crypto filesystem


Forum: System
Topic: crypto filesystem
started by: kairos@dsl
Posted by kairos@dsl on Jan. 28 2006,11:29
Hi,

is it possible to create and use a crypto filesystem (e.g. /home, /tmp, /var) with dsl? How to do it? Experiences with Performance?
I use the search for this forum and google, but i can't find a topic for dsl... Thanks for help!

Kairos
Posted by kairos@dsl on Feb. 01 2006,12:34
no ideas for solution?
Posted by clacker on Feb. 01 2006,13:13
< loop-aes > is included with dsl.

Here is a link to < encrypted backups. >

The < system section of the repository > holds PGP from GNU.
Posted by clacker on Feb. 01 2006,18:33
As far as perfomance, not so bad.  I ran the following experiment to create a mounted loop and a mounted encrypted loop and compared the performance:

Code Sample
# create two 20M files to use as an ecrypted and unencrypted loop
dd if=/dev/zero of=secret.img bs=20M count=1
dd if=/dev/zero of=unsecret.img bs=20M count=1

# change to root and setup the two loops for use
sudo su
losetup -e aes256 -S "damnsmalllinux" /dev/loop1 secret.img
## used password=onetwothreeonetwothree
## not really secure, but this is just for timing
mke2fs -j /dev/loop1
mke2fs unsecret.img
## said y to prompt, it's OK
mkdir /mnt/efs
mkdir /mnt/uefs
mount /dev/loop1 /mnt/efs
mount unsecret.img /mnt/efs -o loop

# create a test directory and script to copy, move and delete files
mkdir test
dd if=/dev/random of=test/1Mtest bs=1M count=1
mkdir test/temp
# create the test.sh script below and make it executable
vi test/test.sh
chmod 777 test/test.sh
cp -r /home/dsl/test /mnt/efs
cp -r /home/dsl/test /mnt/uefs

# run the tests
cd test
time ./test.sh
cd /mnt/uefs/test
time ./test.sh
cd /mnt/efs/test
time ./test.sh


and this is test.sh:

Code Sample
#!/bin/bash
#test.sh
#
# copies, moves, and deletes to check loop performance

i=0

while [ $i -lt 6000 ]
do
  i=`expr $i + 1`
  cp -f 1Mtest temp/1Mtest1
  cp -f 1Mtest temp/1Mtest2
  cp -f 1Mtest temp/1Mtest3
  cp -f 1Mtest temp/1Mtest4
  mv -f temp/1Mtest1 temp/1Mtest1a
  mv -f temp/1Mtest2 temp/1Mtest2a
  mv -f temp/1Mtest3 temp/1Mtest3a
  mv -f temp/1Mtest4 temp/1Mtest4a
  rm -f temp/1Mtest1a
  rm -f temp/1Mtest2a
  rm -f temp/1Mtest3a
  rm -f temp/1Mtest4a
done


my results were:

test in /home/dsl:
real    0m49.192s
user    0m20.260s
sys     0m28.900s

test in loop mounted file:
real    0m49.802s
user    0m20.380s
sys     0m29.000s

test in encrypted loop file:
real    0m50.128s
user    0m20.260s
sys     0m29.660s

So it looks like the encrypted file system takes a very minor hit in terms of speed, maybe 2% slower.
Posted by kairos@dsl on Feb. 01 2006,21:29
Thank you very mutch! This is exactly, what i mean! :)
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.