Requesting porting TrueCrypt to FreeBSD

Hi,

there is also a FreeBSD config in Makefile oft the Linux/OSX Sourcecode....

about a year ago i requested that port too.... the german bsdgroup made a experimental port, the gui worked quiet well....

the problem was that system completly hung when copying bigger(few MB) to a container(with pw and keyfile)....

i dont remember more but there should be more info in the froum of the german bsdgroup and also on portsmailinglist...

https://forum.bsdgroup.de/showthread.php?t=1704
http://lists.freebsd.org/pipermail/freebsd-ports/2008-February/046790.html

regards Watermelon
 
Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:

http://en.wikipedia.org/wiki/GEOM
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html

Is quite an advanced piece of software the one you decided to use ;). No game. Well maybe more user friendly things could make it more popular but the power is right there ;). Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).
 
Unfortunately you can't attach a geli encrypted volume as a non-root user.

I for one would be interested in something that a non-root user could use. On the fly attaching/mounting of encrypted volumes (think USB harddisks/memory sticks).
 
killasmurf86 said:
you can....
you need to install and configure security/sudo
you can even configure it to allow attaching without password (Not the geli passphrase, don't get confused)

I am familiar with sudo but that's not what I had in mind. As in essence you still need root to do it (sudo takes care of the root bit). I want something a non-root user can use without the need for any type of root access.
 
Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.
 
halplus said:
Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.

It's what vfs.usermount does. And hald plus a DE. Doesn't work for encrypted volumes though..
 
halplus said:
Is quite an advanced piece of software the one you decided to use ;). No game. Well maybe more user friendly things could make it more popular but the power is right there ;). Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).
Well the reason why some want Truecrypt is mainly for interoperability purposes, I'm not personally aware of other options which are going to work in that fashion on Windows and Linux. Getting it to work on FreeBSD would mean that we wouldn't need to get the partitions working between programs.
 
halplus said:
Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.

Sometimes it is necessary. People usually use a normal user for desktop environments. It would be quite absurd if they needed root privileges every time they plugged in a USB stick or use a CD/DVD.
 
halplus said:
Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:

http://en.wikipedia.org/wiki/GEOM
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html

Is quite an advanced piece of software the one you decided to use ;). No game. Well maybe more user friendly things could make it more popular but the power is right there ;). Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).

GEOM is really nice. Unfortunately it's a pain to use if you want to have an encrypted root drive. Also, you can't really share GEOM volumes like you can with truecrypt.

Truecrypt support a "file based" FS and you can stick that on a memory stick and open it on your Windows, Mac and Linux workstations.
 
feralape said:
GEOM is really nice. Unfortunately it's a pain to use if you want to have an encrypted root drive.

A pain? Why do you think so? Is TrueCrypt better when it comes to complete disk encryption? Just curious...
 
honk said:
A pain? Why do you think so? Is TrueCrypt better when it comes to complete disk encryption? Just curious...
Because he doesn't know what he is talking about. Geli is kernel driver. TrueCrypt is userland program. Colin Percival's scrypt is by far the best userland crypto function available. By the way Colin Parcival is one of the brightest FreeBSD developers and I am not saying that just because he has Ph.D. in mathematics from Oxford University;)
 
hedwards said:
Well the reason why some want Truecrypt is mainly for interoperability purposes, I'm not personally aware of other options which are going to work in that fashion on Windows and Linux. Getting it to work on FreeBSD would mean that we wouldn't need to get the partitions working between programs.

Allright I buy the interoperability reason. What i still do not buy is the port. I mean wouldn't be better to instead of reuse code that works in Kernel Mode for another OS to reuse code from FreeBSD? (TrueCrypt has a KM driver at least in windows). Also does it needs to be done in KM? I mean in linux you can use loopback and losetup to mount a file as disk partition (thinking about reuse here and also base security on existing one)
 
dennylin93 said:
Sometimes it is necessary. People usually use a normal user for desktop environments. It would be quite absurd if they needed root privileges every time they plugged in a USB stick or use a CD/DVD.

Well in any case (including desktop usage) leave anybody do that is a magnificent security hole in some use cases (if not all). And.. do you need to grant all privileges to do that? I mean somebody mentioned sudo wich i think is a nice option (configurable at will). Or maybe sudo a script that mounts x or y only.
 
halplus said:
Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:

http://en.wikipedia.org/wiki/GEOM
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html

Is quite an advanced piece of software the one you decided to use ;). No game. Well maybe more user friendly things could make it more popular but the power is right there ;). Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).

It`s all very well, but in the current working system is not very convenient, since the cryptosystem based on geom_eli involves the destruction of existing data files.
I would like to see a solution, allowing encryption of existing data, such as truecrypt.
There is a similar opensource project for Win-platforms http://diskcryptor.net
 
you can always backup && restore onto an encrypted partition...
 
Someone has (at long last?) complied with this request! security/truecrypt.
Apparently the latest version (7.1) supports the GUI, but hell, I would be fine with just a working command line version. I'm updating my ports and installing it now..
 
Back
Top