Re: Announce loop-AES-v3.0d file/swap crypto package

[Christian Kujau <evil@xxxxxxxxxx>]

Peter_22@xxxxxx schrieb:
> Interesting point! Loop-aes provides no option to change the key/password
> for a partition. Using dd and two loop-devices is rather risky. What if the
> machine just hangs up after 100GB? All data gone?

yeah, you can say that again: it's *damn* risky :-\
if the machine loses power or the "dd" dies (OOM?), half of the partition
is encrypted with twofish, the other part with aes...uuuh.

> Well, I asked myself if there is a way to use some >1GB partition (swap or
> such) to store the data temporarily and pipe it further through the pipe. In
> case of some crash a restore-point could be set and re-encryption restarted
> or continued. 

i *think* that if i know up to which sector dd has written, i can then
continue from exactly this point. but i've never tried it.

> For harddisk encryption this would be an interesting thing. Just in case
> someone gets a copy of your keyfile you may want do change it.

i've done this 3 or 4 times now, always successful, but always had a
backup at hand....

-- 
BOFH excuse #334:

50% of the manual is in .pdf readme files

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/