ethana2, on 09/26/2008, -3/+360% of desktop linux users, including myself, are on ubuntu. The second something in the guide becomes specific to ubuntu repos, it's an ubuntu guide. The second it involves a .deb package its either debian, ubuntu, or ubuntu derivatives, which make up about 65% of desktop linux share.
...I haven't read the thing, because it won't load, because the blasted web isn't based on the bittorrent protocol yet, but I have a feeling it's probably an Ubuntu guide, not a 'most modern distributions' guide.
....unless you're like me and don't consider rpm based OS'es 'modern distributions'...... but them's fighting words. - lionel1024, on 09/26/2008, -0/+0Why are people digging this down? He's completely right about Windows/NTFS being able to do this. I don't know the strength of said encryption, but it doesn't make sense to digg something down that is accurate.
- pyrates, on 09/26/2008, -1/+1It doesn't help if you include your passphrase in the command line to mount and unmount it. I'll wait until Ubuntu 8.10 integrates it for me.
- Codename, on 09/26/2008, -2/+2That default picture totally says: I'm in your filez encrypting your data.
- skyshock1, on 09/25/2008, -7/+2Put a . in front of the folder too so it doesn't show up in normal file browsing.
- inactive, on 09/26/2008, -7/+1So whats the use of hiding something on linux its not like its easy to detect like in windows.
- gilbes, on 09/26/2008, -8/+1It's not as simple as:
Right-click, properties, advanced, select "Encypt contents to secure data"
I ams sure there is an OS that has made it that easy for 7 years now.
Someday, maybe someday. - garnettxd, on 09/26/2008, -7/+0full disk encryption would never be needed for us normal users for the time and space it consumes
rm -r is stupid,you only make it complicated everytime viewing and saving your own file,people who want the data could plug your hdd on other OS. - arcane81, on 09/26/2008, -12/+1rm -r is a really good permanent encryption
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is