Talk:Disk encryption

From ArchWiki
Revision as of 12:06, 1 September 2013 by Indigo (Talk | contribs) (found it. one has to edit the table from the top of course ..Undo revision 273823 by Indigo (talk))

Jump to: navigation, search

Move out of User page

This page is quite good IMO. So it can be moved to a normal page. It can receive updates there and other pepole can contribute. -- Fengchao (talk) 06:20, 11 June 2012 (UTC)

+1 -- Kynikos (talk) 09:18, 12 June 2012 (UTC)
No respons from author. This will block [System_Encryption_with_LUKS] restructure so I do the job to move on.-- Fengchao (talk) 02:22, 15 June 2012 (UTC)
Hi, and sorry for abandoning this article half-way through and then forgetting about it.
As for writing the general introduction/explanation text (part of which consists of merging the corresponding sections from the System_Encryption_with_LUKS article into this one), I had already started working on that locally back when I created this article, but I have that file on a different computer than I am on now. If you give me until tomorrow (Monday) evening (European time), I'll bring what I have into a readable state and upload it to this page, and then everybody can help modifying/extending it.
The reason why I created the article as a user page and didn't move it into the main namespace right away, is that I originally planned to first discuss some feature requests with the wiki maintainers which would make the page more maintainable (without sacrificing user-friendliness). Namely, support for automatically numbered footnotes, and moving the comparison table formatting into a wiki-wide "comparison-table" CSS class (or maybe, separate "comparison-table-vertical" and "comparison-table-horizontal" classes). Right now, the comparison table's wiki markup is so messy and difficult to work with that I would feel guilty asking other people to help add info to it. --Sas (talk) 17:35, 17 June 2012 (UTC)
I added the main text sections now. It would be great if a native speaker with good language skills could do some copyediting for the individual subsections to formulate them more concisely and make them nicer to read. --Sas (talk) 20:42, 18 June 2012 (UTC)
Hi Sas, thank you for getting back working on this article!!
About the numbered footnotes, that would require the installation of an extension (involving web developers) and if we can keep it simpler instead it'd be better, since this would be the only article using that feature.
About the comparison-table class, can you report an existing example (in another wiki I guess) of what you mean exactly?
-- Kynikos (talk) 20:57, 19 June 2012 (UTC)

Proposed renaming of this article to "System Encryption" or "Encryption"

This was proposed by Kynikos in the form of a template added to this article, and also discussed here.

I disagree with the proposal, and still believe that "Disk Encryption" is the right name for this article. Let me try to explain why.

"Encryption" is a huge topic, encompassing a much bigger scope than this article could sensibly cover in the level of detail set out by the content I already added here, and the content that is to be merged here from System_Encryption_with_LUKS. There is (among others)...

  • manual encryption of pieces of data (no matter where it comes from / is stored / is going to)
    • GnuPG, ...
  • cryptographically protecting a communication channel
    • HTTPS, SSH, ...
  • cryptographically protecting a logical part of a storage disk (real or virtual)
    • Loop-AES, dm-crypt+LUKS, Truecrypt, eCryptfs, EncFs, ...

I believe that the article should exclusively deal with the latter topic. Trust me, there's enough valuable information on this to fill a whole article (just look at how big the comparison table alone grew already). It would only add confusion and result in TL;DR to mix other encryption-related topics into the same article.

I.e., the article should exclusively be about techniques which will cause all data written to a logical part of a disk to be automatically encrypted, and data read from it to be automatically decrypted.

All of the following are examples of logical parts of (real or virtual) storage disks:

  • a whole disk
  • a partition (or anything else represented as a block device)
  • a folder

So I don't see how the term "Disk Encryption" should be inclusive of block device encryption, but not of filesystem-level encryption, as Kynikos suggested in the renaming-proposal. The level at which the protected logical part of the disc is defined, is an just implementation detail - I don't see a conceptual difference there.

So that's why I believe "Disk Encryption" is a more sensible title than "Encryption".

Regarding "System Encryption", I believe that would actually not be inclusive enough of everything encompassed by the encryption methods described here.

In my mind, system encryption is a potential application of disk encryption - it's about securing the "system" itself (as in, an Arch Linux installation) from unauthorized access to its system and user data while the system is not running.

But disk encryption can also be used for simple data encryption, e.g. protecting a partition or folder in which confidential data files are to be stored, and letting the user unlock/lock the encrypted data container on demand or on login/logout. This has nothing to do with the "system" and whether it is running. (This is especially the case for the filesystem-based disk encryption methods.)

And of course there are many possible combinations and shades of grey in between.

"Disk encryption", to my ears at least, captures all of that quite nicely.

--Sas (talk) 18:37, 17 June 2012 (UTC)

Wow, you provided such an exhaustive argumentation in support of the current title that I don't think anyone will try to reply (including me) :) Let's stick with Disk Encryption then! It's worth to be noted that Wikipedia itself is a bit ambiguous in finding a consistent naming for this topic, see for example the intro of wikipedia:Filesystem-level encryption ("Filesystem-level encryption, often called file or folder encryption, is a form of disk encryption [...]") versus wikipedia:Disk encryption#Disk encryption vs. filesystem-level encryption. -- Kynikos (talk) 21:10, 19 June 2012 (UTC)

Proposed expansion for dm-crypt without LUKS

Hi, I want to gather quick feedback regarding the addition of [Plain_dm-crypt_without_LUKS]. The addition to Disk_Encryption#Block_device_encryption is swift. After that comes the sophisticated comparison table. Question for that is: Do we need to add an extra column for plain dm-crypt? A major disadvantage is the complexity of the table width. Now it scales great with the browser window; adding it as a separate column does not make that better. Further, the column should not be needed, because the original author gladly already mentioned when the LUKS extension is intrinsic for gaining a dm-crypt feature (e.g. Key salting states "Yes (with LUKS)"). So, in order not to complicate things, I would propose to just rename the column heading to "dm-crypt +/- LUKS" and reviewing the appropriate distinctions in the table are made. Ok?

Certain other features of plain dm-crypt may be added to the following text sections starting from Disk_Encryption#Preparation too, e.g. the dis-/advantages of the absence of a crypt header, but those are all free-text and can be expanded as required. --Indigo (talk) 07:42, 29 August 2013 (UTC)

Just renaming the column heading sounds reasonable, go for it! -- Kynikos (talk) 03:34, 31 August 2013 (UTC)
Done. Thanks, also for reviewing! closing this. I'll return later. I think next it would be great to phrase and link the setup examples in Disk_Encryption#Choosing_a_setup to the howtos again and then re-work downwards. --Indigo (talk) 11:18, 1 September 2013 (UTC)