On Sat, 2006-02-04 at 19:41 +0000, Chris Green wrote:

What do others here use for this sort of 'sensitive data' storage? I have all sorts of data, PINs, passwords, Web site logins and so on and so forth.

I use a loopback mounted encrypted filesystem image, with a script that prompts for the passphrase and mounts/umounts as and when I need it.

That way you can store the information however you want, using any system you want.

The only problems with it are....

If I want to access it remotely I have to ssh into my machine (or keep another copy on my laptop)...of course if you are going to have to trust the system you access it from (keylogger on the client could capture the steps you take to access it....passphrase for crypt etc) and ssh (although that is pretty strong)

You have to define the size of the filesystem before you start using it..so far I have found no way to grow it afterwards.

When mounted (and if the correct steps aren't taken when umount'ed) the crypt is only as secure as your machine i.e. If the machine has already been compromised then it is possible that someone else could be looking at the mounted system. Remember to tie down the permissions of the mount...but even then it doesn't save you if your box has been rooted.

If you want to go that route then I found this (and some advice from other ALUGers, so search the archives) pretty helpful

http://deb.riseup.net/storage/encryption/dmcrypt/