1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Requesting porting TrueCrypt to FreeBSD

Discussion in 'Porting New Software' started by ph0enix, Apr 2, 2009.

  1. ph0enix

    ph0enix New Member

    Messages:
    307
    Likes Received:
    0
  2. Watermelon

    Watermelon New Member

    Messages:
    2
    Likes Received:
    0
    Hi,

    there is also a FreeBSD config in Makefile oft the Linux/OSX Sourcecode....

    about a year ago i requested that port too.... the german bsdgroup made a experimental port, the gui worked quiet well....

    the problem was that system completly hung when copying bigger(few MB) to a container(with pw and keyfile)....

    i dont remember more but there should be more info in the froum of the german bsdgroup and also on portsmailinglist...

    https://forum.bsdgroup.de/showthread.php?t=1704
    http://lists.freebsd.org/pipermail/freebsd-ports/2008-February/046790.html

    regards Watermelon
     
  3. oliverh

    oliverh New Member

    Messages:
    557
    Likes Received:
    0
    I do think it has something to do with fusefs, but then I didn't try it anymore.
     
  4. halplus

    halplus New Member

    Messages:
    64
    Likes Received:
    0
    Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:

    http://en.wikipedia.org/wiki/GEOM
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html

    Is quite an advanced piece of software the one you decided to use ;). No game. Well maybe more user friendly things could make it more popular but the power is right there ;). Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).
     
  5. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,427
    Likes Received:
    16
    Unfortunately you can't attach a geli encrypted volume as a non-root user.

    I for one would be interested in something that a non-root user could use. On the fly attaching/mounting of encrypted volumes (think USB harddisks/memory sticks).
     
  6. graudeejs

    graudeejs Member

    Messages:
    4,594
    Likes Received:
    0
    you can....
    you need to install and configure security/sudo
    you can even configure it to allow attaching without password (Not the geli passphrase, don't get confused)
     
  7. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,427
    Likes Received:
    16
    I am familiar with sudo but that's not what I had in mind. As in essence you still need root to do it (sudo takes care of the root bit). I want something a non-root user can use without the need for any type of root access.
     
  8. halplus

    halplus New Member

    Messages:
    64
    Likes Received:
    0
    Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.
     
  9. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,427
    Likes Received:
    16
    It's what vfs.usermount does. And hald plus a DE. Doesn't work for encrypted volumes though..
     
  10. hedwards

    hedwards New Member

    Messages:
    189
    Likes Received:
    0
    Well the reason why some want Truecrypt is mainly for interoperability purposes, I'm not personally aware of other options which are going to work in that fashion on Windows and Linux. Getting it to work on FreeBSD would mean that we wouldn't need to get the partitions working between programs.
     
  11. Dara

    Dara New Member

    Messages:
    18
    Likes Received:
    0
    Any news on this ?
    it would be nice to have something that could be used on both BSD and windows..
     
  12. dennylin93

    dennylin93 New Member

    Messages:
    784
    Likes Received:
    0
    Sometimes it is necessary. People usually use a normal user for desktop environments. It would be quite absurd if they needed root privileges every time they plugged in a USB stick or use a CD/DVD.
     
  13. feralape

    feralape New Member

    Messages:
    146
    Likes Received:
    0
    GEOM is really nice. Unfortunately it's a pain to use if you want to have an encrypted root drive. Also, you can't really share GEOM volumes like you can with truecrypt.

    Truecrypt support a "file based" FS and you can stick that on a memory stick and open it on your Windows, Mac and Linux workstations.
     
  14. honk

    honk New Member

    Messages:
    134
    Likes Received:
    0
    A pain? Why do you think so? Is TrueCrypt better when it comes to complete disk encryption? Just curious...
     
  15. Oko

    Oko Member

    Messages:
    518
    Likes Received:
    3
    Because he doesn't know what he is talking about. Geli is kernel driver. TrueCrypt is userland program. Colin Percival's scrypt is by far the best userland crypto function available. By the way Colin Parcival is one of the brightest FreeBSD developers and I am not saying that just because he has Ph.D. in mathematics from Oxford University;)
     
  16. halplus

    halplus New Member

    Messages:
    64
    Likes Received:
    0
    Allright I buy the interoperability reason. What i still do not buy is the port. I mean wouldn't be better to instead of reuse code that works in Kernel Mode for another OS to reuse code from FreeBSD? (TrueCrypt has a KM driver at least in windows). Also does it needs to be done in KM? I mean in linux you can use loopback and losetup to mount a file as disk partition (thinking about reuse here and also base security on existing one)
     
  17. halplus

    halplus New Member

    Messages:
    64
    Likes Received:
    0
    Well in any case (including desktop usage) leave anybody do that is a magnificent security hole in some use cases (if not all). And.. do you need to grant all privileges to do that? I mean somebody mentioned sudo wich i think is a nice option (configurable at will). Or maybe sudo a script that mounts x or y only.
     
  18. halplus

    halplus New Member

    Messages:
    64
    Likes Received:
    0
  19. dekloper

    dekloper New Member

    Messages:
    4
    Likes Received:
    0
    It`s all very well, but in the current working system is not very convenient, since the cryptosystem based on geom_eli involves the destruction of existing data files.
    I would like to see a solution, allowing encryption of existing data, such as truecrypt.
    There is a similar opensource project for Win-platforms http://diskcryptor.net
     
  20. danger@

    danger@ Administrator Staff Member Administrator Moderator Developer

    Messages:
    818
    Likes Received:
    5
    you can always backup && restore onto an encrypted partition...
     
  21. jkusniar

    jkusniar New Member

    Messages:
    2
    Likes Received:
    0
    pefs

    Hello. While looking around for encryption solution, which could be used by regular users to encrypt e.g. one directory inside their home dir, I have found this: http://wiki.freebsd.org/SOC2009GlebKurtsov. Does anyone have any experience with it?
     
  22. foo_daemon

    foo_daemon New Member

    Messages:
    43
    Likes Received:
    0
    Someone has (at long last?) complied with this request! security/truecrypt.
    Apparently the latest version (7.1) supports the GUI, but hell, I would be fine with just a working command line version. I'm updating my ports and installing it now..