[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: newbie: for my understanding of loop-aes

To: Christophe Zwecker <doc@zwecker.de>
Subject: Re: newbie: for my understanding of loop-aes
From: Jari Ruusu <jari.ruusu@pp.inet.fi>
Date: Sat, 02 Nov 2002 19:07:20 +0200
CC: linux-crypto@nl.linux.org
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <1036247716.31601.259.camel@dumbo.zwecker.de>
Sender: linux-crypto-bounce@nl.linux.org

Christophe Zwecker wrote:
> is it true I shall disable write cache on the controller ?

Journaled file systems usually require that.

> Now I read the README that comes with loop-aes. the parameters seem
> wrong its not
> 
> losetup -e AES128   it seems  to be
> 
> losetup -e aes -k 128. well no problem here.

Former is correct for loop-AES use. Latter is correct for
kerneli.org-cryptoapi use.

> Im trying example #3
> It says I shall keep the seed somewhere, but in the example its in the
> fstab isnt it ? I suppose its for convienience but better not to keep
> there ?

Seed needs to be in /etc/fstab. kerneli.org-cryptoapi does not support use
of seed (last time I looked).

> is solution #3 more secure because of the seed than number 4 (the gpg
> solution), altho in #4 I could save the keyfile on a CD or an usb
> keychain storage ?

Loop-AES examples #4 and #5 switch most of the burden to attacking GnuPG
instead of loop cipher.

> I did the swap encryption thing as in the read me, however doesnt matter
> which parameters I put in fstab swapon always works, so I wonder how can
> I check if swap is really encrypted ?

kerneli.org-cryptoapi do encrypted swap using modifications to init scripts.
Loop-AES' swapon/swapoff do encrypted swap if they find loop= and
encryption= options in /etc/fstab.

To check if kernel is using loop devices to swap, type "cat /proc/swaps".
One or more lines of output should begin with "/dev/loop? "

> And finally I wonder how much morge secure aes256 is over aes128 , cause
> I got no idea. I wonder when/if I need 256.

AES128 should be secure. AES256 is for paranoids.

> I load couple modules and do stuff as in loop-aes readme. Now I just
> wondered, could it be that I dont use loop-aes but cryptoapi stuff ?

Yes, that seems to be the case.

> How can I tell ? is loop-aes faster then cryptoapi ? which are the
> advantages ?

I haven't seen version of kerneli.org-cryptoapi that outperformed loop-AES.

> I think ive been playing with the wrong stuff... :(

If you want to continue using kerneli.org-cryptoapi, use their docs to set
up loop devices. If you want replace kerneli.org-cryptoapi with loop-AES,
just follow instructions in loop-AES' README file.

Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: newbie: for my understanding of loop-aes
  - From: Christophe Zwecker <doc@zwecker.de>

References:
- newbie: for my understanding of loop-aes
  - From: Christophe Zwecker <doc@zwecker.de>

Prev by Date: im I using cryptoapi or loop-aes ?
Next by Date: Re: newbie: for my understanding of loop-aes
Prev by thread: newbie: for my understanding of loop-aes
Next by thread: Re: newbie: for my understanding of loop-aes
Index(es):
- Date
- Thread