Re: PPDD and Linux 2.6.8.1

[Sakari Ailus <sakari.ailus@xxxxxxxxxxxxx>]

Boyd Waters wrote:
> Can you explain the advantages of PPDD over the mainline kernel 
> "cryptoloop" (loopback block device encryption via cryptoapi) ?

It might not be that mainline soon:

<URL:http://kerneltrap.org/node/view/3521>

I don't know if something has happened since, but it seems that at least 
2.6.9pre4 doesn't yet remove cryptoloop.

PPDD depends on cryptoloop, so it might break again soon. X) Quick (and 
possibly dirty) solution would be to kick cryptoloop back, and provide a 
patch as for 2.4 series.

I think PPDD does fairly well what it should do. Most of the stuff, like 
key management, are tightly integrated. This is a problem if it doesn't 
offer exactly what you want, and at least then loop-AES is a better choice.

The solutions currently in kernel, like cryptoloop, don't seem secure 
enough for many uses. Try searching Google for e.g. "cryptoloop security 
weaknesses". I guess Jari has said something about security regarding 
cryptoloop etc.:

<URL:http://v4.livegate.net/wipe/>

> I experimented with crypto-loop using blowfish or twofish, and it seems 
> quite stable for device-backed loops. Jari Ruusu has raised concerns 
> about encryption key re-use with it, so I'm trying loop-aes now...
>
> A short description of how PPDD is different would be interesting!

You'll find something from the above URL. More specific description on 
how PPDD works can be found in Allan Latham's original PPDD package.

--
Sakari Ailus
sakari.ailus@xxxxxxxxxxxxx

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/