Open Source Security
Welcome at » 2008 » November

Mike Halcrow has written a paper on Installing and configuring eCryptfs with a trusted platform module (TPM) key. This paper is available on IBM Systems Information Center along with a bunch of other step-by-step guides.
This paper describes how to use a TPM key directly with eCryptfs. It demonstrates the flexibility of eCryptfs’ pluggable key module framework. Since the TPM wasn’t designed to do bulk encryption, if you actually set eCryptfs up this way, you’ll get pretty low performance, but it is an interesting exercise nonetheless and if you have small bits of information that you want strongly protected, this does provide one good option. I hear that Mike is working on replicating this experiment with a wrappered key which should provide much better performance but requires a little additional code.
In addition to showing how to integrated the TPM with eCryptfs, this paper also contains a step-by-step descriptions on how to do ancillary operations like how to enable encrypted swap in Red Hat Enterprise Linux 5.2 and how to get your TPM up and operational. This side content alone makes the paper useful.

I’ve been writing this blog just over a year now. The year started out very strong with some my favorite posts coming early on. As my core job responsibilities moved beyond security, writing a security focused blog has become more difficult, and I have posted much less frequently over the past several months.

Looking back over the year, the posts with the most hits:

  1. Not With A Bang But A Whimper
  2. eCryptfs in Fedora 8
  3. Password Length
  4. Security Design Principles

While that list certainly includes the posts that are my favorites, I also keep going back to Linux Security Best Practices because the NSA guide is so valuable and contains the answers to many of the most often asked security questions.
And I remain surprised at how popular the posts of weekly news links have been.

I’ve enjoyed having this forum (far more than I expected) as a place to put my opinions and thoughts about Linux security, a place to focus my attention on Linux security, and a place to even post a few facts from time to time.

Thank you.