Server file encryption

Discussion in 'privacy technology' started by kentmedina, Mar 9, 2011.

Thread Status:
Not open for further replies.
  1. kentmedina

    kentmedina Registered Member

    Mar 9, 2011

    is it possible to encrypt a hard drive and be decrypted by multiple users at the same time using different PC and OSes over a network?

    I wanted to create a file server that could only be accessed by persons with the right passphrase and/ or keyfile across different PCs at the same time wirelessly. However, I'm a bit afraid that someone from the outside could gain access to our network and open our file server which contains a lot of personal and sensitive files.

    Thank you so much for any help..
  2. chronomatic

    chronomatic Registered Member

    Apr 9, 2009
    You could probably use Truecrypt for this and assign each individual a separate keyfile so that each of them can unlock the volume as needed (you must use keyfiles since TC does not support multiple passwords). Or you could use one password and give it to everyone, but if it were me, the multiple keyfile option seems better since it offers better protection. For one, if you use a single password for everyone, this means everyone must be able to remember it, and in order to get any decent security, you need a complex password. This seems like a logistical nightmare. Better would be to use Truecrypt to generate random keyfiles that will offer strong protection assuming the keyfiles are not compromised.

    Either way, you will need to transfer those keys securely to the other parties. If you're on a LAN it would be no problem, but if you're all geographically separate, you need to e-mail it securely (with something like PGP), which means everyone would need a PGP key in order to receive the secure e-mail.

    Also, you have to put some trust that the other users won't allow their keyfile or the password to become compromised at some point in the future. Another problem is you need to organize the users so that someone dismounts the volume when everyone is finished using it. If you fail to do this, then obviously your encryption serves no purpose.

    It's doable but the weakest link will be the logistics of organizing the human element. Secure key exchange and good key management are the "keys" here.
    Last edited: Mar 10, 2011
  3. katio

    katio Guest

    The way you envisioned it is a terrible mess and there is no gain in security.

    Best practice/how it should be done is following:
    Encrypt the full harddrive, admin decrypts it after a reboot, access to files is regulated with filesystem permissions and user accounts, network is secured with VPN/ssh.
    In addition you could also make use of per-user encryption for files that don't need to be shared between users, for that Truecrypt is a possible solution but ecryptfs is much more convenient and suited.
Thread Status:
Not open for further replies.