Talk:Disk encryption

From ArchWiki
Revision as of 19:21, 19 November 2013 by Sas (Talk | contribs) (Unicode graphs/patterns)

Jump to: navigation, search

Unicode graphs/patterns

[Original title was Ascii graphs/patterns]

Hi, A small issue unrelated topic : how are ascii graphs/patterns made?

One method I know is: http://www.asciiflow.com/#Draw
--Indigo (talk) 20:45, 3 September 2013 (UTC)
Note that those graphs are not made with simple ASCII characters, but Unicode (I've fixed the title of the discussion).
Anyway, this is a very interesting question indeed, I too would like to know if there are any editors that can make it easy to draw such diagrams.
This would also solve Talk:Installing Arch Linux with EVMS#Image replacement contest.
Finally, an editor like that should be mentioned in Help:Style#Non-pertinent content.
-- Kynikos (talk) 05:47, 4 September 2013 (UTC)
I created these diagrams manually using Kate, which is a normal text editor (but it has an advanced feature called "Block Selection Mode" that helps a lot with this kind of stuff). I also kept a window of gucharmap open on one side of the screen, which allowed me to easily find and pick suitable Unicode characters.
--Sas (talk) 19:21, 19 November 2013 (UTC)

Move out of User page

This page is quite good IMO. So it can be moved to a normal page. It can receive updates there and other pepole can contribute. -- Fengchao (talk) 06:20, 11 June 2012 (UTC)

+1 -- Kynikos (talk) 09:18, 12 June 2012 (UTC)
No respons from author. This will block [System_Encryption_with_LUKS] restructure so I do the job to move on.-- Fengchao (talk) 02:22, 15 June 2012 (UTC)
Hi, and sorry for abandoning this article half-way through and then forgetting about it.
As for writing the general introduction/explanation text (part of which consists of merging the corresponding sections from the System_Encryption_with_LUKS article into this one), I had already started working on that locally back when I created this article, but I have that file on a different computer than I am on now. If you give me until tomorrow (Monday) evening (European time), I'll bring what I have into a readable state and upload it to this page, and then everybody can help modifying/extending it.
The reason why I created the article as a user page and didn't move it into the main namespace right away, is that I originally planned to first discuss some feature requests with the wiki maintainers which would make the page more maintainable (without sacrificing user-friendliness). Namely, support for automatically numbered footnotes, and moving the comparison table formatting into a wiki-wide "comparison-table" CSS class (or maybe, separate "comparison-table-vertical" and "comparison-table-horizontal" classes). Right now, the comparison table's wiki markup is so messy and difficult to work with that I would feel guilty asking other people to help add info to it. --Sas (talk) 17:35, 17 June 2012 (UTC)
I added the main text sections now. It would be great if a native speaker with good language skills could do some copyediting for the individual subsections to formulate them more concisely and make them nicer to read. --Sas (talk) 20:42, 18 June 2012 (UTC)
Hi Sas, thank you for getting back working on this article!!
About the numbered footnotes, that would require the installation of an extension (involving web developers) and if we can keep it simpler instead it'd be better, since this would be the only article using that feature.
About the comparison-table class, can you report an existing example (in another wiki I guess) of what you mean exactly?
-- Kynikos (talk) 20:57, 19 June 2012 (UTC)

Proposed renaming of this article to "System Encryption" or "Encryption"

This was proposed by Kynikos in the form of a template added to this article, and also discussed here.

I disagree with the proposal, and still believe that "Disk Encryption" is the right name for this article. Let me try to explain why.

"Encryption" is a huge topic, encompassing a much bigger scope than this article could sensibly cover in the level of detail set out by the content I already added here, and the content that is to be merged here from System_Encryption_with_LUKS. There is (among others)...

  • manual encryption of pieces of data (no matter where it comes from / is stored / is going to)
    • GnuPG, ...
  • cryptographically protecting a communication channel
    • HTTPS, SSH, ...
  • cryptographically protecting a logical part of a storage disk (real or virtual)
    • Loop-AES, dm-crypt+LUKS, Truecrypt, eCryptfs, EncFs, ...

I believe that the article should exclusively deal with the latter topic. Trust me, there's enough valuable information on this to fill a whole article (just look at how big the comparison table alone grew already). It would only add confusion and result in TL;DR to mix other encryption-related topics into the same article.

I.e., the article should exclusively be about techniques which will cause all data written to a logical part of a disk to be automatically encrypted, and data read from it to be automatically decrypted.

All of the following are examples of logical parts of (real or virtual) storage disks:

  • a whole disk
  • a partition (or anything else represented as a block device)
  • a folder

So I don't see how the term "Disk Encryption" should be inclusive of block device encryption, but not of filesystem-level encryption, as Kynikos suggested in the renaming-proposal. The level at which the protected logical part of the disc is defined, is an just implementation detail - I don't see a conceptual difference there.

So that's why I believe "Disk Encryption" is a more sensible title than "Encryption".

Regarding "System Encryption", I believe that would actually not be inclusive enough of everything encompassed by the encryption methods described here.

In my mind, system encryption is a potential application of disk encryption - it's about securing the "system" itself (as in, an Arch Linux installation) from unauthorized access to its system and user data while the system is not running.

But disk encryption can also be used for simple data encryption, e.g. protecting a partition or folder in which confidential data files are to be stored, and letting the user unlock/lock the encrypted data container on demand or on login/logout. This has nothing to do with the "system" and whether it is running. (This is especially the case for the filesystem-based disk encryption methods.)

And of course there are many possible combinations and shades of grey in between.

"Disk encryption", to my ears at least, captures all of that quite nicely.

--Sas (talk) 18:37, 17 June 2012 (UTC)

Wow, you provided such an exhaustive argumentation in support of the current title that I don't think anyone will try to reply (including me) :) Let's stick with Disk Encryption then! It's worth to be noted that Wikipedia itself is a bit ambiguous in finding a consistent naming for this topic, see for example the intro of wikipedia:Filesystem-level encryption ("Filesystem-level encryption, often called file or folder encryption, is a form of disk encryption [...]") versus wikipedia:Disk encryption#Disk encryption vs. filesystem-level encryption. -- Kynikos (talk) 21:10, 19 June 2012 (UTC)

Proposed expansion for dm-crypt without LUKS

Hi, I want to gather quick feedback regarding the addition of [Plain_dm-crypt_without_LUKS]. The addition to Disk_Encryption#Block_device_encryption is swift. After that comes the sophisticated comparison table. Question for that is: Do we need to add an extra column for plain dm-crypt? A major disadvantage is the complexity of the table width. Now it scales great with the browser window; adding it as a separate column does not make that better. Further, the column should not be needed, because the original author gladly already mentioned when the LUKS extension is intrinsic for gaining a dm-crypt feature (e.g. Key salting states "Yes (with LUKS)"). So, in order not to complicate things, I would propose to just rename the column heading to "dm-crypt +/- LUKS" and reviewing the appropriate distinctions in the table are made. Ok?

Certain other features of plain dm-crypt may be added to the following text sections starting from Disk_Encryption#Preparation too, e.g. the dis-/advantages of the absence of a crypt header, but those are all free-text and can be expanded as required. --Indigo (talk) 07:42, 29 August 2013 (UTC)

Just renaming the column heading sounds reasonable, go for it! -- Kynikos (talk) 03:34, 31 August 2013 (UTC)
Done. Thanks, also for reviewing! closing this. I'll return later. I think next it would be great to phrase and link the setup examples in Disk_Encryption#Choosing_a_setup to the howtos again done. Next parts that should get edited are Disk_Encryption#Basic_principle by adding a differentiation between a plain and a master key. Disk_Encryption#Keys.2C_keyfiles_and_passphrases should be split up into the basics about passphrases/keyfiles and the rest (diagrams explaining key-derivation, master key, salting, etc.). The later may be better put into Disk_Encryption#Cryptographic_metadata and perhaps Disk_Encryption#Data_integrity.2Fauthenticity. For the connection to Disk_Encryption#Keys.2C_keyfiles_and_passphrases those two should be moved atop Disk_Encryption#Ciphers_and_modes_of_operation. On the way, plain can be mentioned too as an example again against the others with encrypted master keys, headers or key-sigs. One point I am unsure about is to keep Disk_Encryption#Data_integrity.2Fauthenticity. It could also be mentioned briefly in Disk_Encryption#Basic_principle. Won't that not be enough? --Indigo (talk) 20:02, 4 September 2013 (UTC)
I think it's perfectly fine if you mention Disk_Encryption#Data_integrity.2Fauthenticity into Disk_Encryption#Basic_principle or Disk_Encryption#How the encryption works. Also Disk_Encryption#Plausible deniability has a good article on Wikipedia:Plausible deniability, we could, and probably should, just link there. -- Kynikos (talk) 10:28, 8 September 2013 (UTC)
+1 on should (good one indeed; yes, we can). I have re-shuffled those sections and added references to plain mode. In fact we now mention it all the way through the article. Have a look sometime please, if we can close this and the expansion tag can be purged. --Indigo (talk) 19:21, 12 September 2013 (UTC)
Wonderful job Indigo! I'll leave the final tasks of removing the Exp tag and closing this discussion to you ;) Thank you -- Kynikos (talk) 02:23, 14 September 2013 (UTC)
Thanks! On to new endeavours. Closing. --Indigo (talk) 11:29, 14 September 2013 (UTC)