Untitled Document

From linux-crypto-bounce@nl.linux.org Fri Mar 1 01:37:47 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:38093 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 01:37:43 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Mar 2002 01:37:34 +0100 (CET) Received: from dlva-es1.emergent-ts.com ([IPv6:::ffff:192.234.181.71]:18701 "EHLO dlva_es1.emergent-it.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 01:37:13 +0100 Received: from L-3com.com (renner_linux.dlva.emergent-it.com [10.2.3.24]) by dlva_es1.emergent-it.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id F3D8CDQ1; Thu, 28 Feb 2002 19:37:36 -0500 Message-ID: <3C7ECD37.45AA055E@L-3com.com> Date: Thu, 28 Feb 2002 19:37:11 -0500 From: Tim Renner X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Erik Kunze CC: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs References: <20020220074509.A2654@philos.philosys.de> <3C73DF2A.63ADEB8D@pp.inet.fi> <20020220162315.A9696@example.com> <20020221074617.A7773@philos.philosys.de> <20020221095744.A10625@example.com> <20020222113044.A22441@philos.philosys.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Tim.Renner@L-3com.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I don't know if this ever got resolved or not, but I just burnt an encrypted CD with ext2 format... here's what I did for anyone interested, step by step... Oh, I'm using loop-AES 1.5b... I never did get this to work with just the cryptoapi, but i had an old version... I'm assuming it was because of the IV mode problem... anyways, here's what I've done... // Create the original image dd if=/dev/urandom of=image.img bs=1M count=650 mke2fs -m 0 -b 1024 image.img mount -o loop image.img temp umount temp // Encrypt it // image.img must NOT be mounted at this point> losetup /dev/loop0 image.img losetup -e aes256 /dev/loop1 image.img dd if=/dev/loop0 of=/dev/loop1 bs=1M conv=notrunc sync losetup -d /dev/loop0 losetup -d /dev/loop1 // Burn it cdrecord -v speed=8 dev=0,0,0 image.img // Mount it losetup -e aes256 /dev/loop0 /dev/cdrom mount /dev/loop0 /mnt And that's that ;) Hope it helps ;) Give me feedback on whether that works for everyone or not... If you want a non-destructive encrypt, simply create a new file of the same size and mount that on /dev/loop1 when encrypting. -Tim Erik Kunze wrote: > > * Chris Schadl [020221 16:57]: > > Date: Thu, 21 Feb 2002 09:57:44 -0600 > > From: Chris Schadl > > Subject: Re: Crypted CDROMs > > > > # dd if=/dev/urandom of=~/crypto.iso bs=1M count=650 > > # losetup -e aes -k 192 /dev/loop0 ~/crypto.iso > > # mkisofs -r /stuff/SUPAR-SECRET-STUFF/ >/dev/loop0 > > # losetup -d /dev/loop0 > > > > Then you should be able to mount the encrypted iso image, or burn it to a > > CD-ROM. > > That's how I did! Please read my initial posting! Mounting of the image > fails. I haven't tried to burn the image and mount the CDROM. > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Mar 1 01:54:52 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:8403 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 01:54:42 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Mar 2002 01:54:26 +0100 (CET) Received: from storm.ca ([IPv6:::ffff:209.87.239.69]:22405 "EHLO mail.storm.ca") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 01:54:14 +0100 Received: from storm.ca (ppp-209-87-255-11.ottawa.storm.ca [209.87.255.11]) by mail.storm.ca (8.10.2+Sun/8.10.2) with ESMTP id g210sCG19141 for ; Thu, 28 Feb 2002 19:54:13 -0500 (EST) Message-ID: <3C7ECFEF.C83C51B8@storm.ca> Date: Thu, 28 Feb 2002 19:48:47 -0500 From: Sandy Harris X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: loop-AES supported ciphers References: <20020225220846.C812@linux-m68k.org> <3C7BD79C.F6F786CA@pp.inet.fi> <20020226222949.B1694@linux-m68k.org> <3C7D48E3.B21941F4@pp.inet.fi> <1014886739.2070.139.camel@janus.txd.hvrlab.org> <3C7E72B5.7D652428@pp.inet.fi> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sandy@storm.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Jari Ruusu wrote: > > > So many people have asked about more ciphers for loop-AES that next release > > > may have additional extra-ciphers package with at least serpent, blowfish > > > and twofish ciphers. > It is going to be add-on package (a separate tarball). Loop-AES core will > remain AES only. One of the reasons is that loop-AES supports old 2.0 > kernels, but externally loaded ciphers only work with 2.2 and later kernels > only. Externally loaded ciphers may also be a security weakness. I'd suggest aiming at just AES plus Serpent and Twofish, the other two AES finalists with good licenses. They all operate on 128-bit blocks with 128, 192 or 256-bit keys (AES contest requirements). Much of the existing code for them was written with a common interface for AES testing. It should be straightforward to use these three interchangeably. Then make them all compile-time options, not externally loaded. Methinks Blowfish is pointless. It is a good cipher, but not a good fit for this application. It operates on 64-bit blocks and was not an AES candidate, so adding it would complicate the interface considerably. The Blowfish designer, Schneier, was on the Twofish team. I suspect he'd tell you to use Twofish, not its predecessor. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Mar 1 11:22:57 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:63141 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 11:22:41 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Mar 2002 11:22:23 +0100 (CET) Received: from quechua.inka.de ([IPv6:::ffff:212.227.14.2]:10312 "EHLO mail.inka.de") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 11:22:13 +0100 Received: from bigred.inka.de (uucp@) by mail.inka.de with local-bsmtp id 16gkB2-0008QT-00; Fri, 1 Mar 2002 11:22:12 +0100 Received: from bigred.inka.de (bigred [192.168.1.2]) by bigred.inka.de with esmtp id 16gk6W-0001Ki-00; Fri, 01 Mar 2002 11:17:32 +0100 To: linux-crypto@nl.linux.org Subject: Cryptoapi Blowfish implementation and IV argument issues References: <1014921538.2077.362.camel@janus.txd.hvrlab.org> Organization: private Linux site, southern Germany Date: Fri, 01 Mar 2002 11:17:32 +0100 From: Olaf Titz Message-Id: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: olaf@bigred.inka.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > > "known bug", or an imperfect implementation (i.e. with blowfish), they > > have a responsibility to fix it, and offer a transition path to correct > > it. > btw, that cryptoapi thing is more a 'known issue' than a 'known bug' > > why? because a bug usually leads to loss of data or something different; > but since the patch-int was the only encryption package to read and > write such blowfish encrypted volumes there was no real need to change > that... or was there any established volume-encryption format, to which > compatibility would have been broken? > ok, the bug about it is, that on big-endian machines the on-disk format > is different... but as said in a mail before, this blowfish issue will It _is_ a bug, because the Blowfish algorithm is clearly specified and the cryptoapi implementation breaks this spec. The same bug exists in CIPE, btw., although the code was developed independently the authors made the same mistake (while the 32-bit words are processed internally in host byte order, they have to be _read from memory_ in defined big-endian byte order). This also leads to interoperability problems not only because of different on-disk formats but of different _network_ formats - CIPE uses this implementation in the development version. I've resolved this problem by re-specifying the CIPE network format to use a mutated little-endian Blowfish and coding the internal Blowfish module in a way which uses this byte order even on big-endian machines. (Btw. has anyone ever tested that?) What has mainly kept me from releasing the new, cryptoapi based CIPE as a stable 1.6 about a year ago was that this issue had not been resolved - it would be impossible for a BE and a LE machine to communicate; while this may be tolerable for disks it absolutely isn't for networks. I've also long suspected that the cryptoapi IDEA implementation has the same problem. Has anyone ever verified this? (Sorry, I don't have a big-endian box to test.) > be resolved... i.e. by fixing the current, and providing a > compat-blowfish cipher... Which is the only sane way out of this mess, yes. While we're at it, can anyone tell me why the IV argument in the cryptoapi functions since 2.4.16 is specified as u32[] ? I see the imminent danger that the same implementation mistake as cited above will be made again, as someone will write code which reads and writes the IV in 32-bit chunks. For the same reason as for the ciphers themselves, this does not work. Can this possibly be changed to a byte pointer? Olaf - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Mar 1 12:01:23 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:32940 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 12:01:14 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Mar 2002 12:01:07 +0100 (CET) Received: from cm.med.3284844210.kabelnet.net ([IPv6:::ffff:195.202.190.178]:53479 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 12:00:58 +0100 Received: from janus.txd.hvrlab.org (IDENT:UYWHM+9Cy/DsWUsmzo7LAacrTM7l56xL@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g21B0t932031; Fri, 1 Mar 2002 12:00:55 +0100 Date: Fri, 1 Mar 2002 12:00:55 +0100 (CET) From: Herbert Valerio Riedel X-X-Sender: hvr@janus.txd.hvrlab.org To: Olaf Titz cc: linux-crypto@nl.linux.org Subject: Re: Cryptoapi Blowfish implementation and IV argument issues In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Fri, 1 Mar 2002, Olaf Titz wrote: > It _is_ a bug, because the Blowfish algorithm is clearly specified and > the cryptoapi implementation breaks this spec. ack - as it concern the crypto API, of which one would expect to implement the algorithm correctly; especially wrt network protocols > I've also long suspected that the cryptoapi IDEA implementation has > the same problem. Has anyone ever verified this? (Sorry, I don't have > a big-endian box to test.) > > > be resolved... i.e. by fixing the current, and providing a > > compat-blowfish cipher... > > Which is the only sane way out of this mess, yes. > While we're at it, can anyone tell me why the IV argument in the > cryptoapi functions since 2.4.16 is specified as u32[] ? I see the > imminent danger that the same implementation mistake as cited above > will be made again, as someone will write code which reads and writes > the IV in 32-bit chunks. For the same reason as for the ciphers > themselves, this does not work. Can this possibly be changed to a byte > pointer? sure; planned anyway... and btw, the old API used the context struct to store the IV, but this lead to non-reentrancy issues when the IV was changed frequently; I've been told CIPE's cvs version still uses the context for IV; shall I re-introduce context-IV's for compatibilities sake, and change the API a bit as well? (i.e. 2 calls, encrypt () and encrypt_iv ()) regards, -- Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Mar 1 15:56:48 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:5356 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 15:56:45 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Mar 2002 15:56:33 +0100 (CET) Received: from mta7.pltn13.pbi.net ([IPv6:::ffff:64.164.98.8]:65208 "EHLO mta7.pltn13.pbi.net") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 15:56:06 +0100 Received: from GLOBAL01 ([206.170.209.138]) by mta7.pltn13.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GSA00DEVUTD9F@mta7.pltn13.pbi.net> for linux-crypto@nl.linux.org; Fri, 01 Mar 2002 06:56:04 -0800 (PST) Date: Fri, 01 Mar 2002 06:55:14 -0800 From: "IT3 Stuart Blake Tener, USNR-R" Subject: RE: Crypted CDROMs In-reply-to: <3C7ECD37.45AA055E@L-3com.com> To: 'Tim Renner' , 'Erik Kunze' Cc: linux-crypto@nl.linux.org Reply-to: stuart@bh90210.net Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook, Build 10.0.2627 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: stuart@bh90210.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Tim, et al.: Well now, this is quite useful information! I have been looking for a way to burn encrypted CD-RWs in a "standard" manner (at least for Linux). I am curious, can I use CD-Roast be used to burn the CD-ROM (I like its GUI)? Using cdrecord is fine, but I am just curious if you have tried that? One thing that has interested me for some time would be the ability to burn an encrypted disc in such a way that it could be readable under either Linux or Windows. Of course this (I imagine) would require firstly a port of loop-aes to Windows (which does not exist), and then the implementation of a virtual Linux filesystem under Windows. A friend has been looking into that for a while (porting loop-aes to windows), but has not had the time to get it started yet. I am curious, with respect to DVD burners, how do you think this kind of process (as you describe for making CDs) would translate into making DVD images? I am not a DVD burning expert at all (I know very little), but I do have a particular instance where being able to burn about 3-GB of encrypted data on a DVD would be explicity useful (even if only able to be read under Linux). I see the DVD burners are down to $499, but I have not acquired one yet as I am not sure if they decided on a standard yet, or if they are able to be read (the DVD-Rs/DVD-RWs) by standard DVD drives. Very Respectfully, Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@bh90210.net west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Friday, March 01, 2002 6:54 AM -----Original Message----- From: linux-crypto-bounce@nl.linux.org [mailto:linux-crypto-bounce@nl.linux.org] On Behalf Of Tim Renner Sent: Thursday, February 28, 2002 4:37 PM To: Erik Kunze Cc: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs I don't know if this ever got resolved or not, but I just burnt an encrypted CD with ext2 format... here's what I did for anyone interested, step by step... Oh, I'm using loop-AES 1.5b... I never did get this to work with just the cryptoapi, but i had an old version... I'm assuming it was because of the IV mode problem... anyways, here's what I've done... // Create the original image dd if=/dev/urandom of=image.img bs=1M count=650 mke2fs -m 0 -b 1024 image.img mount -o loop image.img temp umount temp // Encrypt it // image.img must NOT be mounted at this point> losetup /dev/loop0 image.img losetup -e aes256 /dev/loop1 image.img dd if=/dev/loop0 of=/dev/loop1 bs=1M conv=notrunc sync losetup -d /dev/loop0 losetup -d /dev/loop1 // Burn it cdrecord -v speed=8 dev=0,0,0 image.img // Mount it losetup -e aes256 /dev/loop0 /dev/cdrom mount /dev/loop0 /mnt And that's that ;) Hope it helps ;) Give me feedback on whether that works for everyone or not... If you want a non-destructive encrypt, simply create a new file of the same size and mount that on /dev/loop1 when encrypting. -Tim Erik Kunze wrote: > > * Chris Schadl [020221 16:57]: > > Date: Thu, 21 Feb 2002 09:57:44 -0600 > > From: Chris Schadl > > Subject: Re: Crypted CDROMs > > > > # dd if=/dev/urandom of=~/crypto.iso bs=1M count=650 > > # losetup -e aes -k 192 /dev/loop0 ~/crypto.iso > > # mkisofs -r /stuff/SUPAR-SECRET-STUFF/ >/dev/loop0 > > # losetup -d /dev/loop0 > > > > Then you should be able to mount the encrypted iso image, or burn it to a > > CD-ROM. > > That's how I did! Please read my initial posting! Mounting of the image > fails. I haven't tried to burn the image and mount the CDROM. > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Mar 1 16:21:11 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:28290 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 16:20:48 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Mar 2002 16:20:41 +0100 (CET) Received: from office.mandrakesoft.com ([IPv6:::ffff:195.68.114.34]:41710 "EHLO office.mandrakesoft.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 16:20:32 +0100 Received: from localhost.mandrakesoft.com (dhcp108.mandrakesoft.com [192.168.100.108]) by office.mandrakesoft.com (8.9.3/8.9.3) with ESMTP id QAA32148; Fri, 1 Mar 2002 16:20:22 +0100 Received: by localhost.mandrakesoft.com (Postfix, from userid 501) id 8916216EFB; Fri, 1 Mar 2002 16:10:06 +0100 (CET) To: Herbert Valerio Riedel Cc: Marc Mutz , linux-crypto@nl.linux.org Subject: Re: loop-AES supported ciphers References: X-Url: http://www.lfcia.org/~quintela From: Juan Quintela In-Reply-To: Date: 01 Mar 2002 16:10:06 +0100 Message-ID: Lines: 20 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: quintela@mandrakesoft.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org >>>>> "herbert" == Herbert Valerio Riedel writes: Hi herbert> ...wasn't there work ongoing in 2.5's kbuild framework to make merging herbert> easier? ;) Merging without conflicts have never being a big deal, and merging with conflicts is going to be PITA always :(((( The only think that 2.5 kbuild gives you is that now it is trivial to make addons work (until now, you had to patch Makefile & Config.in, that was where almost all the problems come from). Later, Juan "that has to merge too many patchs" -- In theory, practice and theory are the same, but in practice they are different -- Larry McVoy - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Mar 1 16:27:11 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:64900 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 16:26:51 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Mar 2002 16:26:45 +0100 (CET) Received: from office.mandrakesoft.com ([IPv6:::ffff:195.68.114.34]:28657 "EHLO office.mandrakesoft.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Mar 2002 16:26:36 +0100 Received: from localhost.mandrakesoft.com (dhcp108.mandrakesoft.com [192.168.100.108]) by office.mandrakesoft.com (8.9.3/8.9.3) with ESMTP id QAA32188; Fri, 1 Mar 2002 16:26:35 +0100 Received: by localhost.mandrakesoft.com (Postfix, from userid 501) id E871716EFB; Fri, 1 Mar 2002 16:16:19 +0100 (CET) To: Sandy Harris Cc: linux-crypto@nl.linux.org Subject: Re: loop-AES supported ciphers References: <20020225220846.C812@linux-m68k.org> <3C7BD79C.F6F786CA@pp.inet.fi> <20020226222949.B1694@linux-m68k.org> <3C7D48E3.B21941F4@pp.inet.fi> <1014886739.2070.139.camel@janus.txd.hvrlab.org> <3C7E72B5.7D652428@pp.inet.fi> <3C7ECFEF.C83C51B8@storm.ca> X-Url: http://www.lfcia.org/~quintela From: Juan Quintela In-Reply-To: <3C7ECFEF.C83C51B8@storm.ca> Date: 01 Mar 2002 16:16:19 +0100 Message-ID: Lines: 30 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: quintela@mandrakesoft.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org >>>>> "sandy" == Sandy Harris writes: Hi sandy> Externally loaded ciphers may also be a security weakness. And a good option for let people decide if they want/don't want crypto. Notice that this is a myth, if one atacant can change your modules, he can also patch your binary. When somebody has root on your machine, the game is over :(((( sandy> Then make them all compile-time options, not externally loaded. Distributions like to let people choice what they want, if you don't let it be modules, we are not able to give the option :((( Notice that _size_ is very important, as there is still not PC that can boot with anything that is not a floppy. Notice also that you can compile modules into the kernel if you want, that means that if they are modules, you can put they are modules or compiled-in, as your choice, if they can only be compiled-in, you can compiled them in, or not having them, what means less choice. Later, Juan. -- In theory, practice and theory are the same, but in practice they are different -- Larry McVoy - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Mar 2 10:59:45 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:43704 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Mar 2002 10:59:41 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Mar 2002 10:58:59 +0100 (CET) Received: from cm.med.3284844210.kabelnet.net ([IPv6:::ffff:195.202.190.178]:44432 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Mar 2002 10:58:47 +0100 Received: from janus.txd.hvrlab.org (IDENT:+VfLpvQRsXwidw0LmH01D/W/Q9ko18vr@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g229wi912099 for ; Sat, 2 Mar 2002 10:58:46 +0100 Subject: Re: Cryptoapi Blowfish implementation and IV argument issues From: Herbert Valerio Riedel To: linux-crypto@nl.linux.org In-Reply-To: References: <1014921538.2077.362.camel@janus.txd.hvrlab.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-eT3JtBge+5+JOhi8XI2e" X-Mailer: Evolution/1.0.2 Date: 02 Mar 2002 10:58:44 +0100 Message-Id: <1015063126.2077.692.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-eT3JtBge+5+JOhi8XI2e Content-Type: text/plain Content-Transfer-Encoding: quoted-printable fyi, On Fri, 2002-03-01 at 11:17, Olaf Titz wrote: > > be resolved... i.e. by fixing the current, and providing a > > compat-blowfish cipher... > Which is the only sane way out of this mess, yes. have fixed that in CVS > the IV in 32-bit chunks. For the same reason as for the ciphers > themselves, this does not work. Can this possibly be changed to a byte > pointer? fixed as well... I'll do some checks on the other ciphers, including idea, to see whether they're broken on big-endian (suspect there are a few) regards, --=20 Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 --=-eT3JtBge+5+JOhi8XI2e Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8gKJTSYHgZIg/QUIRAl6oAJwIDkm5QBb00Sib6Wkkbpzea8HkaQCfauA2 bsfO8hX67lufcC+ANQSw6tQ= =zEFJ -----END PGP SIGNATURE----- --=-eT3JtBge+5+JOhi8XI2e-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Mar 3 02:08:44 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:35564 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 3 Mar 2002 02:08:35 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 03 Mar 2002 02:08:09 +0100 (CET) Received: from [IPv6:::ffff:211.250.127.130] ([IPv6:::ffff:211.250.127.130]:45060 "HELO 211.250.127.130") by humbolt.nl.linux.org with SMTP id ; Sun, 3 Mar 2002 02:07:50 +0100 From: ycmyliz To: linux-crypto@nl.linux.org Subject: Just thinking about you. fen Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Sat, 2 Mar 2002 17:03:56 -0800 Message-Id: <20020303010755Z16709-24253+332@humbolt.nl.linux.org> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: dxliz@sky.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Untitled Document

If you thought sex was all over for you, take heart and read on! There's every chance that very, very soon you'll actually be watching your penis stand up and salute with all the vigor, zest, and lusty appetite of a fresh, young recruit! The secret of success will be all yours - she need ever know - and this is how it works...

For more information please send an email to revolutionary_pills@yahoo.com with "MORE INFO" being the only two words on the subject line. To remove, place "REMOVE" being the only word on the subject line.

rrwxkryxmcyudmwsrpvqhj - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Mar 4 21:32:27 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:21971 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Mar 2002 21:32:16 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 04 Mar 2002 21:31:13 +0100 (CET) Received: from dlva_es1.l3com-analytics.com ([IPv6:::ffff:192.234.181.71]:16140 "EHLO dlva_es1.l3com-analytics.com") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Mar 2002 21:30:52 +0100 Received: from L-3com.com (renner_linux.dlva.emergent-it.com [10.2.3.24]) by dlva_es1.l3com-analytics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id GJGYCZLD; Mon, 4 Mar 2002 15:31:05 -0500 Message-ID: <3C83D975.175BBBF6@L-3com.com> Date: Mon, 04 Mar 2002 15:30:45 -0500 From: Tim Renner X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.14-xfs i686) X-Accept-Language: en MIME-Version: 1.0 To: stuart@bh90210.net CC: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Tim.Renner@L-3com.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I've never tried CD-Roast, but it requires cdrecord anyways, so it should be okay. I just tried yesterday burning an encrypted image to a CD using Nero in Win NT 4.0 and it failed, but I think that's due to the software. It seems like it needs an ISO image to burn correctly. As for using the CDs under Windows, I don't think you would need a virtual Linux filesystem, you can simply create a FAT32 image (mkdosfs -F 32 image.img), rather than an ext2 one (although there is a performance hit for this, and I would love ext2 for Windows ;). Don't try burning a FAT32 image onto a CD though yet, I've never gotten windows to recognize the CD, I think it expects an ISO CD, and won't mount a FAT32 one. Windows loop-aes might need to address this? If I'm wrong, somebody please let me know how to do it, the ISO filesystem is too limiting for most of what I do and I don't want to lock myself into Linux if I don't have to. -Tim "IT3 Stuart Blake Tener, USNR-R" wrote: > > Tim, et al.: > > Well now, this is quite useful information! I have been looking > for a way to burn encrypted CD-RWs in a "standard" manner (at least for > Linux). I am curious, can I use CD-Roast be used to burn the CD-ROM (I > like its GUI)? > Using cdrecord is fine, but I am just curious if you have tried that? > > One thing that has interested me for some time would be the > ability to burn an encrypted disc in such a way that it could be > readable under either Linux or Windows. Of course this (I imagine) would > require firstly a port of loop-aes to Windows (which does not exist), > and then the implementation of a virtual Linux filesystem under Windows. > > A friend has been looking into that for a while (porting > loop-aes to windows), but has not had the time to get it started yet. > > I am curious, with respect to DVD burners, how do you think this > kind of process (as you describe for making CDs) would translate into > making DVD images? I am not a DVD burning expert at all (I know very > little), but I do have a particular instance where being able to burn > about 3-GB of encrypted data on a DVD would be explicity useful (even if > only able to be read under Linux). I see the DVD burners are down to > $499, but I have not acquired one yet as I am not sure if they decided > on a standard yet, or if they are able to be read (the DVD-Rs/DVD-RWs) > by standard DVD drives. > > Very Respectfully, > > Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 02:24:04 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:49307 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 02:23:49 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 02:23:28 +0100 (CET) Received: from mta6.snfc21.pbi.net ([IPv6:::ffff:206.13.28.240]:13972 "EHLO mta6.snfc21.pbi.net") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 02:23:03 +0100 Received: from GLOBAL01 ([206.170.209.133]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GSH00FP77U12C@mta6.snfc21.pbi.net> for linux-crypto@nl.linux.org; Mon, 04 Mar 2002 17:22:51 -0800 (PST) Date: Mon, 04 Mar 2002 17:21:14 -0800 From: "IT3 Stuart Blake Tener, USNR-R" Subject: RE: Crypted CDROMs In-reply-to: <3C83D975.175BBBF6@L-3com.com> To: 'Tim Renner' Cc: linux-crypto@nl.linux.org Reply-to: stuart@bh90210.net Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook, Build 10.0.2627 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: stuart@bh90210.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Tim: Well this is the one area in which loop-aes is not a winner, and at least for me it does create a problem (as I have need for encrypted CD-ROMs which are readable under Linux and Windows). I am not enough of a Windows programmer to port it myself (or I would gladly). I know if I spent the time to learn how to do programming in the Windows environment enough to write a driver to read an encrypted filesystem I could certainly do it. The problem is I do not have the time to dedicate to such a project, and I presume Jari is in the same boat with respect to his programming abilities, or something makes me think he would have already written it. I am however working a friend to try to get the information to build such a port, as I think there is definite demand for it. Do not get me wrong, I like being a Linux bigot as much as the next guy, but there comes a point when one must own up to the fact that using Windows is part of working in the business world, and so therefore I am relegated to doing so in certain circumstances. Do not get me wrong, I have great appreciation for loop-aes as a piece of software, and Jari has done nothing less than a masterful job of writing it. I just would like to see it support Windows. I am trying to find a public domain driver for Windows which implements ext2 or ext3 under Windows. Then I would modify it to read using the encryption / decryption techniques used by loop-aes. Any ideas? Very Respectfully, Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@bh90210.net west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Monday, March 04, 2002 5:21 PM -----Original Message----- From: trenner@Misty.com [mailto:trenner@Misty.com] On Behalf Of Tim Renner Sent: Monday, March 04, 2002 12:31 PM To: stuart@bh90210.net Cc: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs I've never tried CD-Roast, but it requires cdrecord anyways, so it should be okay. I just tried yesterday burning an encrypted image to a CD using Nero in Win NT 4.0 and it failed, but I think that's due to the software. It seems like it needs an ISO image to burn correctly. As for using the CDs under Windows, I don't think you would need a virtual Linux filesystem, you can simply create a FAT32 image (mkdosfs -F 32 image.img), rather than an ext2 one (although there is a performance hit for this, and I would love ext2 for Windows ;). Don't try burning a FAT32 image onto a CD though yet, I've never gotten windows to recognize the CD, I think it expects an ISO CD, and won't mount a FAT32 one. Windows loop-aes might need to address this? If I'm wrong, somebody please let me know how to do it, the ISO filesystem is too limiting for most of what I do and I don't want to lock myself into Linux if I don't have to. -Tim "IT3 Stuart Blake Tener, USNR-R" wrote: > > Tim, et al.: > > Well now, this is quite useful information! I have been looking > for a way to burn encrypted CD-RWs in a "standard" manner (at least for > Linux). I am curious, can I use CD-Roast be used to burn the CD-ROM (I > like its GUI)? > Using cdrecord is fine, but I am just curious if you have tried that? > > One thing that has interested me for some time would be the > ability to burn an encrypted disc in such a way that it could be > readable under either Linux or Windows. Of course this (I imagine) would > require firstly a port of loop-aes to Windows (which does not exist), > and then the implementation of a virtual Linux filesystem under Windows. > > A friend has been looking into that for a while (porting > loop-aes to windows), but has not had the time to get it started yet. > > I am curious, with respect to DVD burners, how do you think this > kind of process (as you describe for making CDs) would translate into > making DVD images? I am not a DVD burning expert at all (I know very > little), but I do have a particular instance where being able to burn > about 3-GB of encrypted data on a DVD would be explicity useful (even if > only able to be read under Linux). I see the DVD burners are down to > $499, but I have not acquired one yet as I am not sure if they decided > on a standard yet, or if they are able to be read (the DVD-Rs/DVD-RWs) > by standard DVD drives. > > Very Respectfully, > > Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 02:36:39 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:60320 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 02:36:26 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 02:36:20 +0100 (CET) Received: from anime.net ([IPv6:::ffff:63.172.78.150]:37504 "EHLO sasami.anime.net") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 02:36:05 +0100 Received: from localhost (goemon@localhost) by sasami.anime.net (8.11.6/8.11.6) with ESMTP id g251ZT204092; Mon, 4 Mar 2002 17:35:29 -0800 Date: Mon, 4 Mar 2002 17:35:29 -0800 (PST) From: Dan Hollis To: "IT3 Stuart Blake Tener, USNR-R" cc: "'Tim Renner'" , Subject: RE: Crypted CDROMs In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: goemon@anime.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Mon, 4 Mar 2002, IT3 Stuart Blake Tener, USNR-R wrote: > I am trying to find a public domain driver for Windows which > implements ext2 or ext3 under Windows. Then I would modify it to read > using the encryption / decryption techniques used by loop-aes. Any > ideas? http://www.yipton.demon.co.uk/content.html#FSDEXT2 Its read-only but should be a start -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-] - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 09:54:29 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:47782 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 09:54:17 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 09:53:52 +0100 (CET) Received: from mailbox.surfeu.fi ([IPv6:::ffff:213.173.154.4]:5 "EHLO surfeu.fi") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 09:53:38 +0100 Received: from [213.173.146.131] (account ce6c8edf HELO pp.inet.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with ESMTP id 14527505 for linux-crypto@nl.linux.org; Tue, 05 Mar 2002 10:53:30 +0200 Message-ID: <3C84877E.61B7D416@pp.inet.fi> Date: Tue, 05 Mar 2002 10:53:18 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Announce loop-AES-v1.5c file/swap crypto package Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Changes since previous release: - build-initrd.sh now works with devfs and can setup national keyboard layout before asking password. - Added losetup -d and losetup -e to "make tests" between writing test file and reading test file. This is to prevent kernel from caching test data. - Added RIPE-MD160 hash, and "-H rmd160", "-I 123" options to losetup, and "-o phash=rmd160,loinit=123" options to mount. - loop.c-2.4.original updated with fixes from 2.4.19-pre2 - Added workaround for missing current->nice in recent -ac kernels. bzip2 compressed tarball is here: http://loop-aes.sourceforge.net/loop-AES-v1.5c.tar.bz2 md5sum 7c48b5f5c5426645f4e1975ef21fe5f8 PGP signature file, my public key, and fingerprint here: http://loop-aes.sourceforge.net/loop-AES-v1.5c.tar.bz2.sign http://loop-aes.sourceforge.net/PGP-public-key.asc 1024/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD Tarball containing extra ciphers for use with loop-AES package is also available. This tarball contains source for serpent, twofish and blowfish cipher modules. Read the README file in the tarball for more information. bzip2 compressed tarball is here: http://loop-aes.sourceforge.net/ciphers-v1.0a.tar.bz2 md5sum d1716a45d9abda34baf2ff0cbc54ed2a PGP signature file here: http://loop-aes.sourceforge.net/ciphers-v1.0a.tar.bz2.sign Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 11:15:48 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:14778 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 11:15:31 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 11:15:20 +0100 (CET) Received: from bpdcwm01.bpcl.broadband.hu ([IPv6:::ffff:195.184.181.2]:9437 "EHLO mx01.broadband.hu") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 11:15:16 +0100 Received: from kain.satimex.tvnet.hu (gep427-4530.bp13catv.broadband.hu [80.98.31.185]) by mx01.broadband.hu (Postfix) with ESMTP id 3740D30F68 for ; Tue, 5 Mar 2002 11:15:12 +0100 (MET) Message-Id: <5.0.2.1.2.20020305111010.01cc1170@pop.tvnet.hu> X-Sender: newsmail@pop.tvnet.hu X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Tue, 05 Mar 2002 11:12:57 +0100 To: linux-crypto@nl.linux.org From: Newsmail Subject: difference between jari's and hvr's package Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: newsmail@satimex.tvnet.hu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I would like to ask, what is the real difference between the crypto api package of hvr (the new testing releases for new kernels), and the loop-AES package of jari. Today I see that we can use other ciphers with loop-AES just like with cryptoapi. then where is the real difference? we can compile loop-AES to the kernel just like cryptoapi. I dont really understand why there are 2 releases evoluting together. could someone explain me please? greg - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 16:45:31 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:2971 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 16:45:17 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 16:45:04 +0100 (CET) Received: from petkele.almamedia.fi ([IPv6:::ffff:194.215.205.158]:35274 "HELO petkele.almamedia.fi") by humbolt.nl.linux.org with SMTP id ; Tue, 5 Mar 2002 16:44:49 +0100 Received: (qmail 15589 invoked from network); 5 Mar 2002 15:44:33 -0000 Received: from dyn-q-021.yhteys.mtv3.fi (HELO pp.inet.fi) (62.237.17.21) by petkele.almamedia.fi with SMTP; 5 Mar 2002 15:44:33 -0000 Message-ID: <3C84E7BF.1B332FC1@pp.inet.fi> Date: Tue, 05 Mar 2002 17:43:59 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Newsmail CC: linux-crypto@nl.linux.org Subject: Re: difference between jari's and hvr's package References: <5.0.2.1.2.20020305111010.01cc1170@pop.tvnet.hu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Newsmail wrote: > I would like to ask, what is the real difference between the crypto api > package of hvr (the new testing releases for new kernels), and the loop-AES > package of jari. Today I see that we can use other ciphers with loop-AES > just like with cryptoapi. then where is the real difference? we can compile > loop-AES to the kernel just like cryptoapi. I dont really understand why > there are 2 releases evoluting together. could someone explain me please? > greg Because cryptoapi works with very limited set of kernels, and with none of the ultra stable kernels. Loop-AES works with all maintained stable kernels, including distro vendor kernels. Meaning that if you use cryptoapi, HVR chooses your kernel for you. If you use loop-AES, crypto adapts to _your_ choice of kernel. That is a big difference. Another disadvantage that cryptoapi loop has, is the cryptoapi bloat that makes it slower than loop-AES. Loop-AES does not use cryptoapi, and that is a feature. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 17:14:23 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:15521 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 17:14:06 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 17:13:59 +0100 (CET) Received: from cm.med.3284844210.kabelnet.net ([IPv6:::ffff:195.202.190.178]:5586 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 17:13:40 +0100 Received: from janus.txd.hvrlab.org (IDENT:RmGjxQRGw6BHzrvY49kIc42P0sPhCW4H@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g25GDb925536; Tue, 5 Mar 2002 17:13:37 +0100 Subject: Re: difference between jari's and hvr's package From: Herbert Valerio Riedel To: Jari Ruusu Cc: Newsmail , linux-crypto@nl.linux.org In-Reply-To: <3C84E7BF.1B332FC1@pp.inet.fi> References: <5.0.2.1.2.20020305111010.01cc1170@pop.tvnet.hu> <3C84E7BF.1B332FC1@pp.inet.fi> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-r9g8LZJRDoAwrIyNBpHO" X-Mailer: Evolution/1.0.2 Date: 05 Mar 2002 17:13:37 +0100 Message-Id: <1015344817.20121.285.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-r9g8LZJRDoAwrIyNBpHO Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-03-05 at 16:43, Jari Ruusu wrote: > Because cryptoapi works with very limited set of kernels, and with none o= f > the ultra stable kernels. Loop-AES works with all maintained stable kerne= ls, > including distro vendor kernels. Meaning that if you use cryptoapi, HVR > chooses your kernel for you. If you use loop-AES, crypto adapts to _your_ > choice of kernel. That is a big difference. ...and with loop-aes, you choose the set of ciphers your users use... ;-) btw, you should have mentioned also that loop-aes is only about the loop block device... while cryptoapi is a _generic_ api, of which the cryptoloop is only one of the possible kernel space applications... > Another disadvantage that cryptoapi loop has, is the cryptoapi bloat that > makes it slower than loop-AES. Loop-AES does not use cryptoapi, and that = is > a feature. btw, I wondering, whether we have any objective measurements of the overhead involved wrt using the additional abstraction layer w/ cryptoapi... regards, --=20 Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 --=-r9g8LZJRDoAwrIyNBpHO Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hO6xSYHgZIg/QUIRAjdsAJ9VZoixd6f4jrvIHMoEs/kOav5VTACeNevT PTJgwsA4GQp4BIb+YNQCjgA= =K9ui -----END PGP SIGNATURE----- --=-r9g8LZJRDoAwrIyNBpHO-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 17:21:55 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:39331 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 17:21:47 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 17:21:41 +0100 (CET) Received: from mta5.snfc21.pbi.net ([IPv6:::ffff:206.13.28.241]:22705 "EHLO mta5.snfc21.pbi.net") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 17:21:20 +0100 Received: from GLOBAL01 ([206.170.209.183]) by mta5.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GSI00LV3DFGHF@mta5.snfc21.pbi.net> for linux-crypto@nl.linux.org; Tue, 05 Mar 2002 08:21:19 -0800 (PST) Date: Tue, 05 Mar 2002 08:19:39 -0800 From: "IT3 Stuart Blake Tener, USNR-R" Subject: RE: difference between jari's and hvr's package In-reply-to: <1015344817.20121.285.camel@janus.txd.hvrlab.org> To: 'Herbert Valerio Riedel' , 'Jari Ruusu' Cc: 'Newsmail' , linux-crypto@nl.linux.org Reply-to: stuart@bh90210.net Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook, Build 10.0.2627 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: stuart@bh90210.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Herbert, et al.: I must admit, I do not clearly understand why something such as the CryptoAPI must live in kernel space? Can a user space implementation of it not exist? Presuming for the sake of understanding that it does need to live in kernel space, if it were written as a module (in much the same way loop-aes is), could it not be made to support a plethora more kernels? Can the CryptoAPI be made to work in user space? The problem (for me) is the fact that it is a kernel patch, and I cannot just plug it into any kernel I need to use it with, this is not a small issue, it is quite critical in my decision. Very Respectfully, Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@bh90210.net west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Tuesday, March 05, 2002 8:17 AM -----Original Message----- From: linux-crypto-bounce@nl.linux.org [mailto:linux-crypto-bounce@nl.linux.org] On Behalf Of Herbert Valerio Riedel Sent: Tuesday, March 05, 2002 8:14 AM To: Jari Ruusu Cc: Newsmail; linux-crypto@nl.linux.org Subject: Re: difference between jari's and hvr's package On Tue, 2002-03-05 at 16:43, Jari Ruusu wrote: > Because cryptoapi works with very limited set of kernels, and with none of > the ultra stable kernels. Loop-AES works with all maintained stable kernels, > including distro vendor kernels. Meaning that if you use cryptoapi, HVR > chooses your kernel for you. If you use loop-AES, crypto adapts to _your_ > choice of kernel. That is a big difference. ...and with loop-aes, you choose the set of ciphers your users use... ;-) btw, you should have mentioned also that loop-aes is only about the loop block device... while cryptoapi is a _generic_ api, of which the cryptoloop is only one of the possible kernel space applications... > Another disadvantage that cryptoapi loop has, is the cryptoapi bloat that > makes it slower than loop-AES. Loop-AES does not use cryptoapi, and that is > a feature. btw, I wondering, whether we have any objective measurements of the overhead involved wrt using the additional abstraction layer w/ cryptoapi... regards, -- Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 17:50:45 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:35751 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 17:50:32 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 17:50:13 +0100 (CET) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:51719 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 17:49:56 +0100 Received: from amon by angusbay.vnl.com with local (Exim 3.22 #1) id 16iIG7-0003lx-00 (Debian); Tue, 05 Mar 2002 16:57:51 +0000 Date: Tue, 5 Mar 2002 16:57:51 +0000 From: Dale Amon To: linux-crypto@nl.linux.org Subject: Re: difference between jari's and hvr's package Message-ID: <20020305165751.GR10683@vnl.com> Mail-Followup-To: Dale Amon , linux-crypto@nl.linux.org References: <1015344817.20121.285.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i X-Operating-System: Linux, the choice of a GNU generation X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Tue, Mar 05, 2002 at 08:19:39AM -0800, IT3 Stuart Blake Tener, USNR-R wrote: > I must admit, I do not clearly understand why something such as > the CryptoAPI must live in kernel space? Can a user space implementation > of it not exist? That is the current problem. Many user space applications have their own implimentations. There are different libraries you can compile with in user space. You could possibly do an efficient user-space file crypto file system in a microkernel architecture. But that would not help you. File systems are just not portable. They have to implimented under each OS on which they are used because efficiency is required, different OS's have different abstractions, etc. It *might* be possible to write a portable file system emulator in user space. But it would be slow, slow, slow as it would be essentially a loopback file operated on in user space. I don't even want to imagine how many context swaps would be involved in looking at a file. > Presuming for the sake of understanding that it does need to > live in kernel space, if it were written as a module (in much the same > way loop-aes is), could it not be made to support a plethora more > kernels? It is part of the kernel because it isn't only a file system. It is an encryption/decryption Application Programmer Interface that can be utilized by other modules or by OS calls from application programs. It just happens that it *also* supports a *linux* loopback file system. > Can the CryptoAPI be made to work in user space? I stated this above, but I'll also add that I prefer the security of one single well audited common toolset compiled into the kernel. I don't even use modular kernels. I've been told by some "former blackhat" friends that fiddling the kernel via a module was one of their favorite backdoor tricks. He could do it without a reboot that someone would probably notice, and it then hid everything he did from normal user space tools. > The problem (for me) is the fact that it is a kernel patch, and > I cannot just plug it into any kernel I need to use it with, this is not > a small issue, it is quite critical in my decision. Herbert is dealing with this. Personally I've never found it a problem (except for the period in which the core 2.4 loopback in linux was broken). Typically the patches work for many versions. I've never been left uncovered except for that one broken at birth 2.4 kernel (2.4.14 or something?) -- ------------------------------------------------------ Nuke bin Laden: Dale Amon, CEO/MD improve the global Islandone Society gene pool. www.islandone.org ------------------------------------------------------ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 18:58:03 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:27835 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 18:57:57 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 18:57:48 +0100 (CET) Received: from smtp018.mail.yahoo.com ([IPv6:::ffff:216.136.174.115]:17680 "HELO smtp018.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Tue, 5 Mar 2002 18:57:30 +0100 Received: from paul?hilton (AUTH login) at pool-151-203-237-8.bos.east.verizon.net (HELO pcmhnew) (paul?hilton@151.203.237.8) by smtp.mail.vip.sc5.yahoo.com with SMTP; 5 Mar 2002 17:50:26 -0000 Message-ID: <022a01c1c46d$e22f13e0$6601a8c0@pcmhnew> From: "Paul Hilton" To: References: <5.0.2.1.2.20020305111010.01cc1170@pop.tvnet.hu> Subject: Re: difference between jari's and hvr's package Date: Tue, 5 Mar 2002 12:47:55 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: paul_hilton@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org "Newsmail" wrote: > I would like to ask, what is the real difference between the crypto api > package of hvr (the new testing releases for new kernels), and the loop-AES > package of jari. Today I see that we can use other ciphers with loop-AES > just like with cryptoapi. then where is the real difference? we can compile > loop-AES to the kernel just like cryptoapi. I dont really understand why > there are 2 releases evoluting together. could someone explain me please? > greg An opinion, FWIW. My operating system is sprouting crypto software all over the place, Loopback filesystem, SSL (TLS), mail utilities, perl stuff etc. etc. They all seem to use their own crypto software, I would really like it if the regular kernel required no patches for crypto api, and required only modules with the actual algorithms (which those who don't like modular kernels can build in.) This would keep the kernel politically cryto free, and yet make it easy to fix. As it is I keep rebuilding kernels with the wrong versions of crypto api patches and hoping it will work, turning off and ignoring warnings, this is not very satisfactory. Meanwhile if you want a crypto filesystem loop-AES seems to be easier to install, and works fine, the alternate ciphers strengthen it's usefulness a lot. Regards, Paul Hilton _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 19:46:01 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:21447 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 19:45:51 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 19:45:43 +0100 (CET) Received: from bpdcwm01.bpcl.broadband.hu ([IPv6:::ffff:195.184.181.2]:47307 "EHLO mx01.broadband.hu") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 19:45:28 +0100 Received: from kain.satimex.tvnet.hu (gep427-4530.bp13catv.broadband.hu [80.98.31.185]) by mx01.broadband.hu (Postfix) with ESMTP id 990C130DC8 for ; Tue, 5 Mar 2002 19:45:26 +0100 (MET) Message-Id: <5.0.2.1.2.20020305193904.01d56118@pop.tvnet.hu> X-Sender: newsmail@pop.tvnet.hu X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Tue, 05 Mar 2002 19:43:14 +0100 To: linux-crypto@nl.linux.org From: Newsmail Subject: journaling file systems Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: newsmail@satimex.tvnet.hu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org thx jaari for yar answer to my previous mail. Device backed loop device can be used with journaling file systems as device backed loops guarantee that writes reach disk platters in order required by journaling file system (write caching must be disabled on the disk drive, of course). that is what I read in the readme of loop-AES. I presume device backed loop device means that the entire device or partition is on the loop device, and it does not reside in a file. what's up with this write caching thingie. I cant make a reiserfs filesystem on an encrypted device if I dont disable write caching? what will be the effect if I dont disable it? other question: if I remember I read something that there are ways to compile loop aes to the kernel. is there a way to compile the new twofish/blowfish/serpent modules to the kernel as well? regards, greg - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 20:38:13 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:34003 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 20:38:06 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 20:37:58 +0100 (CET) Received: from petkele.almamedia.fi ([IPv6:::ffff:194.215.205.158]:19181 "HELO petkele.almamedia.fi") by humbolt.nl.linux.org with SMTP id ; Tue, 5 Mar 2002 20:37:39 +0100 Received: (qmail 10689 invoked from network); 5 Mar 2002 19:37:35 -0000 Received: from dyn-r-201.yhteys.mtv3.fi (HELO pp.inet.fi) (62.237.18.201) by petkele.almamedia.fi with SMTP; 5 Mar 2002 19:37:35 -0000 Message-ID: <3C851E57.3CF8F52A@pp.inet.fi> Date: Tue, 05 Mar 2002 21:36:55 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Newsmail CC: linux-crypto@nl.linux.org Subject: Re: journaling file systems References: <5.0.2.1.2.20020305193904.01d56118@pop.tvnet.hu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Newsmail wrote: > I presume device backed loop > device means that the entire device or partition is on the loop device, and > it does not reside in a file. Device backed means using a partition, example: losetup -e AES128 /dev/loop0 /dev/hda4 ^^^^^^^^^ File backed means using a file that resides on some filesystem, example: losetup -e AES128 /dev/loop0 /home/jari/.my-secret-stuff ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > what's up with this write caching thingie. I > cant make a reiserfs filesystem on an encrypted device if I dont disable > write caching? what will be the effect if I dont disable it? If hard disk re-orders writes as a result of write caching, journal and/or data may get corrupted under some circumstances. That applies both to unencrypted and encrypted partitions. > other question: if I remember I read something that there are ways to > compile loop aes to the kernel. is there a way to compile the new > twofish/blowfish/serpent modules to the kernel as well? Yes, if you merge them to your kernel yourself. I prefer to keep them as modules. They are easier to compile for all supported kernels as modules. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Mar 5 20:56:44 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:23004 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 20:56:30 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Mar 2002 20:56:21 +0100 (CET) Received: from mta5.snfc21.pbi.net ([IPv6:::ffff:206.13.28.241]:50891 "EHLO mta5.snfc21.pbi.net") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Mar 2002 20:56:01 +0100 Received: from GLOBAL01 ([206.170.209.183]) by mta5.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GSI00KDRND41S@mta5.snfc21.pbi.net> for linux-crypto@nl.linux.org; Tue, 05 Mar 2002 11:55:59 -0800 (PST) Date: Tue, 05 Mar 2002 11:54:14 -0800 From: "IT3 Stuart Blake Tener, USNR-R" Subject: RE: journaling file systems In-reply-to: <3C851E57.3CF8F52A@pp.inet.fi> To: 'Jari Ruusu' , 'Newsmail' Cc: linux-crypto@nl.linux.org Reply-to: stuart@bh90210.net Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook, Build 10.0.2627 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: stuart@bh90210.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Mr. Ruusu, et al.: One has to wonder why the CryptoAPI cannot be made to function in a manner such that loop-aes does with respect to being more modular. If CryptoAPI was modular in the manner that loop-aes was, I think its usage would be much more accepted. Very Respectfully, Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@bh90210.net west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Tuesday, March 05, 2002 11:44 AM -----Original Message----- From: linux-crypto-bounce@nl.linux.org [mailto:linux-crypto-bounce@nl.linux.org] On Behalf Of Jari Ruusu Sent: Tuesday, March 05, 2002 11:37 AM To: Newsmail Cc: linux-crypto@nl.linux.org Subject: Re: journaling file systems Newsmail wrote: > I presume device backed loop > device means that the entire device or partition is on the loop device, and > it does not reside in a file. Device backed means using a partition, example: losetup -e AES128 /dev/loop0 /dev/hda4 ^^^^^^^^^ File backed means using a file that resides on some filesystem, example: losetup -e AES128 /dev/loop0 /home/jari/.my-secret-stuff ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > what's up with this write caching thingie. I > cant make a reiserfs filesystem on an encrypted device if I dont disable > write caching? what will be the effect if I dont disable it? If hard disk re-orders writes as a result of write caching, journal and/or data may get corrupted under some circumstances. That applies both to unencrypted and encrypted partitions. > other question: if I remember I read something that there are ways to > compile loop aes to the kernel. is there a way to compile the new > twofish/blowfish/serpent modules to the kernel as well? Yes, if you merge them to your kernel yourself. I prefer to keep them as modules. They are easier to compile for all supported kernels as modules. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Mar 6 06:13:17 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:63880 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 06:13:06 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 06 Mar 2002 06:12:28 +0100 (CET) Received: from mta04bw.bigpond.com ([IPv6:::ffff:139.134.6.87]:61894 "EHLO mta04bw.bigpond.com") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 06:12:11 +0100 Received: from there ([144.135.24.81]) by mta04bw.bigpond.com (Netscape Messaging Server 4.15) with SMTP id GSJD4700.0GY; Wed, 6 Mar 2002 15:12:07 +1000 Received: from CPE-144-132-71-99.vic.bigpond.net.au ([144.132.71.99]) by bwmam05.mailsvc.email.bigpond.com(MailRouter V3.0i 38/225548); 06 Mar 2002 15:12:07 Content-Type: text/plain; charset="iso-8859-1" From: Justin To: stuart@bh90210.net, 'Jari Ruusu' , 'Newsmail' Subject: Re: journaling file systems Date: Wed, 6 Mar 2002 16:04:51 +1100 X-Mailer: KMail [version 1.3.2] Cc: linux-crypto@nl.linux.org References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020306051214Z16225-24253+927@humbolt.nl.linux.org> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: aa2@bigpond.net.au Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Wednesday 06 March 2002 06:54, IT3 Stuart Blake Tener, USNR-R wrote: > Mr. Ruusu, et al.: > > One has to wonder why the CryptoAPI cannot be made to function > in a manner such that loop-aes does with respect to being more modular. > If CryptoAPI was modular in the manner that loop-aes was, I think its > usage would be much more accepted. If Crypto-API was just a part of the normal linux kernel, wouldn't that make it far easier? Then loop-aes could concentrate on using the Crypto-API hooks, and not have to worry about providing the encryption services too. ??? Regards and best wishes, Justin Clift > > > Very Respectfully, > > Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG > Beverly Hills, California > VTU 1904G (Volunteer Training Unit) > stuart@bh90210.net > west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 > east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Mar 6 06:40:13 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:27538 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 06:40:06 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 06 Mar 2002 06:39:59 +0100 (CET) Received: from mta7.pltn13.pbi.net ([IPv6:::ffff:64.164.98.8]:53893 "EHLO mta7.pltn13.pbi.net") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 06:39:36 +0100 Received: from GLOBAL01 ([206.170.210.200]) by mta7.pltn13.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GSJ00HRBEDW57@mta7.pltn13.pbi.net> for linux-crypto@nl.linux.org; Tue, 05 Mar 2002 21:39:34 -0800 (PST) Date: Tue, 05 Mar 2002 21:37:54 -0800 From: "IT3 Stuart Blake Tener, USNR-R" Subject: RE: journaling file systems In-reply-to: <20020306051214Z16225-24253+927@humbolt.nl.linux.org> To: 'Justin' , 'Jari Ruusu' , 'Newsmail' Cc: linux-crypto@nl.linux.org Reply-to: stuart@bh90210.net Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook, Build 10.0.2627 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: stuart@bh90210.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Mr. Clift: Yes, I most affermatively agree with that position. However, I was of the impression that legal barriers (not just in the US, but other countries as well) prevented such a scenario from being effective without a realistic degradation in the ability to import / export the Linus kernel to with such countries having such legal barriers with regard to import / export controls in place. Now if you are saying that instead of having the actual cryptographic code in the kernel, but merely calls to advantage onesself of whatever they had loaded into memory in the way of crytographic code via a loadable module then this is indeed a superior methodology and I would support its implementation most immediately, though I am unfamiliar with the legal aspects of such a scenario or why Linus has not contemplated such a scenario in the past. Perhaps one of the listmembers will be able to offer up some wisdom as to why this solution (as described above) has not yet been considered, or at what point and why it was decided as not being a viable solution. Very Respectfully, Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@bh90210.net west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Tuesday, March 05, 2002 9:34 PM -----Original Message----- From: linux-crypto-bounce@nl.linux.org [mailto:linux-crypto-bounce@nl.linux.org] On Behalf Of Justin Sent: Tuesday, March 05, 2002 9:05 PM To: stuart@bh90210.net; 'Jari Ruusu'; 'Newsmail' Cc: linux-crypto@nl.linux.org Subject: Re: journaling file systems On Wednesday 06 March 2002 06:54, IT3 Stuart Blake Tener, USNR-R wrote: > Mr. Ruusu, et al.: > > One has to wonder why the CryptoAPI cannot be made to function > in a manner such that loop-aes does with respect to being more modular. > If CryptoAPI was modular in the manner that loop-aes was, I think its > usage would be much more accepted. If Crypto-API was just a part of the normal linux kernel, wouldn't that make it far easier? Then loop-aes could concentrate on using the Crypto-API hooks, and not have to worry about providing the encryption services too. ??? Regards and best wishes, Justin Clift > > > Very Respectfully, > > Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG > Beverly Hills, California > VTU 1904G (Volunteer Training Unit) > stuart@bh90210.net > west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 > east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Mar 6 07:27:04 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:45723 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 07:26:50 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 06 Mar 2002 07:26:38 +0100 (CET) Received: from mta05bw.bigpond.com ([IPv6:::ffff:139.134.6.95]:16875 "EHLO mta05bw.bigpond.com") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 07:26:14 +0100 Received: from there ([144.135.24.81]) by mta05bw.bigpond.com (Netscape Messaging Server 4.15) with SMTP id GSJGJM00.ASX; Wed, 6 Mar 2002 16:26:10 +1000 Received: from CPE-144-132-71-99.vic.bigpond.net.au ([144.132.71.99]) by bwmam05.mailsvc.email.bigpond.com(MailRouter V3.0i 38/327896); 06 Mar 2002 16:26:10 Content-Type: text/plain; charset="iso-8859-1" From: Justin To: stuart@bh90210.net, 'Jari Ruusu' , 'Newsmail' Subject: Re: journaling file systems Date: Wed, 6 Mar 2002 17:18:54 +1100 X-Mailer: KMail [version 1.3.2] Cc: linux-crypto@nl.linux.org References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020306062622Z16380-24253+944@humbolt.nl.linux.org> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: aa2@bigpond.net.au Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi Stuart, On Wednesday 06 March 2002 16:37, IT3 Stuart Blake Tener, USNR-R wrote: > Mr. Clift: > > Yes, I most affermatively agree with that position. However, I > was of the impression that legal barriers (not just in the US, but other > countries as well) prevented such a scenario from being effective > without a realistic degradation in the ability to import / export the > Linus kernel to with such countries having such legal barriers with > regard to import / export controls > in place. I was aware that some countries would have a problem with the kernel code having the full cryptographic code in it. Does anyone know of a definitive list of countries where it truly wouldn't be acceptable these days? > Now if you are saying that instead of having the actual > cryptographic code in the kernel, but merely calls to advantage onesself > of whatever they had loaded into memory in the way of crytographic code > via a loadable module then this is indeed a superior methodology and I > would support its implementation most immediately, though I am > unfamiliar with the legal aspects of such a scenario or why Linus has > not contemplated such a scenario in the past. I wasn't suggesting merely having hooks. Although there are arguments for and against this, I think everyone most everyone agree's the best solution possible would be to have the cryptoAPi softteare completely implemented and available in the kernel. As has also been mentioned many times, this would not be acceptable in some countries. Given this wasn't a barrier, I wonder what would stop CryptoAPI from being included as part of the normal kernel? Regards and best wishes, Justin Clift > Very Respectfully, > > Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG > Beverly Hills, California > VTU 1904G (Volunteer Training Unit) > stuart@bh90210.net > west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 > east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Mar 6 09:37:42 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:35765 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 09:37:25 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 06 Mar 2002 09:36:46 +0100 (CET) Received: from mta7.pltn13.pbi.net ([IPv6:::ffff:64.164.98.8]:31153 "EHLO mta7.pltn13.pbi.net") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 09:36:20 +0100 Received: from GLOBAL01 ([206.170.209.148]) by mta7.pltn13.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GSJ007HIMDCC9@mta7.pltn13.pbi.net> for linux-crypto@nl.linux.org; Wed, 06 Mar 2002 00:32:33 -0800 (PST) Date: Wed, 06 Mar 2002 00:30:21 -0800 From: "IT3 Stuart Blake Tener, USNR-R" Subject: RE: journaling file systems / Crypto in Linux In-reply-to: <200203060626.g266QIS19753@monster.misty.com> To: 'Justin' , 'Jari Ruusu' , 'Newsmail' Cc: linux-crypto@nl.linux.org Reply-to: stuart@bh90210.net Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook, Build 10.0.2627 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: stuart@bh90210.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Mr. Clift: There are definitely some countries that are willing and able to block the distribution of a Linux kernel so encapsulating encryption technologies within its core architecture (even the US has done this at times). It is however my personal understanding of the existing legislative climate (in the US at least) that a Linux kernel inclusive of an encryption API, and separate module loadable algorithms (not distributed with the kernel) is ripe in the instant moment, and may well not be an option in the future if legislation (under consideration currently by the US congress, and I am sure other legislative bodies in other political states) is enacted. Thus, the inclusion by Linus of at minimum an encryption API able to support encryption algorithms loaded via a module architecture is the most attractive adoption of encryption by the Linux kernel in order to not give impetus to political states to subvert and retard the distribution of Linux throughout the world. Having such an API inclusive to the kernel, general enough to allow it to implement encryption algorithms of a very broad spectrum would resolve an issue long hanging over the Linux kernel. At some point the maintainers with control over what goes in the kernel (Linus, Alan Cox, etc.) must accept the idea that if Linux is absent such technology its use and acceptance by users will be retarded absent the assistance of disruptive legislative action by a political state. So which is better? Prevent Linux from having an API within its source code, and allow it to be distributed worldwide absent disruptive actions by political states and cause those interested in Linux to choose not to use it based on that fact, or have a Linux which has strong encryption but cannot be freely distributed? Neither! So what do I propose? A very interesting hybrid! What ought to be done is for Linus (not Herbert, no offense Herbert) to create a crypto version of the kernel. This version of the kernel might be subject to restrictive licensing or importation / exportation limits, however would not impact the ability of Linus and friends to continue to distribute the non-crypto kernel, which would be the same as the crypto version absent the crypto code. Further discussion (legal and technological) would have to be employed to determine if this crypto kernel would be inclusive of the actual algorithms or not, but that we can save for a latter debate, as this would initially fix some problems with the acceptance of encryption technologies (i.e. an API) as being a standard within the Linux community. The virtual software constitution (i.e. the "GPL") espousing political, intellectual, and legal freedom for Linux can be preserved while still enabling the greater Linux community to experience both the current non-crypto and perhaps future crypto-kernel versions. Thus, only by having an officially disseminated crypto and non-crypto versions of the kernel can we assure ourselves that political states will not choose to retard the overall distribution of the Linux kernel to an extent able to totally prevent Linux from entering all those political states it currently has the freedom to enter in a non-crypto state. Very Respectfully, Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@bh90210.net west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Wednesday, March 06, 2002 12:25 AM -----Original Message----- From: Justin [mailto:aa2@bigpond.net.au] Sent: Tuesday, March 05, 2002 10:19 PM To: stuart@bh90210.net; 'Jari Ruusu'; 'Newsmail' Cc: linux-crypto@nl.linux.org Subject: Re: journaling file systems Hi Stuart, On Wednesday 06 March 2002 16:37, IT3 Stuart Blake Tener, USNR-R wrote: > Mr. Clift: > > Yes, I most affermatively agree with that position. However, I > was of the impression that legal barriers (not just in the US, but other > countries as well) prevented such a scenario from being effective > without a realistic degradation in the ability to import / export the > Linus kernel to with such countries having such legal barriers with > regard to import / export controls > in place. I was aware that some countries would have a problem with the kernel code having the full cryptographic code in it. Does anyone know of a definitive list of countries where it truly wouldn't be acceptable these days? > Now if you are saying that instead of having the actual > cryptographic code in the kernel, but merely calls to advantage onesself > of whatever they had loaded into memory in the way of crytographic code > via a loadable module then this is indeed a superior methodology and I > would support its implementation most immediately, though I am > unfamiliar with the legal aspects of such a scenario or why Linus has > not contemplated such a scenario in the past. I wasn't suggesting merely having hooks. Although there are arguments for and against this, I think everyone most everyone agree's the best solution possible would be to have the cryptoAPi softteare completely implemented and available in the kernel. As has also been mentioned many times, this would not be acceptable in some countries. Given this wasn't a barrier, I wonder what would stop CryptoAPI from being included as part of the normal kernel? Regards and best wishes, Justin Clift > Very Respectfully, > > Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG > Beverly Hills, California > VTU 1904G (Volunteer Training Unit) > stuart@bh90210.net > west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 > east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Mar 6 15:08:43 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:53123 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 15:08:38 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 06 Mar 2002 15:08:20 +0100 (CET) Received: from spsystems.net ([IPv6:::ffff:209.47.149.227]:31506 "EHLO spsystems.net") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 15:08:00 +0100 Received: (from henry@localhost) by spsystems.net (8.9.3/8.9.3) id JAA25087; Wed, 6 Mar 2002 09:07:46 -0500 (EST) Date: Wed, 6 Mar 2002 09:07:46 -0500 (EST) From: Henry Spencer To: "IT3 Stuart Blake Tener, USNR-R" cc: linux-crypto@nl.linux.org Subject: RE: journaling file systems In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: henry@spsystems.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Tue, 5 Mar 2002, IT3 Stuart Blake Tener, USNR-R wrote: > Now if you are saying that instead of having the actual > cryptographic code in the kernel, but merely calls to advantage onesself > of whatever they had loaded into memory in the way of crytographic code > via a loadable module then this is indeed a superior methodology and I > would support its implementation most immediately, though I am > unfamiliar with the legal aspects of such a scenario or why Linus has > not contemplated such a scenario in the past. Certain countries -- most notably the US -- consider any software with a "crypto-shaped hole" in it to be equivalent to crypto software for purposes of export controls; the buzzword is "enabling technologies". Any code that is there solely or primarily to support use of cryptography is covered. Whether "actual cryptographic code" is included or not does not make much of a difference to export status. The only way to avoid this is to provide a more general-purpose interface that clearly has other uses (i.e., other uses are actually implemented, not just talked about). That's quite a bit harder to do. Henry Spencer henry@spsystems.net - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Mar 6 19:53:25 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:20670 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 19:53:15 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 06 Mar 2002 19:53:00 +0100 (CET) Received: from smtp013.mail.yahoo.com ([IPv6:::ffff:216.136.173.57]:61700 "HELO smtp013.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Wed, 6 Mar 2002 19:52:44 +0100 Received: from paul?hilton (AUTH login) at pool-151-203-237-8.bos.east.verizon.net (HELO pcmhnew) (paul?hilton@151.203.237.8) by smtp.mail.vip.sc5.yahoo.com with SMTP; 6 Mar 2002 18:52:35 -0000 Message-ID: <002d01c1c540$0b0154e0$6601a8c0@pcmhnew> From: "Paul Hilton" To: References: Subject: Re: journaling file systems Date: Wed, 6 Mar 2002 13:52:18 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: paul_hilton@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org The loopback device seems established in the kernel now, and cryptoapi has to modify it by patches (fairly minor patches it seems), but the interface to some sort of processing software in the loop would surely be a good place to put, for example, disk compression, I don't care that I have to add crypto modules to the kernel to make crypto work, what I do care about is having to patch the existing kernel, with all the version problems that results in. Whether the "actual cryptographic code" is in the distribution may not make much difference to US export status, but it seems to me it makes quite a big difference to Import status in, for example, France. Paul Hilton > > Certain countries -- most notably the US -- consider any software with a > "crypto-shaped hole" in it to be equivalent to crypto software for > purposes of export controls; the buzzword is "enabling technologies". Any > code that is there solely or primarily to support use of cryptography is > covered. Whether "actual cryptographic code" is included or not does not > make much of a difference to export status. > > The only way to avoid this is to provide a more general-purpose interface > that clearly has other uses (i.e., other uses are actually implemented, > not just talked about). That's quite a bit harder to do. > > Henry Spencer > henry@spsystems.net > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Mar 6 20:05:20 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:16068 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 20:05:12 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 06 Mar 2002 20:05:01 +0100 (CET) Received: from c000-h007.c000.snv.cp.net ([IPv6:::ffff:209.228.32.71]:62410 "HELO c000.snv.cp.net") by humbolt.nl.linux.org with SMTP id convert rfc822-to-8bit; Wed, 6 Mar 2002 20:04:22 +0100 Received: (cpmta 24806 invoked from network); 6 Mar 2002 11:04:16 -0800 Received: from 129.70.36.163 (HELO dirichlet.mathematik.uni-bielefeld.de) by smtp.mutz.com (209.228.32.71) with SMTP; 6 Mar 2002 11:04:16 -0800 X-Sent: 6 Mar 2002 19:04:16 GMT Content-Type: text/plain; charset="us-ascii" From: Marc Mutz To: stuart@bh90210.net, 'Jari Ruusu' , 'Newsmail' Subject: Re: journaling file systems Date: Wed, 6 Mar 2002 13:08:03 +0100 X-Mailer: KMail [version 1.3.99] Cc: linux-crypto@nl.linux.org References: In-Reply-To: Organization: Bielefeld University - Department of Physics X-PGP-Key: 0xBDBFE838 MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Message-Id: <200203061308.05220@sendmail.mutz.com> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Marc.Mutz@uni-bielefeld.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 05 March 2002 20:54, IT3 Stuart Blake Tener, USNR-R wrote: > One has to wonder why the CryptoAPI cannot be made to function > in a manner such that loop-aes does with respect to being more > modular. If CryptoAPI was modular in the manner that loop-aes was, I > think its usage would be much more accepted. This was discussed many times already on this very list. The short answer is: cryptoAPI introduces a new interface to the kernel, loop-aes only uses existing (and stable) interfaces already in the vanilla kernel. The long answer is: Read the archives. Marc - -- Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8hgaj3oWD+L2/6DgRAhZfAKD9TtLXUIizVBKZDfBel5Rg8mfgNQCg+RQN teADjgBV+4zGfTpIqwXAKW8= =Md/n -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Mar 6 20:05:29 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:41156 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 6 Mar 2002 20:05:17 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 06 Mar 2002 20:05:11 +0100 (CET) Received: from c000-h007.c000.snv.cp.net ([IPv6:::ffff:209.228.32.71]:62666 "HELO c000.snv.cp.net") by humbolt.nl.linux.org with SMTP id convert rfc822-to-8bit; Wed, 6 Mar 2002 20:04:22 +0100 Received: (cpmta 24754 invoked from network); 6 Mar 2002 11:04:11 -0800 Received: from 129.70.36.163 (HELO dirichlet.mathematik.uni-bielefeld.de) by smtp.mutz.com (209.228.32.71) with SMTP; 6 Mar 2002 11:04:11 -0800 X-Sent: 6 Mar 2002 19:04:11 GMT Content-Type: text/plain; charset="us-ascii" From: Marc Mutz To: Newsmail , linux-crypto@nl.linux.org Subject: Re: difference between jari's and hvr's package Date: Wed, 6 Mar 2002 12:55:35 +0100 X-Mailer: KMail [version 1.3.99] References: <5.0.2.1.2.20020305111010.01cc1170@pop.tvnet.hu> In-Reply-To: <5.0.2.1.2.20020305111010.01cc1170@pop.tvnet.hu> Organization: Bielefeld University - Department of Physics X-PGP-Key: 0xBDBFE838 MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Message-Id: <200203061255.36723@sendmail.mutz.com> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Marc.Mutz@uni-bielefeld.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: