[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Announce loop-AES-v2.0c file/swap crypto package
Thomas Sj鰃ren wrote:
> On Fri, Dec 19, 2003 at 05:58:11PM +0200, Jari Ruusu wrote:
> > 2) Kernel 2.6 cryptoloop will not work properly with encrypted swap.
> > Encrypted swap needs memory pre-allocation.
>
> Anyway to fix this or is sticking w 2.4.23 + patch-cryptoloop-jari the
> recommended (and the most secure) option at the moment?
For encrypted swap I recommend loop code + swapon from loop-AES-v2.0d
package. That swapon will set up loop in more secure multi-key mode with MD5
IV.
For file system encryption, loop-AES-v2.0d with multi-key and MD5 IV is also
the most secure implementation currently available that I am aware of.
> > 5) If Andrew Morton's loop changes get merged to mainline loop, kernel 2.6
> > cryptoloop will no longer work reliably with journaled file systems.
> > (same why reason I don't recommend using journaled file systems with
> > file backed loops)
>
> Has journaling file systems ever been recommended when using cryptoloop?
Device backed loops should work ok with loop-AES.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/