Requesting porting TrueCrypt to FreeBSD [Archive]

View Full Version : Requesting porting TrueCrypt to FreeBSD

ph0enix

April 2nd, 2009, 18:40

What's the chance of someone actually doing that?
The OS-X source code can be downloaded here:
http://www.truecrypt.org/downloads2

Thanks! :)

J.

Watermelon

April 3rd, 2009, 09:04

Hi,

there is also a FreeBSD config in Makefile oft the Linux/OSX Sourcecode....

about a year ago i requested that port too.... the german bsdgroup made a experimental port, the gui worked quiet well....

the problem was that system completly hung when copying bigger(few MB) to a container(with pw and keyfile)....

i dont remember more but there should be more info in the froum of the german bsdgroup and also on portsmailinglist...

https://forum.bsdgroup.de/showthread.php?t=1704
http://lists.freebsd.org/pipermail/freebsd-ports/2008-February/046790.html

regards Watermelon

oliverh

April 5th, 2009, 09:20

I do think it has something to do with fusefs, but then I didn't try it anymore.

halplus

May 14th, 2009, 07:31

SirDice

May 14th, 2009, 09:36

Unfortunately you can't attach a geli encrypted volume as a non-root user.

I for one would be interested in something that a non-root user could use. On the fly attaching/mounting of encrypted volumes (think USB harddisks/memory sticks).

graudeejs

May 14th, 2009, 09:49

you can....
you need to install and configure security/sudo
you can even configure it to allow attaching without password (Not the geli passphrase, don't get confused)

SirDice

May 14th, 2009, 11:14

you can....
you need to install and configure security/sudo
you can even configure it to allow attaching without password (Not the geli passphrase, don't get confused)

I am familiar with sudo but that's not what I had in mind. As in essence you still need root to do it (sudo takes care of the root bit). I want something a non-root user can use without the need for any type of root access.

halplus

June 25th, 2009, 06:54

Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.

SirDice

June 25th, 2009, 07:41

Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.

It's what vfs.usermount does. And hald plus a DE. Doesn't work for encrypted volumes though..

hedwards

July 1st, 2009, 19:37

Is quite an advanced piece of software the one you decided to use ;). No game. Well maybe more user friendly things could make it more popular but the power is right there ;). Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).
Well the reason why some want Truecrypt is mainly for interoperability purposes, I'm not personally aware of other options which are going to work in that fashion on Windows and Linux. Getting it to work on FreeBSD would mean that we wouldn't need to get the partitions working between programs.

Dara

October 28th, 2009, 13:45

Any news on this ?
it would be nice to have something that could be used on both BSD and windows..

dennylin93

October 28th, 2009, 14:10

Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.

Sometimes it is necessary. People usually use a normal user for desktop environments. It would be quite absurd if they needed root privileges every time they plugged in a USB stick or use a CD/DVD.

feralape

November 11th, 2009, 09:41

Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:

http://en.wikipedia.org/wiki/GEOM
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html

Is quite an advanced piece of software the one you decided to use ;). No game. Well maybe more user friendly things could make it more popular but the power is right there ;). Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).

GEOM is really nice. Unfortunately it's a pain to use if you want to have an encrypted root drive. Also, you can't really share GEOM volumes like you can with truecrypt.

Truecrypt support a "file based" FS and you can stick that on a memory stick and open it on your Windows, Mac and Linux workstations.

honk

November 11th, 2009, 23:05

GEOM is really nice. Unfortunately it's a pain to use if you want to have an encrypted root drive.

A pain? Why do you think so? Is TrueCrypt better when it comes to complete disk encryption? Just curious...

Oko

November 12th, 2009, 05:27

A pain? Why do you think so? Is TrueCrypt better when it comes to complete disk encryption? Just curious...
Because he doesn't know what he is talking about. Geli is kernel driver. TrueCrypt is userland program. Colin Percival's scrypt is by far the best userland crypto function available. By the way Colin Parcival is one of the brightest FreeBSD developers and I am not saying that just because he has Ph.D. in mathematics from Oxford University;)

halplus

November 25th, 2009, 15:36

Well the reason why some want Truecrypt is mainly for interoperability purposes, I'm not personally aware of other options which are going to work in that fashion on Windows and Linux. Getting it to work on FreeBSD would mean that we wouldn't need to get the partitions working between programs.

Allright I buy the interoperability reason. What i still do not buy is the port. I mean wouldn't be better to instead of reuse code that works in Kernel Mode for another OS to reuse code from FreeBSD? (TrueCrypt has a KM driver at least in windows). Also does it needs to be done in KM? I mean in linux you can use loopback and losetup to mount a file as disk partition (thinking about reuse here and also base security on existing one)

halplus

November 25th, 2009, 15:51

Sometimes it is necessary. People usually use a normal user for desktop environments. It would be quite absurd if they needed root privileges every time they plugged in a USB stick or use a CD/DVD.

Well in any case (including desktop usage) leave anybody do that is a magnificent security hole in some use cases (if not all). And.. do you need to grant all privileges to do that? I mean somebody mentioned sudo wich i think is a nice option (configurable at will). Or maybe sudo a script that mounts x or y only.

halplus

November 25th, 2009, 16:02

I mean in linux you can use loopback and losetup to mount a file as disk partition (thinking about reuse here and also base security on existing one)

Ok is not the same as in linux:

http://www.freebsd.org/doc/en/books/handbook/disks-virtual.html

dekloper

January 21st, 2010, 12:22

Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:

http://en.wikipedia.org/wiki/GEOM
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html

Is quite an advanced piece of software the one you decided to use ;). No game. Well maybe more user friendly things could make it more popular but the power is right there ;). Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).

It`s all very well, but in the current working system is not very convenient, since the cryptosystem based on geom_eli involves the destruction of existing data files.
I would like to see a solution, allowing encryption of existing data, such as truecrypt.
There is a similar opensource project for Win-platforms http://diskcryptor.net

danger@

January 22nd, 2010, 01:16

you can always backup && restore onto an encrypted partition...

jkusniar

January 26th, 2010, 13:27

Hello. While looking around for encryption solution, which could be used by regular users to encrypt e.g. one directory inside their home dir, I have found this: http://wiki.freebsd.org/SOC2009GlebKurtsov. Does anyone have any experience with it?

foo_daemon

October 21st, 2011, 18:20

Someone has (at long last?) complied with this request! security/truecrypt.
Apparently the latest version (7.1) supports the GUI, but hell, I would be fine with just a working command line version. I'm updating my ports and installing it now..