View previous topic :: View next topic |
Author |
Message |
marrowhk Apprentice
Joined: 25 Jul 2007 Posts: 250
|
Posted: Sat Feb 09, 2008 6:17 am Post subject: Truecrypt (5.0) |
|
|
Truecrypt 5.0 for linux is out and now contains a built-in dialog/full gui for password entry!
In the past we've needed to create scripts like this to mount an encrypted pen-usb: (Gnome example)
Code: | (A) zenity --entry --title="Truecrypt Password" --text="Enter Your Password:" --hide-text | sudo truecrypt -u /media/directory-x/xxx.tc /media/directory-y |
Given an entry exists in your fstab for the receiving directory (shows the mount point clearly in nautilus):
Code: | (B)/dev/mapper/truecrypt0 /media/directory-y fuse users,noauto 0 0 |
Now, we can change script (A) to the following with truecrypt 5.0 whilst leaving the fstab entry intact:
Code: | truecrypt /media/directory-x/xxx.tc /media/directory-y |
The inbuilt dialog will now ask for the password, and give you options as well; no need for zenity, or any other external dialog construction! _________________ You'll always come back to GENTOOOOOOO ! (Trust me...)
Last edited by marrowhk on Sat Feb 09, 2008 6:37 am; edited 3 times in total |
|
Back to top |
|
|
R-Type n00b
Joined: 22 Sep 2002 Posts: 62
|
Posted: Sat Feb 09, 2008 6:29 am Post subject: |
|
|
There are some rather annoying regressions in Truecrypt 5.0.
1. linux version cannot create hidden volumes. !!!?
2. the command line 'mount options' only accepts a few parameters, but the dialog box input accepts any option. I had to look at the code to figure out why my cmdline scripts weren't running.
3. does not compile on x86_64 without some typesize cleanups.
4. now requires X running to execute, which is frankly stupid.
This release feels rushed to me...that or they were focused on the windows version. Hopefully 5.1 will fix these... |
|
Back to top |
|
|
marrowhk Apprentice
Joined: 25 Jul 2007 Posts: 250
|
Posted: Sat Feb 09, 2008 6:31 am Post subject: |
|
|
The regressions are a shame. I guess if you're using hidden volumes you'll need to stick with 4.3a _________________ You'll always come back to GENTOOOOOOO ! (Trust me...) |
|
Back to top |
|
|
R-Type n00b
Joined: 22 Sep 2002 Posts: 62
|
Posted: Sat Feb 09, 2008 6:33 am Post subject: |
|
|
It mounts 4.3a hidden partitions just fine.. The wizard says it can't create them.. |
|
Back to top |
|
|
marrowhk Apprentice
Joined: 25 Jul 2007 Posts: 250
|
Posted: Sat Feb 09, 2008 6:36 am Post subject: |
|
|
Can't you just slot these version somehow so you have a CLI route to create a hidden volume _________________ You'll always come back to GENTOOOOOOO ! (Trust me...) |
|
Back to top |
|
|
R-Type n00b
Joined: 22 Sep 2002 Posts: 62
|
Posted: Sat Feb 09, 2008 6:48 am Post subject: |
|
|
I doubt 5.0 volumes are openable with 4.3 because of the new XEX key handling mode, which is the major new crypto feature in 5.0. If the user has to forgo XEX to make hidden volumes, then he might as well stay with 4.3a for now...or create his volume in windows (if that works, I haven't tried). Another thing I forgot to add to my list is the lack of a complete command line interface. It doesn't even look like you can create volumes without running the GUI wizard. Yuck.
Imo, it's best to wait until they fix these things before adding to portage.. It's not even a feature complete release :\. |
|
Back to top |
|
|
maltheus Tux's lil' helper
Joined: 14 Aug 2004 Posts: 125 Location: Colorado Springs
|
Posted: Mon Feb 11, 2008 5:51 pm Post subject: |
|
|
What a pain! I didn't realize this release cripples the command line. Hopefully they'll fix that before the old version leave portage. Does anybody know of any decent Truecrypt alternatives (I don't care about Windows support)? |
|
Back to top |
|
|
nirax Guru
Joined: 06 Jul 2004 Posts: 319 Location: Germany, old Europe
|
Posted: Mon Feb 11, 2008 11:02 pm Post subject: |
|
|
regarding truecrpyt 5 release i have two questions, maybe someone knows the answer
1) is there a speed difference to cryptsetup/dmcrypt ? (under comparable algorythm)
2) did anyone made experiences already using TC 5.0 under amd64 systems ? Curremtly its ~amd64 only enabled, so im gonna wait for a stable gentoo release anyway, but maybe someone made already experiences.
background is, that im using a drive to store, unpack and "put together" movies and stuff. This is performing quite some system lag using current cryptsetup, so im looking for any possibility to speed it up somehow, while still taking partition encryption benefit. _________________ quot licet iovi non licet bovi |
|
Back to top |
|
|
R-Type n00b
Joined: 22 Sep 2002 Posts: 62
|
Posted: Wed Feb 13, 2008 1:45 am Post subject: |
|
|
Well, 5.0 uses libfuse and a standard loop device instead of dm like 4.3. I would imagine this might be a bit slower? I'll bet, though, that the crypto stuff will bottleneck your cpu first. luks might be faster than both of them. benchmark and see.
5.0 will not build on amd64 without typedef fixes. |
|
Back to top |
|
|
Havin_it Veteran
Joined: 17 Jul 2005 Posts: 1247 Location: Edinburgh, UK
|
Posted: Wed Feb 13, 2008 11:29 am Post subject: |
|
|
Lots of doubt about upgrading to this version
1) How is auto mount/unmount handled now if it has to be done while X is running?
2) I tried building it myself before it went int the tree, and the "admin password required" dialog when trying to mount a volume didn't succeed. (Result: had to run it with sudo, just as I do now ) Am I missing something or is it fixed in portage?
3) Now that mounting is a single-step operation (no access to the raw device) how are you supposed to use fsck on your filesystem? I crash a lot so this is quite important.
4) Why is the package fetch-restricted? |
|
Back to top |
|
|
JayJay78 n00b
Joined: 29 Jan 2004 Posts: 32
|
Posted: Wed Feb 13, 2008 5:13 pm Post subject: |
|
|
hi Havin_it,
Quote: | 1) How is auto mount/unmount handled now if it has to be done while X is running? |
I mean
(for textmode) is what you want?
Or do you mean, you shut down your system, and the truecrypt-volume or partition is auto unmounted?
Look at: /lib/rcscripts/addons/truecrypt-stop.sh
I have disabled the GUI Stuff (with -t), because i do not need them.
JJ |
|
Back to top |
|
|
Havin_it Veteran
Joined: 17 Jul 2005 Posts: 1247 Location: Edinburgh, UK
|
Posted: Thu Feb 14, 2008 12:53 am Post subject: |
|
|
Yeah, I was under the impression it wouldn't be able to do *anything* unless X was running, meaning that rcscript wouldn't work. I've learned a bit more now
Also it seems to work fine as non-root now, not sure what the problem was before.
And as for my occasional need to fsck, I see now that there's the "do not mount" option in the password dialog options, so it's all good.
All in all, my worries are fully cured. Although I'll keep hold of a binpkg of 4.3a in case I need at some point to make a hidden volume... |
|
Back to top |
|
|
dave_deu Tux's lil' helper
Joined: 21 Aug 2005 Posts: 97 Location: East Anglia, UK
|
Posted: Tue Feb 26, 2008 11:35 pm Post subject: |
|
|
Hi, I'm new to Truecrypt. I set ACCEPT_KEYWORDS so v5.0 of Truecrypt installed. I had the Truecrypt module modprobed and the encrypted volume worked fine.
Now, I had a problem on boot come up complaining about the module being the wrong format or something. Anyway, despite there being no Truecrypt module loaded I tried mounting the device and it worked anyway. What's going on!?!? Does Truecrypt not need the module loaded to work?
Thanks,
Dave. |
|
Back to top |
|
|
Havin_it Veteran
Joined: 17 Jul 2005 Posts: 1247 Location: Edinburgh, UK
|
Posted: Wed Feb 27, 2008 1:27 am Post subject: |
|
|
dave_deu, there is a major difference between v4.3a and v5.0* in terms of module structure. The old version built its own kernel module (and so had to be rebuilt every time the kernel was upgraded). The 5.0 version uses FUSE (Filesystems in Userspace) which is part of the kernel (may be built-in or as a module), there's no actual truecrypt module anymore, so it doesn't need rebuilding for a new kernel.
Anyway, your problem is perhaps due to the old-version module still attempting to load itself into the kernel. Run update-modules as root and that should get rid of the error. If you've previously added the truecrypt module to /etc/modules.autoload.d/ then make sure you also remove it from there. |
|
Back to top |
|
|
dave_deu Tux's lil' helper
Joined: 21 Aug 2005 Posts: 97 Location: East Anglia, UK
|
Posted: Wed Feb 27, 2008 4:39 pm Post subject: |
|
|
Thanks for that. All is explained. Truecrypt 5 is working well, though shame they do not build in more options than for VFAT filesystems. |
|
Back to top |
|
|
Havin_it Veteran
Joined: 17 Jul 2005 Posts: 1247 Location: Edinburgh, UK
|
Posted: Thu Feb 28, 2008 10:57 am Post subject: |
|
|
Well, perhaps in time there will be more... in fairness, that's only one less than you get with Windows, and I would think few Linux users will be queuing up to make NTFS formatted crypts
Besides, once you've made the crypt you can reformat it to whatever you want using system tools. |
|
Back to top |
|
|
|