Can I ask Stephen G and others to volunteer so we can have an OCLUG
panel on encryption and security? Could make a lively meeting and bring
in outsiders.
I make no claims in this area. My background is number crunching and
statistics, but I did teach risk management for many years. I'll still
be happy to argue that
1) ccrypt offers a cross-platform solution that is usable by a much
wider variety of folk than GnuPG, which (to deliberately pour gasoline
on a debate fire) I will claim is geeky enough to scare folks away.
Truthfully, it has to be easier for all of these tools. ccrypt is not
easy enough either, but I find it much friendlier than GnuPG. And, of
course, I don't want to install anything.
2) The memory clearing issue is sufficiently important that I would like
to see it addressed, even if it is difficult. In the script I proposed,
my solution -- proposed in order to get reaction, by the way -- was as
follows:
- create a tmpfs in RAM on a machine with no swap (apologies: I
forgot to mention that I run my machines with large RAM and no swap
partition).
- run encfs on this so material in the decrypted area is somewhat
protected. (The ccat or ccrypt -c options are better for just viewing,
but maybe there are other applications for the tmp disk idea.)
- close the encfs
- scrub the "disk" which is RAM
- release the RAM by unmounting the tmpfs "disk"
Let's see if we can build a meeting program from something along these
lines.
As an aside, I've found fusermount seems to fail more than it works.
Will have to look into that.
Cheers, JN