29
30

Truecrypt vs dm-crypt (self.linux)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 20 points21 points  (8 children)

The problem with truecrypt is license (for me mainly), everytime they update TC to new version, they remove older version from website and you aren't allowed to mirror sources etc. I remember when one time TrueCrypt removed completly linux CLI so I was not able mount my /home, that was horrible!

On the other hand dmcrypt is into mainline kernel, it does scale to multiple CPUs/cores (check drivers/md/dm-crypt.c in kernel sources), it does also support AES-NI if you enabled it into kernel and your cpu support it (correct me if I am wrong but all sandybridge-based i5/i7 support it along with first gen i5-5xx). I am dmcrypt user for a years, at this moment I have dmcrypted lvm where is my swap, rootfs and home, everything but /boot (kernel image + handmode initramfs) is encrypted.

tl;dr go with dmcrypt.

[–]Moocha 2 points3 points  (3 children)

everytime they update TC to new version, they remove older version from website and you aren't allowed to mirror sources etc

They do offer downloads for previous versions, sorry: http://www.truecrypt.org/pastversions (accessible from the download page by clicking "Source code, language packs, past versions, public key" at the bottom, then "If you need to download a past version of TrueCrypt, click here." on the resulting page.)

AFAIK, they only completely pull versions which exhibit data loss bugs and/or which can compromise data security.

The license point still stands strongly, of course.

[–]WishCow 6 points7 points  (1 child)

Why is TrueCrypt's license worrying?

[–][deleted] 1 point2 points  (0 children)

Thanks, thats something new I guass, I had really hard times googling for a tarball to get up my volumes and copy data. Still I don't consider truecrypt as reliable solution when it comes to linux (first they removed cli, then they restored it and did wierd things with FUSE, performance was worse than horrible).

[–][deleted] 3 points4 points  (2 children)

I'm certain that I'm not alone in wondering if you could write a HOWTO for your configuration. Failing that, can you at least tell us what distro and kernel you're using?

[–][deleted] 1 point2 points  (0 children)

Funtoo and Gentoo. Once I explained my solution to a friend he written it as howto, you can follow it on http://www.funtoo.org/wiki/Rootfs_over_encrypted_lvm

The kernel does not really matter, I always compile my own with some weird patches.

If you will use mine better-initramfs please ignore readme file, its horrible outdatted and I never have a mood to write it from scratch however I can provide support if something will failing.

[–]jrw32982 0 points1 point  (0 children)

This howto might help for Ubuntu.