OpenELEC Forum
Encrypted file system? - Printable Version

+- OpenELEC Forum (
+-- Forum: Generic Forum (
+--- Forum: STORAGE (
+--- Thread: Encrypted file system? (/showthread.php?tid=76831)

Pages: 1 2

Encrypted file system? - RoccoJones - 05-12-2015

I like dm-crypt. That's what I use in Ubuntu. Googling for it reveals only TrueCrypt, but that's been discontinued. What's available now that I'm missing?
I have an R.Pi B+ running the latest stable OpenELEC, and the file system will be on an external 2.5" hdd.

Encrypted file system? - nickr - 05-12-2015

Why would you need this in a media player?

Encrypted file system? - RoccoJones - 05-12-2015

Good question. My Pi is going to double as a general file server.

Encrypted file system? - chewitt - 05-12-2015

TrueCrypt has been professionally audited and given a clean bill of health, so unless you are general purpose storing kiddie pr0n or state secrets that demand a higher level of paranoia insurance it is more than good enough. That said, I'd still argue that OE is a poor distro choice for a file server and anything that you want to be properly secure. OE is aiming for a sensible balance between security and usability, but while the basics are there and it's possible to do more with a little config we are somewhat deliberately quite far from being a "secure" distro.

Encrypted file system? - RoccoJones - 05-16-2015

How does the distro make it less secure?
I set up a test file system and I seem to have done it right, but I had to guess at a lot. I'd rather not hit-and-miss. Is there a wiki on this?

Encrypted file system? - chewitt - 05-16-2015

There are design choices in OE and things inherent from the way OE is packaged that prevent users from properly hardening the OS (e.g. there is one user, who is root) so if you need a "secure" OS we are not the distro to be using. There is no wiki on security matters because the project team have no interest in starting any kind of prolonged debate about how to improve security. We know it could be improved, but not without sacrificing usability, and we have made a conscious and deliberate choice in several areas to favour usability. If you understand and/or need OpSec there are many better distros to choose from and I'd argue encrypted filesystems are rather pointless when the insecure OS you mount the filesystem from stores the keys in plaintext. This also applies:

Encrypted file system? - RoccoJones - 05-16-2015

I mean is there a wiki for TrueCrypt.
The keys are stored? I thought that they keys were entered at mount-time in the form of a password.

Re:Re: Encrypted file system? - nickr - 05-16-2015

You appear to ignore the advice you are getting that oe is not really suited for this. Details of the build are here

Encrypted file system? - chewitt - 05-17-2015

RoccoJones post=140056 Wrote:I mean is there a wiki for TrueCrypt.

If you use key files to avoid needing to add a password each time the volume is mounted.. the credential sits in the filesystem. From an OpSec perspective I would consider this to have the same security value as a plaintext password.');

Encrypted file system? - nickr - 05-17-2015

particularly as in openelec everyone knows root's password!