From owner-linux-crypto@nl.linux.org Wed May 2 22:03:56 2001 Received: by humbolt.nl.linux.org id ; Wed, 2 May 2001 22:02:51 +0200 Received: from [210.126.4.230] ([210.126.4.230]:26123 "HELO gaganan.com") by humbolt.nl.linux.org with SMTP id ; Wed, 2 May 2001 22:02:21 +0200 From: "Son Ho Jin" To: "julia@vental.com" julia@vental.com Subject: I got it Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Date: Thu, 3 May 2001 05:00:34 +0900 Content-Transfer-Encoding: 8bit Message-Id: <20010502200223Z92203-19077+47@humbolt.nl.linux.org> Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Hey, lu Sorry, it took longer than i expected but I found the site, it's http://www.multiopen.com the site will make your web surfing very convenient. And here goes one more, it's http://www.mysimon.com this one will help your online shopping Get to the site and mail me after bye~ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 3 01:49:59 2001 Received: by humbolt.nl.linux.org id ; Thu, 3 May 2001 01:49:17 +0200 Received: from anime.net ([63.172.78.150]:61453 "EHLO anime.net") by humbolt.nl.linux.org with ESMTP id ; Thu, 3 May 2001 01:48:45 +0200 Received: from localhost (goemon@localhost) by anime.net (8.9.3/8.9.3) with ESMTP id QAA28244 for ; Wed, 2 May 2001 16:48:40 -0700 Date: Wed, 2 May 2001 16:48:40 -0700 (PDT) From: Dan Hollis To: Subject: 2.4.x crypto incompatible with 2.2.x crypto Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Anyone determined yet why 2.4.x blowfish loopback crypto can't read 2.2.x blowfish loopback crypto? Is it a bug with the IV or a bug with keysize or what? (I'm using CONFIG_BLK_DEV_LOOP_USE_REL_BLOCK on 2.2.x, so that's not the problem) -Dan Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 3 15:06:47 2001 Received: by humbolt.nl.linux.org id ; Thu, 3 May 2001 15:06:10 +0200 Received: from hank-fep8-0.inet.fi ([194.251.242.203]:8096 "EHLO fep08.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Thu, 3 May 2001 15:05:06 +0200 Received: from pp.inet.fi ([212.213.41.84]) by fep08.tmt.tele.fi (InterMail vM.4.01.02.17 201-229-119) with ESMTP id <20010503130512.BBED23038.fep08.tmt.tele.fi@pp.inet.fi>; Thu, 3 May 2001 16:05:12 +0300 Message-ID: <3AF156E3.6C38A5FB@pp.inet.fi> Date: Thu, 03 May 2001 16:02:27 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19aa2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Dan Hollis CC: linux-crypto@nl.linux.org Subject: Re: 2.4.x crypto incompatible with 2.2.x crypto References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Dan Hollis wrote: > Anyone determined yet why 2.4.x blowfish loopback crypto can't read 2.2.x > blowfish loopback crypto? > > Is it a bug with the IV or a bug with keysize or what? > > (I'm using CONFIG_BLK_DEV_LOOP_USE_REL_BLOCK on 2.2.x, so that's not the > problem) This is known problem with Alexander Kjeldaas' international crypto patch. IV computation is based on block size of the underlying filesystem and transfer size being exactly one block. In most cases (but not always) 2.2 kernels do that, so it mostly works for 2.2 kernels. However, 2.4 kernels often prefer PAGE_CACHE_SIZE size transfers, so your data is nuked. If you don't want to play russian roulette with your data, you should consider using loop-AES package. loop-AES package does AES enryption with 128, 192 and 256 bit keysizes, and is immune to variations in transfer size and does not depend on filesystem block size. http://members.surfeu.fi/ce6c8edf/loop-AES-v1.1b.tar.bz2 md5sum 61e521a383ce9a90c3f7b98bcf789813 http://members.surfeu.fi/ce6c8edf/loop-AES-v1.1b.tar.bz2.sign http://members.surfeu.fi/ce6c8edf/PGP-public-key.asc 1024/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD Regards, Jari Ruusu Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Mon May 7 14:37:34 2001 Received: by humbolt.nl.linux.org id ; Mon, 7 May 2001 14:36:29 +0200 Received: from hank-fep7-0.inet.fi ([194.251.242.202]:60349 "EHLO fep07.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Mon, 7 May 2001 14:34:48 +0200 Received: from pp.inet.fi ([212.213.41.115]) by fep07.tmt.tele.fi (InterMail vM.4.01.02.17 201-229-119) with ESMTP id <20010507123446.NBOV27293.fep07.tmt.tele.fi@pp.inet.fi> for ; Mon, 7 May 2001 15:34:46 +0300 Message-ID: <3AF695BD.5FD3D962@pp.inet.fi> Date: Mon, 07 May 2001 15:31:57 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19aa2 i686) X-Accept-Language: en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Announce: loop-AES-v1.2d file crypto package Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list In short: If file crypto is all you need, this package is a hassle free replacement for Alexander Kjeldaas' international crypto patch. This package provides a loadable Linux kernel module (loop.o) that has AES cipher built-in. The AES cipher can be used to encrypt local filesystems and disk partitions. For more information about compiling and using the driver, see the README file in the package. Changes since previous release: - Newer AES cipher implementation from Dr Brian Gladman, with precomputed lookup tables and little speed improvement. - Support for old 2.0 kernels. - Makefile now runs "depmod -a" instead of "depmod" after installing loop.o driver. Features: - No source modifications to kernel. No patch hassles when a new version of kernel is released. - Works with 2.0, 2.2 and 2.4 kernels. - AES cipher is used in CBC mode. Supports 128, 192 and 256 bit keys. - Passwords hashed with SHA-256, SHA-384 or SHA-512. - 512 byte based IV. IV is immune to variations in transfer size and does not depend on filesystem block size. Note to existing users: All previous releases should work fine. Only the "depmod -a" change in the Makefile is a bugfix, and even that does not affect loop driver, but may affect other modules in non-standard locations. bzip2 compressed tarball is here: http://members.surfeu.fi/ce6c8edf/loop-AES-v1.2d.tar.bz2 md5sum dd889db409d87e959311f419a99ef5ba PGP signature file, my public key, and fingerprint here: http://members.surfeu.fi/ce6c8edf/loop-AES-v1.2d.tar.bz2.sign http://members.surfeu.fi/ce6c8edf/PGP-public-key.asc 1024/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD Regards, Jari Ruusu Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Wed May 9 00:07:39 2001 Received: by humbolt.nl.linux.org id ; Wed, 9 May 2001 00:06:45 +0200 Received: from odin.cair.du.edu ([130.253.1.2]:43268 "EHLO odin.cair.du.edu") by humbolt.nl.linux.org with ESMTP id ; Wed, 9 May 2001 00:06:08 +0200 Received: from CONVERSION-DAEMON.du.edu by du.edu (PMDF V6.0-24 #43058) id <0GD100O01EQ1P2@du.edu> for linux-crypto@nl.linux.org; Tue, 08 May 2001 16:06:01 -0600 (MDT) Received: from emperor ([130.253.134.132]) by du.edu (PMDF V6.0-24 #43058) with ESMTP id <0GD100P4JEQ13Q@du.edu> for linux-crypto@nl.linux.org; Tue, 08 May 2001 16:06:01 -0600 (MDT) Date: Tue, 08 May 2001 16:05:38 -0600 From: David Bryson Subject: status of the todo page To: linux-crypto@nl.linux.org Message-id: <989359538.18858.0.camel@emperor> MIME-version: 1.0 X-Mailer: Evolution/0.10+cvs.2001.04.18.22.02 (Preview Release) Content-type: text/plain Content-transfer-encoding: 7BIT Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list I noticed that the todo list at kerneli.org is a bit outdated, how many of these issues are/have been worked on? What's left still? I'd like to learn a bit about the ikp so that write some things to make it easier to use ( my experience was a little frustrating ). thanks, Dave -- http://www.geekcode.com -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d-- s+: a-- C++++ UL+++ P+ L+++ E+++ W++ N o K- w-- O- M+ V PS+ PE Y PGP++ t+ 5 X-- R tv- b++ DI D++ G e++ h+ r++ y+ ------END GEEK CODE BLOCK------ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Wed May 9 22:01:05 2001 Received: by humbolt.nl.linux.org id ; Wed, 9 May 2001 22:00:30 +0200 Received: from lego.phpwebhosting.com ([64.65.61.212]:32777 "HELO lego.phpwebhosting.com") by humbolt.nl.linux.org with SMTP id ; Wed, 9 May 2001 21:59:14 +0200 Received: (qmail 26520 invoked by uid 508); 9 May 2001 19:58:54 -0000 Received: from unknown (HELO bailey.oldtools.org) (24.91.40.108) by lego.phpwebhosting.com with SMTP; 9 May 2001 19:58:54 -0000 Date: Wed, 9 May 2001 16:04:37 -0400 (EDT) From: Tad Truex To: Linux Crypto List Subject: Problems encrypting disk partitions in 2.4.3 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Greetings, I have been trying to get loopback encryption working with the 2.4.3 patches. I applied the pathes to a fresh copy of the kernel source and a fresh copy of util-linux-2.11b. Both sets of patches applied cleanly. Everything seems to build OK. When I tested it on a regular file (using 128 bit serpent) it seemed to work just fine. When I attempted it on a disk partition, it croaked with the following message. [root@bailey mount]# ./mount -t ext2 /dev/loop0 /mnt mount: wrong fs type, bad option, bad superblock on /dev/loop0, or too many mounted file systems (This is the patched mount from the 2.11b release of util-linux). Is it obvious that I missed something, or is the 2.4 series not quite ready (this worked quite reliably under the 2.2.17 kernel I have been using). Thanks, Tad PS - Here is a complete transcript of the events leading to the preceding message. [root@bailey mount]# losetup -e serpent /dev/loop0 /dev/hdc6 Available keysizes (bits): 128 192 256 Keysize: 128 Password : [root@bailey mount]# mke2fs /dev/loop0 mke2fs 1.18, 11-Nov-1999 for EXT2 FS 0.5b, 95/08/09 Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) 1281696 inodes, 2560060 blocks 128003 blocks (5.00%) reserved for the super user First data block=0 79 block groups 32768 blocks per group, 32768 fragments per group 16224 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632 Writing inode tables: done Writing superblocks and filesystem accounting information: done [root@bailey mount]# ./mount -t ext2 /dev/loop0 /mnt mount: wrong fs type, bad option, bad superblock on /dev/loop0, or too many mounted file systems Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 17:15:13 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 17:14:24 +0200 Received: from [194.46.8.33] ([194.46.8.33]:53509 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 17:12:53 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.22 #1) id 14xs9M-0006VR-00 (Debian); Thu, 10 May 2001 16:14:44 +0100 Date: Thu, 10 May 2001 16:14:43 +0100 From: Dale Amon To: Tad Truex Cc: linux-crypto@nl.linux.org Subject: Re: Problems encrypting disk partitions in 2.4.3 Message-ID: <20010510161441.D24257@vnl.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: ; from tad@oldtools.org on Wed, May 09, 2001 at 04:04:37PM -0400 X-Operating-System: Linux, the choice of a GNU generation Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Wed, May 09, 2001 at 04:04:37PM -0400, Tad Truex wrote: > > Greetings, > > I have been trying to get loopback encryption working with the 2.4.3 > patches. I applied the pathes to a fresh copy of the kernel source and a > fresh copy of util-linux-2.11b. Both sets of patches applied cleanly. > Everything seems to build OK. When I tested it on a regular file (using > 128 bit serpent) it seemed to work just fine. When I attempted it on a > disk partition, it croaked with the following message. > > [root@bailey mount]# ./mount -t ext2 /dev/loop0 /mnt > mount: wrong fs type, bad option, bad superblock on /dev/loop0, > or too many mounted file systems > > > (This is the patched mount from the 2.11b release of util-linux). Is it > obvious that I missed something, or is the 2.4 series not quite ready > (this worked quite reliably under the 2.2.17 kernel I have been using). > There are two things I've noticed. I've on occasion had to do the mkfs TWICE. dd if=/dev/zero of=/dev/md0 bs=1k count=17639128 losetup -e twofish /dev/loop0 /dev/md0 Password: Init (up to 16 hex digits): mkfs -t ext2 /dev/loop0 mount -t ext2 /dev/loop0 /mnt losetup -d /dev/loop0 and redo the losetup and mkfs. Search me... Also, if you are doing large file systems... I have tried to get a patch to a number of people about a problem with the 2.11b, but no one ever answered. The patches are missing a very important compiler switch that allows us to work with files larger than 2GB. Edit the file MCONFIG and modify the CFLAGS value to include -D_FILE_OFFSET_BITS=64: CFLAGS := -g $(CFLAGS) $(OPT) -I$(LIB) $(WARNFLAGS) \ $(CURSESFLAGS) $(SLANGFLAGS) \ -DSBINDIR=\"$(SBINDIR)\" \ -DUSRSBINDIR=\"$(USRSBINDIR)\" \ -DLOGDIR=\"$(LOGDIR)\" \ -DVARPATH=\"$(VARPATH)\" \ -DLOCALEDIR=\"$(LOCALEDIR)\" \ -D_FILE_OFFSET_BITS=64 -- ------------------------------------------------------ Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 18:26:02 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 18:24:45 +0200 Received: from hqvsbh1.ms.com ([205.228.12.101]:38336 "EHLO hqvsbh1.ms.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 18:23:09 +0200 Received: (from uucp@localhost) by hqvsbh1.ms.com (8.11.3/8.11.3) id f4AGMxw16475; Thu, 10 May 2001 12:22:59 -0400 (EDT) Received: from localhost(127.0.0.1) by hqvsbh1 via smap (4.1) id sma.9895117741.016288; Thu, 10 May 01 12:22:54 -0400 Received: (from uucp@localhost) by hqvsbh1.ms.com (8.11.3/8.11.3) id f4AGMs516216; Thu, 10 May 2001 12:22:54 -0400 (EDT) Received: from unknown(138.20.13.27) by hqvsbh1 via smap (4.1) id sma.9895117721.016115; Thu, 10 May 01 12:22:52 -0400 Received: from morganstanley.com (ha017687.morgan.com [172.16.87.195]) by cwsmh1.ms.com (8.8.5/imap+ldap v2.4) with ESMTP id RAA21181; Thu, 10 May 2001 17:22:51 +0100 (BST) Message-ID: <3AFAC05C.1EE573C@morganstanley.com> Date: Thu, 10 May 2001 17:22:52 +0100 From: Richard Polton Reply-To: Richard.Polton@morganstanley.com Organization: Morgan Stanley X-Mailer: Mozilla 4.75 [en]C-CCK-MCD MS4.75 V20001029.1 (WinNT; U) X-Accept-Language: en,ja MIME-Version: 1.0 To: Dale Amon CC: Tad Truex , linux-crypto@nl.linux.org Subject: Re: Problems encrypting disk partitions in 2.4.3 References: <20010510161441.D24257@vnl.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Wasn't there a bug in the loopback driver which surfaced in 2.4.0 and was fixed in early 2.4.4-pre? Dale Amon wrote: > On Wed, May 09, 2001 at 04:04:37PM -0400, Tad Truex wrote: > > > > Greetings, > > > > I have been trying to get loopback encryption working with the 2.4.3 > > patches. I applied the pathes to a fresh copy of the kernel source and a > > fresh copy of util-linux-2.11b. Both sets of patches applied cleanly. > > Everything seems to build OK. When I tested it on a regular file (using > > 128 bit serpent) it seemed to work just fine. When I attempted it on a > > disk partition, it croaked with the following message. > > > > [root@bailey mount]# ./mount -t ext2 /dev/loop0 /mnt > > mount: wrong fs type, bad option, bad superblock on /dev/loop0, > > or too many mounted file systems > > > > > > (This is the patched mount from the 2.11b release of util-linux). Is it > > obvious that I missed something, or is the 2.4 series not quite ready > > (this worked quite reliably under the 2.2.17 kernel I have been using). > > > > There are two things I've noticed. I've on occasion had to > do the mkfs TWICE. > > dd if=/dev/zero of=/dev/md0 bs=1k count=17639128 > losetup -e twofish /dev/loop0 /dev/md0 > Password: > Init (up to 16 hex digits): > mkfs -t ext2 /dev/loop0 > mount -t ext2 /dev/loop0 /mnt > losetup -d /dev/loop0 > > and redo the losetup and mkfs. Search me... > > Also, if you are doing large file systems... I have > tried to get a patch to a number of people about a problem > with the 2.11b, but no one ever answered. > > The patches are missing a very important compiler switch that allows > us to work with files larger than 2GB. Edit the file MCONFIG and > modify the CFLAGS value to include -D_FILE_OFFSET_BITS=64: > > CFLAGS := -g $(CFLAGS) $(OPT) -I$(LIB) $(WARNFLAGS) \ > $(CURSESFLAGS) $(SLANGFLAGS) \ > -DSBINDIR=\"$(SBINDIR)\" \ > -DUSRSBINDIR=\"$(USRSBINDIR)\" \ > -DLOGDIR=\"$(LOGDIR)\" \ > -DVARPATH=\"$(VARPATH)\" \ > -DLOCALEDIR=\"$(LOCALEDIR)\" \ > -D_FILE_OFFSET_BITS=64 > > -- > ------------------------------------------------------ > Use Linux: A computer Dale Amon, CEO/MD > is a terrible thing Village Networking Ltd > to waste. Belfast, Northern Ireland > ------------------------------------------------------ > > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 19:17:09 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 19:16:18 +0200 Received: from lego.phpwebhosting.com ([64.65.61.212]:9483 "HELO lego.phpwebhosting.com") by humbolt.nl.linux.org with SMTP id ; Thu, 10 May 2001 19:15:11 +0200 Received: (qmail 9009 invoked by uid 508); 10 May 2001 17:14:43 -0000 Received: from unknown (HELO bailey.oldtools.org) (24.91.40.108) by lego.phpwebhosting.com with SMTP; 10 May 2001 17:14:43 -0000 Date: Thu, 10 May 2001 13:20:30 -0400 (EDT) From: Tad Truex To: Richard Polton cc: Dale Amon , Subject: Re: Problems encrypting disk partitions in 2.4.3 In-Reply-To: <3AFAC05C.1EE573C@morganstanley.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, 10 May 2001, Richard Polton wrote: > Wasn't there a bug in the loopback driver which surfaced in 2.4.0 and > was fixed in early 2.4.4-pre? > There was a patch from 2.4.3 to 2.4.4 for loop.c I reversed it and applied it to my 2.4.3 source tree. It didn't help. It is entirely possible that the 2.4.4 patch required other unrelated changes from the 2.4.4 tree to work correctly which is why it didn't solve my problem. One thing I noticed from Dale's message is that I have slightly different response from the 2.11b losetup when trying twofish. His losetup -e twofish /dev/loop0 /dev/md0 Password: Init (up to 16 hex digits): appears to prompt for a seed, mine losetup -e twofish /dev/loop0 /dev/hdc6 Available keysizes (bits): 128 192 256 Keysize: 128 Password : prompts for a keysize. I am sure that mine is the 2.11b version of losetup. Maybe that is the problem? Perhaps I need to go back to an earlier version? Might I have missed a compile option? Any thoughts? Thanks for the responses so far! /Tad Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 20:18:28 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 20:17:14 +0200 Received: from [194.46.8.33] ([194.46.8.33]:24582 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 20:16:08 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.22 #1) id 14xv0q-0006tD-00 (Debian); Thu, 10 May 2001 19:18:08 +0100 Date: Thu, 10 May 2001 19:18:07 +0100 From: Dale Amon To: Tad Truex Cc: linux-crypto@nl.linux.org Subject: Re: Problems encrypting disk partitions in 2.4.3 Message-ID: <20010510191807.L24257@vnl.com> References: <3AFAC05C.1EE573C@morganstanley.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: ; from tad@oldtools.org on Thu, May 10, 2001 at 01:20:30PM -0400 X-Operating-System: Linux, the choice of a GNU generation Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, May 10, 2001 at 01:20:30PM -0400, Tad Truex wrote: > On Thu, 10 May 2001, Richard Polton wrote: > > Wasn't there a bug in the loopback driver which surfaced in 2.4.0 and > > was fixed in early 2.4.4-pre? I'm using 2.4.3 + int patches. > appears to prompt for a seed, mine > prompts for a keysize. I am sure that mine is the 2.11b version of > losetup. Maybe that is the problem? Perhaps I need to go back to an > earlier version? Might I have missed a compile option? My fault. The example I pulled from my notes was an older version. The prompt you see is the same one I get. I've had it working (seemingly) fine for a month or so. And I've been trying to get some discussion going on the issues of running crypto on "bare metal" vs doing it on top of an fs although I think the bare metal is fine. I only so the "unusual" behavior the first time I did the mkfs. And I may not have seen it at all when I changed to reiserfs. But if you want a large disk you do have to patch that MCONFIG file before you make your losetup and friends. Otherwise you can't deal with large files systems. The current debian *standard* 2.11b has the crypto support compiled in... I haven't checked in a month to see if they added the MCONFIG change in CFLAGS. I emailed both the debian and the util-linux maintainers on this and never heard from either of them. -- ------------------------------------------------------ Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 21:26:01 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 21:24:55 +0200 Received: from cm.med.3284844210.kabelnet.net ([195.202.190.178]:61191 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 21:24:10 +0200 Received: from janus.txd.hvrlab.org (IDENT:hvr@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.9.3/8.9.3) with ESMTP id VAA25912; Thu, 10 May 2001 21:23:27 +0200 Date: Thu, 10 May 2001 21:23:27 +0200 (CEST) From: Herbert Valerio Riedel X-X-Sender: To: Dale Amon cc: Tad Truex , Subject: Re: Problems encrypting disk partitions in 2.4.3 In-Reply-To: <20010510191807.L24257@vnl.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list btw, I've tried to bring to attention this issue some weeks ago, I even posted a package based on the international crypto patch, of which cryptoapi-2.4.3-hvr5.tar.gz is the latest one (I should really get to finish up a new one...) take a look at it at http://www.hvrlab.org/pub/crypto/ if you want... the reason you see the problems only on the first mkfs time is, because, as soon as you mount the fs, the kernel changes the transfer block size... and from that moment on, it stays there (unless the kernel has reason to change it again...) see also the README file in the above mentioned package for more information on this issue... On Thu, 10 May 2001, Dale Amon wrote: [...] > I only so the "unusual" behavior the first time I did the > mkfs. And I may not have seen it at all when I changed to > reiserfs. -- Herbert Valerio Riedel / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 21:50:31 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 21:49:51 +0200 Received: from hank-fep6-0.inet.fi ([194.251.242.201]:56464 "EHLO fep06.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 21:48:54 +0200 Received: from pp.inet.fi ([212.213.41.116]) by fep06.tmt.tele.fi (InterMail vM.4.01.02.17 201-229-119) with ESMTP id <20010510194852.GELW17830.fep06.tmt.tele.fi@pp.inet.fi>; Thu, 10 May 2001 22:48:52 +0300 Message-ID: <3AFAEFEE.C9EADD89@pp.inet.fi> Date: Thu, 10 May 2001 22:45:50 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19aa2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Herbert Valerio Riedel CC: Dale Amon , Tad Truex , linux-crypto@nl.linux.org Subject: Re: Problems encrypting disk partitions in 2.4.3 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Herbert Valerio Riedel wrote: > btw, I've tried to bring to attention this issue some weeks ago, > I even posted a package based on the international crypto patch, > of which cryptoapi-2.4.3-hvr5.tar.gz is the latest one (I should really > get to finish up a new one...) > > take a look at it at > > http://www.hvrlab.org/pub/crypto/ > > if you want... > > the reason you see the problems only on the first mkfs time is, because, > as soon as you mount the fs, the kernel changes the transfer block size... > and from that moment on, it stays there (unless the kernel has reason to > change it again...) > > see also the README file in the above mentioned package for more > information on this issue... > > On Thu, 10 May 2001, Dale Amon wrote: > [...] > > I only so the "unusual" behavior the first time I did the > > mkfs. And I may not have seen it at all when I changed to > > reiserfs. And, if someone wants a totally hassle free solution, loop-AES package is immune to variations in transfer size. Alexander Kjeldaas' patch is misdesigned and broken, period. Regards, Jari Ruusu Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 21:52:23 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 21:51:36 +0200 Received: from cm.med.3284844210.kabelnet.net ([195.202.190.178]:13320 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 21:51:03 +0200 Received: from janus.txd.hvrlab.org (IDENT:hvr@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.9.3/8.9.3) with ESMTP id VAA26112; Thu, 10 May 2001 21:50:57 +0200 Date: Thu, 10 May 2001 21:50:57 +0200 (CEST) From: Herbert Valerio Riedel X-X-Sender: To: Jari Ruusu cc: Dale Amon , Tad Truex , Subject: Re: Problems encrypting disk partitions in 2.4.3 In-Reply-To: <3AFAEFEE.C9EADD89@pp.inet.fi> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, 10 May 2001, Jari Ruusu wrote: > And, if someone wants a totally hassle free solution, loop-AES package is > immune to variations in transfer size. Alexander Kjeldaas' patch is > misdesigned and broken, period. ...you don't miss any opportunity to mention this, do you? ;-) -- Herbert Valerio Riedel / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 22:09:34 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 22:08:24 +0200 Received: from hank-fep7-0.inet.fi ([194.251.242.202]:46246 "EHLO fep07.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 22:06:48 +0200 Received: from pp.inet.fi ([212.213.41.116]) by fep07.tmt.tele.fi (InterMail vM.4.01.02.17 201-229-119) with ESMTP id <20010510200646.GMDU27293.fep07.tmt.tele.fi@pp.inet.fi>; Thu, 10 May 2001 23:06:46 +0300 Message-ID: <3AFAF420.CF3300C3@pp.inet.fi> Date: Thu, 10 May 2001 23:03:44 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19aa2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Herbert Valerio Riedel CC: Dale Amon , Tad Truex , linux-crypto@nl.linux.org Subject: Re: Problems encrypting disk partitions in 2.4.3 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list Herbert Valerio Riedel wrote: > On Thu, 10 May 2001, Jari Ruusu wrote: > > And, if someone wants a totally hassle free solution, loop-AES package is > > immune to variations in transfer size. Alexander Kjeldaas' patch is > > misdesigned and broken, period. > > ...you don't miss any opportunity to mention this, do you? ;-) People keep fighting with Alexander Kjeldaas' patch for no reason. If they knew it was broken, they would not be wasting their time (and data) with it. Regards, Jari Ruusu Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 22:18:04 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 22:16:15 +0200 Received: from anime.net ([63.172.78.150]:19467 "EHLO anime.net") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 22:15:11 +0200 Received: from localhost (goemon@localhost) by anime.net (8.9.3/8.9.3) with ESMTP id NAA08256; Thu, 10 May 2001 13:14:43 -0700 Date: Thu, 10 May 2001 13:14:43 -0700 (PDT) From: Dan Hollis To: Herbert Valerio Riedel cc: Dale Amon , Tad Truex , Subject: Re: Problems encrypting disk partitions in 2.4.3 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, 10 May 2001, Herbert Valerio Riedel wrote: > the reason you see the problems only on the first mkfs time is, because, > as soon as you mount the fs, the kernel changes the transfer block size... > and from that moment on, it stays there (unless the kernel has reason to > change it again...) long term solution would be to make the crypto use 512 byte block size and coalesce to kernel transfer size... then it would be blocksize independent? -Dan Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 22:20:35 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 22:18:55 +0200 Received: from cm.med.3284844210.kabelnet.net ([195.202.190.178]:19720 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 22:16:27 +0200 Received: from janus.txd.hvrlab.org (IDENT:hvr@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.9.3/8.9.3) with ESMTP id WAA26317; Thu, 10 May 2001 22:16:17 +0200 Date: Thu, 10 May 2001 22:16:17 +0200 (CEST) From: Herbert Valerio Riedel X-X-Sender: To: Dan Hollis cc: Dale Amon , Tad Truex , Subject: Re: Problems encrypting disk partitions in 2.4.3 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, 10 May 2001, Dan Hollis wrote: > On Thu, 10 May 2001, Herbert Valerio Riedel wrote: > > the reason you see the problems only on the first mkfs time is, because, > > as soon as you mount the fs, the kernel changes the transfer block size... > > and from that moment on, it stays there (unless the kernel has reason to > > change it again...) > > long term solution would be to make the crypto use 512 byte block size and > coalesce to kernel transfer size... then it would be blocksize > independent? exactly... (assuming 512 bytes are the smallest possible blocksize...) -- Herbert Valerio Riedel / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 22:32:18 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 22:31:36 +0200 Received: from anime.net ([63.172.78.150]:42507 "EHLO anime.net") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 22:31:05 +0200 Received: from localhost (goemon@localhost) by anime.net (8.9.3/8.9.3) with ESMTP id NAA08668; Thu, 10 May 2001 13:30:51 -0700 Date: Thu, 10 May 2001 13:30:50 -0700 (PDT) From: Dan Hollis To: Herbert Valerio Riedel cc: Dale Amon , Tad Truex , Subject: Re: Problems encrypting disk partitions in 2.4.3 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, 10 May 2001, Herbert Valerio Riedel wrote: > On Thu, 10 May 2001, Dan Hollis wrote: > > long term solution would be to make the crypto use 512 byte block size and > > coalesce to kernel transfer size... then it would be blocksize > > independent? > exactly... (assuming 512 bytes are the smallest possible blocksize...) Floppy disks can go down to 128 byte sectors, but I don't know how the kernel handles this at the block level. I don't even know if the linux floppy driver supports 128 byte sectors :-) In any case I think VFS is limited to smallest block size of 512 bytes, so this should be a safe assumption... -Dan Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Thu May 10 22:45:53 2001 Received: by humbolt.nl.linux.org id ; Thu, 10 May 2001 22:45:14 +0200 Received: from KUKLEWICZ.MIT.EDU ([18.97.0.244]:8465 "EHLO kuklewicz.mit.edu") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 May 2001 22:43:55 +0200 Received: (from chrisk@localhost) by kuklewicz.mit.edu (8.9.3) id QAA12791; Thu, 10 May 2001 16:43:42 -0400 Date: Thu, 10 May 2001 16:43:42 -0400 From: Chris Kuklewicz To: linux-crypto@nl.linux.org Subject: Re: Problems encrypting disk partitions in 2.4.3 Message-ID: <20010510164342.A12655@kuklewicz.MIT.EDU> Mail-Followup-To: linux-crypto@nl.linux.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from goemon@anime.net on Thu, May 10, 2001 at 01:14:43PM -0700 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, May 10, 2001 at 01:14:43PM -0700, Dan Hollis wrote: > On Thu, 10 May 2001, Herbert Valerio Riedel wrote: > > the reason you see the problems only on the first mkfs time is, because, > > as soon as you mount the fs, the kernel changes the transfer block size... > > and from that moment on, it stays there (unless the kernel has reason to > > change it again...) > > long term solution would be to make the crypto use 512 byte block size and > coalesce to kernel transfer size... then it would be blocksize > independent? > > -Dan > > > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ Hmm... I will just toss in my two cents. I know precious little about the details of the linux filesystem, but I have a generic suggestion. Obviously it is possible to 'stack' filesystem related layers between the raw device and the high level filesystem interface. Things like logical volume management and software raid and NFS and the loop-back device system, as well as the virutal mememory system. Is it possible to simply design, either as a patch or in the kernel, this 'coalesce' layer as an independent entity? Separate the problem of block size & addressing from the media. Can the LVM or loop device do this already? Where would the documentation on that be? For small, portable, encrypted filesystems contained in a file on a 'normal filesysem' such a layer could be used. For encrypting access to a raw partition, such a layer might be optional. Also, what (if anything) is it that prevents the crypto plugin from being a pure loadable module? Right now the loopAES requires disabling the normal loop module and recompiling the entire kernel before making the modified loop module. If it is not possible to make a pure module (that can be added to any compiled kernel), then perhaps the core kernel modules or interface needs to be enhanced to allow this. If such a change does not hurt the core kernel, perhaps it could be mainlined, allowing future crypto development to plug into compiled kernels. This thought was inspired from seeing it mentioned somewhere, whether to expand the kernel module interface to accomodate future security related modules as external add-ons, instead of having to patch the core kernel. -- Chris Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Fri May 11 05:06:40 2001 Received: by humbolt.nl.linux.org id ; Fri, 11 May 2001 05:06:00 +0200 Received: from lego.phpwebhosting.com ([64.65.61.212]:4869 "HELO lego.phpwebhosting.com") by humbolt.nl.linux.org with SMTP id ; Fri, 11 May 2001 05:05:20 +0200 Received: (qmail 14336 invoked by uid 508); 11 May 2001 03:05:04 -0000 Received: from unknown (HELO bailey.oldtools.org) (24.91.40.108) by lego.phpwebhosting.com with SMTP; 11 May 2001 03:05:04 -0000 Date: Thu, 10 May 2001 23:10:52 -0400 (EDT) From: Tad Truex To: Linux Crypto List Subject: Solved: Problems encrypting disk partitions in 2.4.3 In-Reply-To: <20010510161441.D24257@vnl.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Thu, 10 May 2001, Dale Amon wrote: > There are two things I've noticed. I've on occasion had to > do the mkfs TWICE. Bingo! I knew it was something simple (although ever so slightly non-intuitive). Thanks to everyone who responded and especially to Jari for his very insightful comments... (for those of you who aren't native speakers of English, that last bit was sarcastic). Turns out Dale had it right. I suspect that setting the block size from the mke2fs command line would also work just fine. Cheers, Tad Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Fri May 18 17:01:15 2001 Received: by humbolt.nl.linux.org id ; Fri, 18 May 2001 17:00:27 +0200 Received: from ns2.fbcc.com ([216.54.252.3]:18676 "HELO marble.fbcc.com") by humbolt.nl.linux.org with SMTP id ; Fri, 18 May 2001 16:59:50 +0200 Received: (qmail 29201 invoked from network); 18 May 2001 15:11:16 -0000 Received: from unknown (HELO demo.legallock.com) (207.70.162.2) by ns2.fbcc.com with SMTP; 18 May 2001 15:11:16 -0000 Content-Type: text/plain; charset="iso-8859-1" From: David Lambert Organization: Breakaway Systems LLC To: linux-crypto@nl.linux.org Subject: loop-AES package reliability Date: Fri, 18 May 2001 09:59:37 -0500 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Message-Id: <01051809593700.01480@demo.legallock.com> Content-Transfer-Encoding: 8bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list I am a newbie to the crypto world and am in the process migrating my systems from 2.2.18 kernel to 2.4.x and am considering replacing the international crypto patch with the loop-AES package from Jari Ruusu. Does anyone have experience with the maturity/reliability of this package? Any comments please. Thanks, Dave. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Fri May 18 18:22:42 2001 Received: by humbolt.nl.linux.org id ; Fri, 18 May 2001 18:21:54 +0200 Received: from mdma.ash.de ([195.222.228.66]:64334 "HELO mdma.ash.de") by humbolt.nl.linux.org with SMTP id ; Fri, 18 May 2001 18:20:49 +0200 Received: (qmail 29908 invoked by uid 500); 18 May 2001 16:20:46 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 May 2001 16:20:46 -0000 Date: Fri, 18 May 2001 18:20:45 +0200 (MEST) From: Hauke Johannknecht To: David Lambert cc: linux-crypto@nl.linux.org Subject: Re: loop-AES package reliability In-Reply-To: <01051809593700.01480@demo.legallock.com> Message-ID: X-NCC-RegID: de.trmd MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Fri, 18 May 2001, David Lambert wrote: > I am a newbie to the crypto world and am in the process migrating my systems > from 2.2.18 kernel to 2.4.x and am considering replacing the international > crypto patch with the loop-AES package from Jari Ruusu. Does anyone have > experience with the maturity/reliability of this package? Any comments please. i am using it here with a 2.4.4-xfs + usagi patches. rocksolid stable so far. Gruss, Hauke -- Hauke Johannknecht Berlin / Germany HJ422-RIPE Use PGP ! -> lynx -dump http://www.ash.de/ash.asc | pgp -kaf Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sat May 19 13:29:27 2001 Received: by humbolt.nl.linux.org id ; Sat, 19 May 2001 13:28:45 +0200 Received: from hank-fep6-0.inet.fi ([194.251.242.201]:955 "EHLO fep06.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Sat, 19 May 2001 13:27:54 +0200 Received: from pp.inet.fi ([212.213.41.58]) by fep06.tmt.tele.fi (InterMail vM.4.01.02.17 201-229-119) with ESMTP id <20010519112752.SLRH6501.fep06.tmt.tele.fi@pp.inet.fi>; Sat, 19 May 2001 14:27:52 +0300 Message-ID: <3B06589E.3642A380@pp.inet.fi> Date: Sat, 19 May 2001 14:27:26 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19aa2 i686) X-Accept-Language: en MIME-Version: 1.0 To: David Lambert CC: linux-crypto@nl.linux.org Subject: Re: loop-AES package reliability References: <01051809593700.01480@demo.legallock.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list David Lambert wrote: > I am a newbie to the crypto world and am in the process migrating my systems > from 2.2.18 kernel to 2.4.x and am considering replacing the international > crypto patch with the loop-AES package from Jari Ruusu. Does anyone have > experience with the maturity/reliability of this package? Any comments please. There are no known problems with loop-AES. loop-AES used to be loop-TripleDES for many years. loop-TripleDES was block length doubled triple DES. loop-TripleDES has never failed, and neither has loop-AES. The AES cipher in loop-AES as well as SHA-256/384/512 hashes match all published test vectors I could find. Regards, Jari Ruusu Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Sat May 19 19:34:41 2001 Received: by humbolt.nl.linux.org id ; Sat, 19 May 2001 19:33:35 +0200 Received: from host213-122-251-227.btinternet.com ([213.122.251.227]:32130 "HELO localhost") by humbolt.nl.linux.org with SMTP id ; Sat, 19 May 2001 19:32:27 +0200 Received: (qmail 1502 invoked by uid 1000); 19 May 2001 17:49:07 -0000 From: "Adam Langley" Date: Sat, 19 May 2001 18:49:07 +0100 To: linux-crypto@nl.linux.org Subject: Re: loop-AES package reliability Message-ID: <20010519184907.A1008@linuxpower.org> References: <01051809593700.01480@demo.legallock.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <01051809593700.01480@demo.legallock.com>; from dave_lambert@fbcc.com on Fri, May 18, 2001 at 09:59:37AM -0500 X-Mailer: Why do *you* want to know?? Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 18, 2001 at 09:59:37AM -0500, David Lambert wrote: > I am a newbie to the crypto world and am in the process migrating my syst= ems=20 > from 2.2.18 kernel to 2.4.x and am considering replacing the internationa= l=20 > crypto patch with the loop-AES package from Jari Ruusu. Does anyone have= =20 > experience with the maturity/reliability of this package? Any comments pl= ease. Stock 2.4.4 - all ok here AGL --=20 Join in the new game that's sweeping the country. It's called "Bureaucracy= ". Everybody stands in a circle. The first person to do anything loses. --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjsGshMACgkQzaVS3yy2PWAnBwCfdg0unSWzuD8lYJ/Peqsswn89 2QQAn3nc70Lr+pQQUbJirW15dJgtU3OP =e22G -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Mon May 21 13:14:09 2001 Received: by humbolt.nl.linux.org id ; Mon, 21 May 2001 13:12:55 +0200 Received: from pop.gmx.net ([194.221.183.20]:42654 "HELO mail.gmx.net") by humbolt.nl.linux.org with SMTP id ; Mon, 21 May 2001 13:11:56 +0200 Received: (qmail 24422 invoked by uid 0); 21 May 2001 11:11:55 -0000 Received: from p3e9e4f5a.dip.t-dialin.net (HELO host1) (62.158.79.90) by mail.gmx.net (mp003-rz3) with SMTP; 21 May 2001 11:11:55 -0000 Message-ID: <010801c0e1e6$d9455060$0100005a@host1> From: "peter k." To: "Jari Ruusu" Cc: References: <01df01c0e0a6$bfb9ed40$0100005a@host1> <3B0824E1.4FEE834F@pp.inet.fi> Subject: Re: serpent loopback crypto "EXT2-fs: group descriptors corrupted" Date: Mon, 21 May 2001 13:11:52 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list [moved from linux-kernel to linux-crypto] > > i created a 10mb file called .enc2 with random data and ran "# losetup -e > > serpent -k 128 /dev/loop0 /mnt/hda7/.enc2" > > then i ran "# mke2fs /dev/loop0" and tried to "# mount /dev/loop0 /enc". but > > i get the following error messages when trying to mount: > > > > May 19 21:32:10 HOST2 kernel: EXT2-fs error (device loop(7,0)): > > ext2_check_descriptors: Block bitmap for group 16 not in group (block 0)! > > May 19 21:32:10 HOST2 kernel: EXT2-fs: group descriptors corrupted ! > > > > im using kernel 2.4.4 patched with crypto patch 2.4.3.1 [and util linux > > 2.11a patched with the patch from that crypto patch] > > i also got the same errors with a 2gb file and by creating the loop device > > directly on my 19.5gb /dev/hda7 > > i tried a few times again and sometimes the encrypted loopback fs works > > perfectly, sometimes the error occurs!? > > anyone got an idea what this is!? i will supply more information on request > > International crypto patch is misdesigned and broken, period. If you don't > want to play russian roulette with your data, you should consider using > loop-AES package. loop-AES announcement is here: > > http://mail.nl.linux.org/linux-crypto/2001-05/msg00003.html maybe you could tell me why exactly loop-AES is more secure than the international crypto patch? ;) - peter k. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From owner-linux-crypto@nl.linux.org Mon May 21 13:53:08 2001 Received: by humbolt.nl.linux.org id ; Mon, 21 May 2001 13:52:23 +0200 Received: from mdma.ash.de ([195.222.228.66]:2070 "HELO mdma.ash.de") by humbolt.nl.linux.org with SMTP id ; Mon, 21 May 2001 13:51:45 +0200 Received: (qmail 21544 invoked by uid 500); 21 May 2001 11:51:38 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 21 May 2001 11:51:38 -0000 Date: Mon, 21 May 2001 13:51:38 +0200 (MEST) From: Hauke Johannknecht To: "peter k." cc: linux-crypto@nl.linux.org Subject: Re: serpent loopback crypto "EXT2-fs: group descriptors corrupted" In-Reply-To: <010801c0e1e6$d9455060$0100005a@host1> Message-ID: X-NCC-RegID: de.trmd MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-crypto@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;linux-crypto-list On Mon, 21 May 2001, peter k. wrote: > > http://mail.nl.linux.org/linux-crypto/2001-05/msg00003.html > maybe you could tell me why exactly loop-AES is more secure than the > international crypto patch? ;) because its smaller. ist focused on a single task, giving the kernel robust AES loop crypto. less code, less bugs. and i like to be able to use things like XFS or the USAGI-v6 kernels _and_ have the option to use encrypted devices on the same machine at the same time. ;) Gruss, Hauke -- Hauke Johannknecht Berlin / Germany HJ422-RIPE Use PGP ! -> lynx -dump http://www.ash.de/ash.asc | pgp -kaf Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/