From linux-crypto-bounce@nl.linux.org Sat Jun 1 14:09:03 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:48575 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 1 Jun 2002 14:08:50 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 01 Jun 2002 14:07:51 +0200 (CEST) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:25612 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 1 Jun 2002 14:07:16 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.35 #1) id 17E7gP-0001y7-00 (Debian); Sat, 01 Jun 2002 13:08:33 +0100 Date: Sat, 1 Jun 2002 13:08:33 +0100 From: Dale Amon To: mutex Cc: linux-crypto@nl.linux.org Subject: Re: new article/howto for cryptoapi Message-ID: <20020601120833.GH17241@vnl.com> Mail-Followup-To: Dale Amon , mutex , linux-crypto@nl.linux.org References: <1022866679.16027.9.camel@andromeda> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1022866679.16027.9.camel@andromeda> User-Agent: Mutt/1.3.28i X-Operating-System: Linux, the choice of a GNU generation X-Spam-Status: No, hits=-3.8 required=5.0 tests=IN_REP_TO,TO_LOCALPART_EQ_REAL version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Fri, May 31, 2002 at 11:37:59AM -0600, mutex wrote: > Ok, so here is my howto/article about installing and using the CryptoAPI > for loopback encryption. It was originally written article style, to be An item to discuss: in the HowTo you write the original file: dd /dev/urandom .... I usually use a /dev/zero here, and then after a losetup write the new file system with another dd. Sometimes I use the /dev/urandom here if I feel particularly like getting more mixing, but otherwise another 'dd /dev/zero ...' should be nearly as good since the zeroes are being encrypted at this point, so the file externally will look as random as the actual encryption algorithm allows. This has been discussed here a number of times previously and is my current understanding of best practice. Comments? - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jun 1 15:41:50 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:37326 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 1 Jun 2002 15:41:31 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 01 Jun 2002 15:41:24 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:1038 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 1 Jun 2002 15:40:50 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g51DekM15002 for linux-crypto@nl.linux.org; Sat, 1 Jun 2002 09:40:46 -0400 Date: Sat, 1 Jun 2002 09:40:46 -0400 From: Jean-Luc Cooke To: linux-crypto@nl.linux.org Subject: Re: new article/howto for cryptoapi Message-ID: <20020601094046.A14993@certainkey.com> References: <1022866679.16027.9.camel@andromeda> <20020601120833.GH17241@vnl.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020601120833.GH17241@vnl.com>; from amon@vnl.com on Sat, Jun 01, 2002 at 01:08:33PM +0100 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org /dev/random should be used insince the CBC IV's decided upon right here. And random IV's are a good thing. :) JLC On Sat, Jun 01, 2002 at 01:08:33PM +0100, Dale Amon wrote: > On Fri, May 31, 2002 at 11:37:59AM -0600, mutex wrote: > > Ok, so here is my howto/article about installing and using the CryptoAPI > > for loopback encryption. It was originally written article style, to be > > An item to discuss: in the HowTo you write the original file: > > dd /dev/urandom .... > > I usually use a /dev/zero here, and then after a losetup write the > new file system with another dd. Sometimes I use the /dev/urandom > here if I feel particularly like getting more mixing, but otherwise > another 'dd /dev/zero ...' should be nearly as good since the zeroes > are being encrypted at this point, so the file externally will look > as random as the actual encryption algorithm allows. > > This has been discussed here a number of times previously and > is my current understanding of best practice. > > Comments? > > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 2 15:38:28 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:32486 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 2 Jun 2002 15:38:08 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 02 Jun 2002 15:37:23 +0200 (CEST) Received: from zagorka.techno-link.com ([IPv6:::ffff:212.36.5.194]:41479 "HELO sz.techno-link.com") by humbolt.nl.linux.org with SMTP id ; Sun, 2 Jun 2002 15:36:40 +0200 Received: (qmail 15998 invoked from network); 2 Jun 2002 13:36:33 -0000 Received: from pool14-szg.techno-link.com (HELO smash.it.local) (212.36.5.189) by zagorka.techno-link.com with SMTP; 2 Jun 2002 13:36:33 -0000 Received: from r by smash.it.local with local (Exim 3.22 #1 (Debian)) id 17EVX3-00007E-00 for ; Sun, 02 Jun 2002 16:36:29 +0300 Date: Sun, 2 Jun 2002 16:36:29 +0300 From: Pavel Minev Penev To: mailing-list - linux-crypto Subject: Re: kerneli patch and aes over loopback Message-ID: <20020602163629.A411@sz.techno-link.com> Reply-To: linux-crypto@nl.linux.org Mail-Followup-To: mailing-list - linux-crypto References: <1015814006.421.37.camel@milet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1015814006.421.37.camel@milet> User-Agent: Mutt/1.3.23i X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kal_pav@sz.techno-link.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Mon, Mar 11, 2002 at 03:33:21AM +0100, m96 wrote: > 1) is there is a way to specify the aes encryption with whatever key > length over the command line? like: > > losetup -e aes128 /dev/loop0 crypto > > because this gives the error: > > The cipher does not exist, or a cipher module needs to be loaded into > the kernel > ioctl: LOOP_SET_STATUS: Invalid argument > > but my /proc/crypto/cipher/ shows: > > -r--r--r-- 1 root root 0 Mar 11 03:28 aes-cbc > -r--r--r-- 1 root root 0 Mar 11 03:28 aes-ecb > > > if i only give the following line losetup asks me which key length i > want to use: > > losetup -e aes /dev/loop0 crypto > Available keysizes (bits): 128 192 256 > Keysize: > > this way i can't use the '-p' option of losetup to get the passwd over > file descriptor. and that's bad..... Yes. You should use `losetup -e cipher -k keysize /dev/loopDEV path_to_underlying_file`. See losetup(8). You pass the cipher name to the "-k" option, and there is no cipher named "aes128". > 2) is there a way to find out if the given passwd is correct or not > before trying to mount the fs and notice that mounting fails because of > bad passwd? something like.... > > mount: wrong fs type, bad option, bad superblock on /dev/loop0, > or too many mounted file systems I hope there isn't. And there shouldn't be -- the puprpose of cryptography is to make your data accessable only to those who know the password, if there was a way to tell if a password is invalid, there would have been a way to brute force your encrypted partition (a character in a password usually give about 5 bits of data, and thus an 8-character password gives 5*8 = 40 bits which is breakable, and far less secure than a 256-bit crypto key). > 3) is there a way to change the passwd? because for example if the user > has the same passwd as the login passwd and now someone find out the > passwd. what now???? is the only solution for this creating a new crypto > file and copying all it's content from one to an other? I'm sure there is, but I don't know it. Success, -- Pav - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 2 19:46:05 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:52115 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 2 Jun 2002 19:45:49 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 02 Jun 2002 19:45:37 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:55310 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Sun, 2 Jun 2002 19:44:55 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g52Hipl27500 for linux-crypto@nl.linux.org; Sun, 2 Jun 2002 13:44:51 -0400 Date: Sun, 2 Jun 2002 13:44:51 -0400 From: Jean-Luc Cooke To: mailing-list - linux-crypto Subject: Re: kerneli patch and aes over loopback Message-ID: <20020602134451.B27435@certainkey.com> References: <1015814006.421.37.camel@milet> <20020602163629.A411@sz.techno-link.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020602163629.A411@sz.techno-link.com>; from kal_pav@sz.techno-link.com on Sun, Jun 02, 2002 at 04:36:29PM +0300 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Sun, Jun 02, 2002 at 04:36:29PM +0300, Pavel Minev Penev wrote: > > 2) is there a way to find out if the given passwd is correct or not > > before trying to mount the fs and notice that mounting fails because of > > bad passwd? something like.... > > > > mount: wrong fs type, bad option, bad superblock on /dev/loop0, > > or too many mounted file systems > > I hope there isn't. And there shouldn't be -- the puprpose of > cryptography is to make your data accessable only to those who know the > password, if there was a way to tell if a password is invalid, there > would have been a way to brute force your encrypted partition > (a character in a password usually give about 5 bits of data, and thus > an 8-character password gives 5*8 = 40 bits which is breakable, and far > less secure than a 256-bit crypto key). H = hash function (sha256) You could store T1 = E_k1(H(k1)) And test that: T2 = D_k2(X) If T2 == H(k2), then there's a good (99.99999) chance that k1 == k2. WRT protecting from dictionary attacks, they will happen no matter that you do with a password based crypto deployment. THis beings me to another question...can loopAES or cryptoloo do password AND file based FS decryption? As in: k = key to filesystem image k = H(password || bytes_of_users_file). I have a USB keychain and would like this "something you have" and "something you know" security added to my "something you are" biometric laptop. JLC > > 3) is there a way to change the passwd? because for example if the user > > has the same passwd as the login passwd and now someone find out the > > passwd. what now???? is the only solution for this creating a new crypto > > file and copying all it's content from one to an other? > > I'm sure there is, but I don't know it. It can be done easily in loopAES since it has a userkey as well as a FSkey. FSkey = key to filesystem Ukey = user's key Ukey = H(password) FSkey = random key) FSkey is stored in FSimage as eFSkey eFSkey = E_Ukey(FSkey) So when you change 'password' you don't have to decrypto the whole FS and re-encrypt in with a new key. Does cryptoloop have this? JLC -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 3 16:01:45 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:62115 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 3 Jun 2002 16:01:26 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 03 Jun 2002 16:00:42 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:6159 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Mon, 3 Jun 2002 16:00:07 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g53Dxia00960; Mon, 3 Jun 2002 09:59:44 -0400 Date: Mon, 3 Jun 2002 09:59:44 -0400 From: Jean-Luc Cooke To: Benjamin Edser , linux-crypto@nl.linux.org Subject: Re: kerneli patch and aes over loopback Message-ID: <20020603095943.A940@certainkey.com> References: <1015814006.421.37.camel@milet> <20020602163629.A411@sz.techno-link.com> <20020602134451.B27435@certainkey.com> <200206031318.18195.ben79@bigpond.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200206031318.18195.ben79@bigpond.net.au>; from ben79@bigpond.net.au on Mon, Jun 03, 2002 at 01:18:18PM +1000 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Correction to everyone. I got confused with some other linux crypto projects I was researching. loopaes nor cryptoloop have seperate user and fskeys. Could the maintainers please comment on the design rational behind this? And Jari as well one the design rational behind not hashing the user password? Thank you JLC On Mon, Jun 03, 2002 at 01:18:18PM +1000, Benjamin Edser wrote: > Hello, > > I'm concerned about your latest post to the linux-crypto list. > > > > It can be done easily in loopAES since it has a userkey as well as a > > FSkey. > > Are you sure? If this is true for loop-AES, then according to hvr it is also > true for cryptoapi (see cryptoloop.txt documentation in crypto-api source > tree) since you can migrate loop-aes to cryptoapi in a trivial manner. > > I seriously doubt that this feature is in cryptoapi (remember cryptoapi is not > just for disk encryption...), and therefore, seriously doubt that it is in > loop-aes. > > Can you recheck this, and also provide the source for your info. > > thanks heaps > Ben -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 3 18:46:11 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:43718 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 3 Jun 2002 18:46:01 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 03 Jun 2002 18:45:46 +0200 (CEST) Received: from hank-fep7-0.inet.fi ([IPv6:::ffff:194.251.242.202]:46769 "EHLO fep07.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Mon, 3 Jun 2002 18:45:15 +0200 Received: from pp.inet.fi ([194.197.67.79]) by fep07.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020603164513.BKRH27340.fep07.tmt.tele.fi@pp.inet.fi>; Mon, 3 Jun 2002 19:45:13 +0300 Message-ID: <3CFB9C6F.536BC89F@pp.inet.fi> Date: Mon, 03 Jun 2002 19:42:23 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Jean-Luc Cooke CC: Benjamin Edser , linux-crypto@nl.linux.org Subject: Re: kerneli patch and aes over loopback References: <1015814006.421.37.camel@milet> <20020602163629.A411@sz.techno-link.com> <20020602134451.B27435@certainkey.com> <200206031318.18195.ben79@bigpond.net.au> <20020603095943.A940@certainkey.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Jean-Luc Cooke wrote: > I got confused with some other linux crypto projects I was > researching. loopaes nor cryptoloop have seperate user and fskeys. You can setup loop-AES to use separate user and fskey. Take a look at example 5 in loop-AES' README file. > Could the maintainers please comment on the design rational behind > this? And Jari as well one the design rational behind not hashing the > user password? Loop-AES can use unhashed password, but that is for backward compatibility only, and is not recommended for new setups. All examples in the loop-AES' README use hashed passwords. RTFM. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jun 5 11:16:53 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:41901 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 5 Jun 2002 11:16:40 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 05 Jun 2002 11:16:11 +0200 (CEST) Received: from bpdcwm01.bpcl.broadband.hu ([IPv6:::ffff:195.184.181.2]:11726 "EHLO mx01.broadband.hu") by humbolt.nl.linux.org with ESMTP id ; Wed, 5 Jun 2002 11:15:46 +0200 Received: from kain.satimex.tvnet.hu (gep70-7305.bp13catv.broadband.hu [213.222.133.253]) by mx01.broadband.hu (Postfix) with ESMTP id 823B830EEB for ; Wed, 5 Jun 2002 11:15:45 +0200 (MET DST) Message-Id: <5.0.2.1.2.20020605111120.01b9f910@pop.tvnet.hu> X-Sender: newsmail@pop.tvnet.hu (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Wed, 05 Jun 2002 11:12:20 +0100 To: linux-crypto@nl.linux.org From: Newsmail Subject: increasing the number of loop devices Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: newsmail@satimex.tvnet.hu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I read in dmesg that the maximum amount of loop devices is 8 actually. is there a way to have more than 8 loop devices? can I add them to /dev or do I have to modify something else? greg - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jun 5 15:06:40 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:56014 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 5 Jun 2002 15:06:25 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 05 Jun 2002 15:05:58 +0200 (CEST) Received: from h195202190178.med.cm.kabsi.at ([IPv6:::ffff:195.202.190.178]:24455 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Wed, 5 Jun 2002 15:04:56 +0200 Received: from janus.txd.hvrlab.org (IDENT:TaV5xuIoTRh3Qky3KKFtYaC6Pn3Go80W@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g55D4pD26556; Wed, 5 Jun 2002 15:04:51 +0200 Subject: Re: increasing the number of loop devices From: Herbert Valerio Riedel To: Newsmail Cc: linux-crypto@nl.linux.org In-Reply-To: <5.0.2.1.2.20020605111120.01b9f910@pop.tvnet.hu> References: <5.0.2.1.2.20020605111120.01b9f910@pop.tvnet.hu> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-I6WorIzh98TSuBkEy/YM" X-Mailer: Ximian Evolution 1.0.5 Date: 05 Jun 2002 15:04:51 +0200 Message-Id: <1023282294.2459.65.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 X-Spam-Status: No, hits=-3.8 required=5.0 tests=IN_REP_TO,TO_LOCALPART_EQ_REAL version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-I6WorIzh98TSuBkEy/YM Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-06-05 at 12:12, Newsmail wrote: > I read in dmesg that the maximum amount of loop devices is 8 actually. is= =20 > there a way to have more than 8 loop devices? can I add them to /dev or d= o=20 > I have to modify something else? you'll have to pass an option to the loop driver;=20 e.g. for stock loop driver as module insmod max_loop=3D16 loop.o in case you wanted 16 loop devices; (the actual maximum you can specify is 256 loop devices -- although there was some off-by-1 error some time ago, by which the maximum allowed was only 255 iirc) then you might eventually need to create additional /dev/loop inodes -- unless you happen to use devfs;=20 MAKEDEV(8) might be of help regards, --=20 Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 --=-I6WorIzh98TSuBkEy/YM Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8/gxzSYHgZIg/QUIRAigDAJ4sTFCYZYWB3+A2GnPx/KT1fIhORACghITA F3QoEyNCPL+mmTEjm8m3RDE= =FztB -----END PGP SIGNATURE----- --=-I6WorIzh98TSuBkEy/YM-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jun 5 16:03:36 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:31448 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 5 Jun 2002 16:03:15 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 05 Jun 2002 16:03:08 +0200 (CEST) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:36876 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Wed, 5 Jun 2002 16:02:41 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.35 #1) id 17FbOH-0004PS-00 (Debian); Wed, 05 Jun 2002 15:03:57 +0100 Date: Wed, 5 Jun 2002 15:03:57 +0100 From: Dale Amon To: Newsmail Cc: linux-crypto@nl.linux.org Subject: Re: increasing the number of loop devices Message-ID: <20020605140357.GB16412@vnl.com> Mail-Followup-To: Dale Amon , Newsmail , linux-crypto@nl.linux.org References: <5.0.2.1.2.20020605111120.01b9f910@pop.tvnet.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.0.2.1.2.20020605111120.01b9f910@pop.tvnet.hu> User-Agent: Mutt/1.3.28i X-Operating-System: Linux, the choice of a GNU generation X-Spam-Status: No, hits=-3.8 required=5.0 tests=IN_REP_TO,TO_LOCALPART_EQ_REAL version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Wed, Jun 05, 2002 at 11:12:20AM +0100, Newsmail wrote: > I read in dmesg that the maximum amount of loop devices is 8 actually. is > there a way to have more than 8 loop devices? can I add them to /dev or do > I have to modify something else? > greg I believe there is a compile time constant in loop.c that controls this. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jun 6 04:42:06 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:15595 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 6 Jun 2002 04:41:48 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 06 Jun 2002 04:41:35 +0200 (CEST) Received: from adsl-216-158-28-251.cust.oldcity.dca.net ([IPv6:::ffff:216.158.28.251]:896 "EHLO fukurou.paranoiacs.org") by humbolt.nl.linux.org with ESMTP id ; Thu, 6 Jun 2002 04:41:03 +0200 Received: (from sluskyb@localhost) by fukurou.paranoiacs.org (8.9.3/8.9.3/Debian 8.9.3-21) id WAA00704; Wed, 5 Jun 2002 22:40:49 -0400 Date: Wed, 5 Jun 2002 22:40:48 -0400 From: Ben Slusky To: Newsmail , linux-crypto@nl.linux.org Cc: Dale Amon Subject: Re: increasing the number of loop devices Message-ID: <20020606024048.GA610@paranoiacs.org> Mail-Followup-To: Newsmail , linux-crypto@nl.linux.org, Dale Amon References: <5.0.2.1.2.20020605111120.01b9f910@pop.tvnet.hu> <20020605140357.GB16412@vnl.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020605140357.GB16412@vnl.com> User-Agent: Mutt/1.3.28i X-Spam-Status: No, hits=-3.8 required=5.0 tests=IN_REP_TO,TO_LOCALPART_EQ_REAL version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sluskyb@paranoiacs.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Wed, 05 Jun 2002 15:03:57 +0100, Dale Amon wrote: > On Wed, Jun 05, 2002 at 11:12:20AM +0100, Newsmail wrote: > > I read in dmesg that the maximum amount of loop devices is 8 actually. is > > there a way to have more than 8 loop devices? can I add them to /dev or do > > I have to modify something else? > > greg > > I believe there is a compile time constant in loop.c that controls > this. Actually it's a kernel parameter: max_loop. I boot with max_loop=16. -- Ben Slusky | "The pyramid is opening!" sluskyb@stwing.org | "Which one?" sluskyb@paranoiacs.org | "The one with the ever-widening PGP keyID ADA44B3B | hole in it!" -Firesign Theatre - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jun 6 05:14:00 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:9095 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 6 Jun 2002 05:13:44 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 06 Jun 2002 05:13:37 +0200 (CEST) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:14865 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 6 Jun 2002 05:13:05 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.35 #1) id 17Fnim-0000Ey-00 (Debian); Thu, 06 Jun 2002 04:13:56 +0100 Date: Thu, 6 Jun 2002 04:13:56 +0100 From: Dale Amon To: Newsmail , linux-crypto@nl.linux.org, Dale Amon Subject: Re: increasing the number of loop devices Message-ID: <20020606031356.GB32559@vnl.com> Mail-Followup-To: Dale Amon , Newsmail , linux-crypto@nl.linux.org References: <5.0.2.1.2.20020605111120.01b9f910@pop.tvnet.hu> <20020605140357.GB16412@vnl.com> <20020606024048.GA610@paranoiacs.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020606024048.GA610@paranoiacs.org> User-Agent: Mutt/1.3.28i X-Operating-System: Linux, the choice of a GNU generation X-Spam-Status: No, hits=-3.8 required=5.0 tests=IN_REP_TO,TO_LOCALPART_EQ_REAL version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Wed, Jun 05, 2002 at 10:40:48PM -0400, Ben Slusky wrote: > On Wed, 05 Jun 2002 15:03:57 +0100, Dale Amon wrote: > > On Wed, Jun 05, 2002 at 11:12:20AM +0100, Newsmail wrote: > > > I read in dmesg that the maximum amount of loop devices is 8 actually. is > > > there a way to have more than 8 loop devices? can I add them to /dev or do > > > I have to modify something else? > > > greg > > > > I believe there is a compile time constant in loop.c that controls > > this. > > Actually it's a kernel parameter: max_loop. I boot with max_loop=16. Nice to know, I've usually changed it here in loop.c: static int max_loop = 8; static struct loop_device *loop_dev; static int *loop_sizes; static int *loop_blksizes; static devfs_handle_t devfs_handle; /* For the directory */ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jun 8 16:52:05 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:20398 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 8 Jun 2002 16:51:41 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 08 Jun 2002 16:50:41 +0200 (CEST) Received: from bpdcwm01.bpcl.broadband.hu ([IPv6:::ffff:195.184.181.2]:42626 "EHLO mx01.broadband.hu") by humbolt.nl.linux.org with ESMTP id ; Sat, 8 Jun 2002 16:50:12 +0200 Received: from kain.satimex.tvnet.hu (gep70-7305.bp13catv.broadband.hu [213.222.133.253]) by mx01.broadband.hu (Postfix) with ESMTP id DCDCD30DE5 for ; Sat, 8 Jun 2002 16:50:10 +0200 (MET DST) Message-Id: <5.0.2.1.2.20020608164359.01c55548@pop.tvnet.hu> X-Sender: newsmail@pop.tvnet.hu X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Sat, 08 Jun 2002 16:46:38 +0100 To: linux-crypto@nl.linux.org From: Newsmail Subject: max_size before generating the same ciphertext Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: newsmail@satimex.tvnet.hu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org as I remember I was told that blowfish has a 32gig limitation before it begins to generate equal ciphertexts. actually I dont know from which caracteristique of blowfish this comes from, could somebody clear my mind? and maybe could somebody tell me how to calculate this limitation for other 128bit ciphers like AES for exemple? or just tell me what is AES-s limit actually :> thx greg - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jun 8 19:24:43 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:60603 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 8 Jun 2002 19:24:29 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 08 Jun 2002 19:24:21 +0200 (CEST) Received: from hank-fep6-0.inet.fi ([IPv6:::ffff:194.251.242.201]:29370 "EHLO fep06.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Sat, 8 Jun 2002 19:23:31 +0200 Received: from pp.inet.fi ([194.197.67.253]) by fep06.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020608172328.JZMO3204.fep06.tmt.tele.fi@pp.inet.fi> for ; Sat, 8 Jun 2002 20:23:28 +0300 Message-ID: <3D023D87.CD070588@pp.inet.fi> Date: Sat, 08 Jun 2002 20:23:19 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Bug in build-gpgmount.sh Content-Type: multipart/mixed; boundary="------------6DD707C59BA47F5837653392" X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format. --------------6DD707C59BA47F5837653392 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Loop-AES contains build-gpgmount.sh script that can be used to create a program to mount loop devices using GnuPG encrypted loop key. Intent is for created program to start both gpg and mount programs in a way that non-root users decrypt loop encryption key from GnuPG encrypted file without non-root users having access to actual loop encryption key. Latest released version (from loop-AES-v1.6d tarball) has a bug that reveals the loop encryption key to non-root users: all they need to do is add a line "output fubar.txt" to their gpg options file. That causes gpg to write the loop encryption key to fubar.txt file instead of piping it to mount. A fix is to pass "--options /dev/null" option to gpg so it won't read non-root supplied options file. A fixed version of the script is attached to this mail. Regards, Jari Ruusu --------------6DD707C59BA47F5837653392 Content-Type: application/x-gzip; name="build-gpgmount.sh.gz" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="build-gpgmount.sh.gz" H4sICBI2Aj0CA2J1aWxkLWdwZ21vdW50LnNoAK1VW3PaOBR+1684AZoxCQ6X7G53mpCZTkvS dFNgUjJph2USI8tGE180lhzwpPz3PbINtoHdp9UDlr5z1XeODvWj9pwH7bklF6RO6gDzmHu2 6QrXD+NAnW3gx4grxQKYJ/DVijjcx7GMW/A1Dhj8Cb1Op5fpfQpFEnF3oVKsqn6mFe6ZzaWK +DxWPAwgdEAtuASHewzwK1jk60g2xIHNIhQyuBk+wDiee5zCHacskAw9EcIdmEKjDkd9OIcZ XGjdgAAuRhch1GJpuewDvLDkGp0PLZ9BeqdxyAOVHtmK0VhZ80xay2xXXEGXOJz8Nfh5fXs3 6De65NvoYTgZj26Hk36jRwY/Bp+GH7+h5JzcjG/G96Ob/vNywekCkLfnXLuEpmGfCZFMgclI 7FvyBTrv3xNqIQCXl4PRNVwpX5jUbDTOKCF1HlAvthlcSmXz8GxxVYLiABm0qxgCHp/vYhEP 3ComlruGiWyrRDC5D0tlqX10afEd1KGB8jREkFjwLR4YemNFLm0BXVgRnJzg4bVJ3lKKtVCv VQuSFgjHnvZmF6kkVcaFmU+7nVkLTqzp7/rDtiqC20/a3MVNC3z8zXA0iakCYUm5tOFEXJAs lmMcGQL64DIlljG3DdzoTxNXWmyj27woVNm0M0Nt3/K8kBro1GOBIcwrsXyyedSEU/hjz1AK 5Fk5qW0Lal9G2BrvZA2vtrXLFNm0q513itwEF8w41hR0ZgfyMVaoHgpModZ4y/txjY5HT/ef R8O7n2jS74PZbULGrF5Ong12BIsizKfxtmnY9Qd8VbrdQYWpWyi8/h3U8ribV7BNZF2iUtOO OTlh9KIpLMW1Y9EzsKSdkpsU07frIjHdkoB6oWTGag/JmTgEd8uwlZUJ75Y/wHWtLExprplm KPSQkRVZL5W1bfbaDmLPq8jOczub0SgRqiL7LS9dQRGjr8yw0qIf5x9WzX6HxpzFjMOsbhWN Kis7V6+0GjYmVvadXcvezzZoWiP/X2tU0LadUQeJE/uMYcR9pjZ+9GRc77OVP6b/hTT/v0nb spBiekYJ/dbTIXFc6sqNxM8kSSHR1D3eXg9+3E4Gn7EI8OsXGI/6+H3ycfLwXUP4V9M5NDYK u2TfLjlslx50cHxeOP8JcSkF8xEHD5ijHpgSTD0doPhbADPcnkjkg+kUwikNZ4Qu/NAGNzSj Zcs6XbXiU1kY+K/bPZRGAvkHReWKGAIIAAA= --------------6DD707C59BA47F5837653392 Content-Type: text/plain; charset=us-ascii; name="build-gpgmount.sh.gz.sign" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="build-gpgmount.sh.gz.sign" -----BEGIN PGP MESSAGE----- Version: 2.6.3ia Comment: http://loop-aes.sourceforge.net/PGP-public-key.asc iQCVAwUAPQI3STMKg0M6Ig9RAQHyTwQApJqCUnsfr9hvV7WQWvv2n0ffn3aV2GX5 5vFmZPGWZcN1Oc+Kz9quTJSCMj5Rpk3d9b+xoh0HAM6TyRvPT3ssjhy0Pr6ue7nw buu9H5KnjaTllSW4henqNLj5D24XhU5H1WRGrwtfFssyGpwIXYuWFpSZxIOadAF9 69IhU9qGZIc= =i2A0 -----END PGP MESSAGE----- --------------6DD707C59BA47F5837653392-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 9 00:34:13 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:58584 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 9 Jun 2002 00:34:02 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 09 Jun 2002 00:33:53 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:54545 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Sun, 9 Jun 2002 00:33:14 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g58MXAU09740 for linux-crypto@nl.linux.org; Sat, 8 Jun 2002 18:33:10 -0400 Date: Sat, 8 Jun 2002 18:33:10 -0400 From: Jean-Luc Cooke To: linux-crypto@nl.linux.org Subject: Re: max_size before generating the same ciphertext Message-ID: <20020608183310.B9322@certainkey.com> References: <5.0.2.1.2.20020608164359.01c55548@pop.tvnet.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.0.2.1.2.20020608164359.01c55548@pop.tvnet.hu>; from newsmail@satimex.tvnet.hu on Sat, Jun 08, 2002 at 04:46:38PM +0100 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Maybe you misunderstood. When using CBC mode of operation (the most common one) you have to periodically change the encryption key to protect your data. If an attacker finds two ciphertexts with the same value, then they can starting getting information about the plaintext. Statistically this is has a 50-50 chance of happening after B64 = 2^(n/2) ciphertexts. if n == 64 (like DES) this will be (2^32 * 64bit = 32GByte). For 128bit block ciphers B128 = 2^64 * 128 = 2^32 * 2 * B64. So don't worry about changing VPN session keys in your lifetime. JLC On Sat, Jun 08, 2002 at 04:46:38PM +0100, Newsmail wrote: > as I remember I was told that blowfish has a 32gig limitation before it > begins to generate equal ciphertexts. actually I dont know from which > caracteristique of blowfish this comes from, could somebody clear my mind? > and maybe could somebody tell me how to calculate this limitation for other > 128bit ciphers like AES for exemple? or just tell me what is AES-s limit > actually :> > thx > greg > > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jun 11 19:09:32 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:34717 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 19:09:17 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 11 Jun 2002 19:08:54 +0200 (CEST) Received: from sierra.seas.upenn.edu ([IPv6:::ffff:158.130.64.180]:45697 "EHLO sierra.seas.upenn.edu") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 19:08:23 +0200 Received: from blue.seas.upenn.edu (root@BLUE.SEAS.UPENN.EDU [158.130.64.177]) by sierra.seas.upenn.edu (8.9.3/8.9.3) with ESMTP id NAA11422 for ; Tue, 11 Jun 2002 13:08:20 -0400 (EDT) Received: from blue.seas.upenn.edu (wfdavis@localhost [127.0.0.1]) by blue.seas.upenn.edu (8.12.2/8.12.2) with ESMTP id g5BH8Knd013240 for ; Tue, 11 Jun 2002 13:08:20 -0400 (EDT) Received: from localhost (wfdavis@localhost) by blue.seas.upenn.edu (8.12.2/8.12.2/Submit) with ESMTP id g5BH8CiC013223 for ; Tue, 11 Jun 2002 13:08:20 -0400 (EDT) Date: Tue, 11 Jun 2002 13:08:12 -0400 (EDT) From: Wayne F Davis To: linux-crypto@nl.linux.org Subject: automating cryptoapi startup & shutdown Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: wfdavis@seas.upenn.edu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, I have the cryptoapi/loop setup and it seems to be working well. Great job! Now, I want to automate some of the steps (losetup, modules, mount). What is the best way to go about doing this? I would like to load the modules on boot via modules.conf and have the mount command handle the losetup. On shutdown, I would like the umounting to handle the losetup. Is there a way to do this easily (via modules.conf & /etc/fstab)? (I tried a few things, but was getting some errors, so I figured I'd ask here.) Thanks again. -- Wayne Davis - wfdavis@seas.upenn.edu - PGP Key Available - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jun 11 19:28:43 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:11937 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 19:28:24 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 11 Jun 2002 19:28:18 +0200 (CEST) Received: from ping.to.com ([IPv6:::ffff:194.221.251.37]:1800 "EHLO ping.to.com") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Tue, 11 Jun 2002 19:27:30 +0200 Received: from to.com (localhost.localdomain [127.0.0.1]) by ping.to.com (8.11.6/8.11.6) with ESMTP id g5BHRTj01918; Tue, 11 Jun 2002 19:27:29 +0200 Received: from lt-js.think (lt-js.think [192.168.10.183]) by to.com (Postfix) with ESMTP id ED78617001D; Tue, 11 Jun 2002 19:27:28 +0200 (CEST) Date: Tue, 11 Jun 2002 19:27:15 +0200 (CEST) From: Jochen Schmidt X-X-Sender: jschmidt@localhost.localdomain To: Wayne F Davis Cc: linux-crypto@nl.linux.org Subject: Re: automating cryptoapi startup & shutdown In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jschmidt@millenux.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, you can full automate the mount of your crypted filesystems. If you want to do this, i think you don't need a crypted filesystem ;-) I mount my crypted homedir with an init-script. Since i use this on my laptop i haven'd hardcoded anything so it's more difficult for an thief to figure out the right cipher/keylength/password combination. I use the following script (RedHat/Conectiva) which you should change to your type of initscripts :) ------------------------------------------------------------ #!/bin/sh # chkconfig: 345 91 45 # description: Mount crypted filesystems # . /etc/rc.d/init.d/functions function start () { cat - < Hi, > > I have the cryptoapi/loop setup and it seems to be working well. Great > job! > > Now, I want to automate some of the steps (losetup, modules, mount). What > is the best way to go about doing this? I would like to load the modules > on boot via modules.conf and have the mount command handle the losetup. > On shutdown, I would like the umounting to handle the losetup. Is there > a way to do this easily (via modules.conf & /etc/fstab)? (I tried a few > things, but was getting some errors, so I figured I'd ask here.) > > Thanks again. > > -- -------------------------------------------------------------------- Jochen Schmidt jochen.schmidt@millenux.com Millenux GmbH mobile: +49.175.5752483 Lilienthalstraße 2 phone: +49.711.88770.300 70825 Stuttgart-Korntal fax: +49.711.88770.349 -= linux without limits -=- http://linux.zSeries.org/ =- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jun 11 19:36:41 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:31396 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 19:36:31 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 11 Jun 2002 19:36:26 +0200 (CEST) Received: from sierra.seas.upenn.edu ([IPv6:::ffff:158.130.64.180]:40327 "EHLO sierra.seas.upenn.edu") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 19:35:59 +0200 Received: from blue.seas.upenn.edu (root@BLUE.SEAS.UPENN.EDU [158.130.64.177]) by sierra.seas.upenn.edu (8.9.3/8.9.3) with ESMTP id NAA14975; Tue, 11 Jun 2002 13:35:43 -0400 (EDT) Received: from blue.seas.upenn.edu (wfdavis@localhost [127.0.0.1]) by blue.seas.upenn.edu (8.12.2/8.12.2) with ESMTP id g5BHZhnd016218; Tue, 11 Jun 2002 13:35:43 -0400 (EDT) Received: from localhost (wfdavis@localhost) by blue.seas.upenn.edu (8.12.2/8.12.2/Submit) with ESMTP id g5BHZhaB016215; Tue, 11 Jun 2002 13:35:43 -0400 (EDT) Date: Tue, 11 Jun 2002 13:35:43 -0400 (EDT) From: Wayne F Davis To: Jochen Schmidt cc: linux-crypto@nl.linux.org Subject: Re: automating cryptoapi startup & shutdown In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: wfdavis@seas.upenn.edu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > > you can full automate the mount of your crypted filesystems. If you want > to do this, i think you don't need a crypted filesystem ;-) > I mount my crypted homedir with an init-script. Since i use this on my > laptop i haven'd hardcoded anything so it's more difficult for an > thief to figure out the right cipher/keylength/password combination. Thanks. I planned to look into the password issue... w - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jun 11 20:48:13 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:13487 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 20:47:58 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 11 Jun 2002 20:47:49 +0200 (CEST) Received: from adsl-216-158-28-251.cust.oldcity.dca.net ([IPv6:::ffff:216.158.28.251]:47491 "EHLO fukurou.paranoiacs.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 20:47:27 +0200 Received: (from sluskyb@localhost) by fukurou.paranoiacs.org (8.9.3/8.9.3/Debian 8.9.3-21) id OAA09950 for linux-crypto@nl.linux.org; Tue, 11 Jun 2002 14:47:21 -0400 Date: Tue, 11 Jun 2002 14:47:20 -0400 From: Ben Slusky To: linux-crypto@nl.linux.org Subject: Re: automating cryptoapi startup & shutdown Message-ID: <20020611184720.GA2069@paranoiacs.org> Mail-Followup-To: linux-crypto@nl.linux.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sluskyb@paranoiacs.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Tue, 11 Jun 2002 13:08:12 -0400, Wayne F Davis wrote: > Now, I want to automate some of the steps (losetup, modules, mount). What > is the best way to go about doing this? I would like to load the modules > on boot via modules.conf and have the mount command handle the losetup. > On shutdown, I would like the umounting to handle the losetup. Is there > a way to do this easily (via modules.conf & /etc/fstab)? (I tried a few > things, but was getting some errors, so I figured I'd ask here.) This can be done, with a patched util-linux package. Such a package is standard with RedHat and Debian, and possibly others; if your mount(8) man page does not mention the "encryption" and "keybits" options, then get the patch at and build it yourself. Now, to mount /dev/hda7 as /home with 128-bit AES encryption, add to your modules.conf: alias cipher-aes-ecb cipher-aes alias cipher-aes-cbc cipher-aes and to your fstab: /dev/hda7 /home ext3 defaults,loop,encryption=aes,keybits=128 1 0 Note the 0 in the fsck-pass column, since you can't fsck it. Which isn't too much of a problem if you use a journaling filesystem. HTH, -- Ben Slusky | "The sea was angry that day, sluskyb@stwing.org | my friends, like an old man sluskyb@paranoiacs.org | trying to send back soup at a PGP keyID ADA44B3B | deli..." -George Costanza - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jun 11 21:21:21 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:61622 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 21:21:07 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 11 Jun 2002 21:20:57 +0200 (CEST) Received: from sierra.seas.upenn.edu ([IPv6:::ffff:158.130.64.180]:19106 "EHLO sierra.seas.upenn.edu") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 21:20:09 +0200 Received: from red.seas.upenn.edu (root@RED.SEAS.UPENN.EDU [158.130.64.176]) by sierra.seas.upenn.edu (8.9.3/8.9.3) with ESMTP id PAA03035; Tue, 11 Jun 2002 15:20:07 -0400 (EDT) Received: from red.seas.upenn.edu (wfdavis@localhost [127.0.0.1]) by red.seas.upenn.edu (8.12.2/8.12.2) with ESMTP id g5BJK6va000201; Tue, 11 Jun 2002 15:20:06 -0400 (EDT) Received: from localhost (wfdavis@localhost) by red.seas.upenn.edu (8.12.2/8.12.2/Submit) with ESMTP id g5BJK6pB000198; Tue, 11 Jun 2002 15:20:06 -0400 (EDT) Date: Tue, 11 Jun 2002 15:20:06 -0400 (EDT) From: Wayne F Davis To: Ben Slusky cc: linux-crypto@nl.linux.org Subject: Re: automating cryptoapi startup & shutdown In-Reply-To: <20020611184720.GA2069@paranoiacs.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: wfdavis@seas.upenn.edu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Tue, 11 Jun 2002, Ben Slusky wrote: > On Tue, 11 Jun 2002 13:08:12 -0400, Wayne F Davis wrote: > > Now, I want to automate some of the steps (losetup, modules, mount). What > > is the best way to go about doing this? I would like to load the modules > > on boot via modules.conf and have the mount command handle the losetup. > > On shutdown, I would like the umounting to handle the losetup. Is there > > a way to do this easily (via modules.conf & /etc/fstab)? (I tried a few > > things, but was getting some errors, so I figured I'd ask here.) > > This can be done, with a patched util-linux package. Such a package is > standard with RedHat and Debian, and possibly others; if your mount(8) > man page does not mention the "encryption" and "keybits" options, then > get the patch at > > and build it yourself. I do have the updated util-linux package. > Now, to mount /dev/hda7 as /home with 128-bit AES encryption, add to > your modules.conf: > alias cipher-aes-ecb cipher-aes > alias cipher-aes-cbc cipher-aes > and to your fstab: > /dev/hda7 /home ext3 defaults,loop,encryption=aes,keybits=128 1 0 my modules.conf includes: alias cipher-aes-ecb cipher-aes alias cipher-aes-cbc cipher-aes my fstab: /dev/loop0 /mnt/crypt ext3 defaults,loop,encryption=aes,keybits=128 1 0 --- However, I can't mount the drive using mount ... # mount /mnt/crypt ioctl: LOOP_SET_FD: Device or resource busy First, I have to setup the loopback device with losetup, after loading the modueles: # modprobe cipher-aes # modprobe cryptoloop # losetup -e aes /dev/loop0 /path/cryptfile Then, I can mount it: mount /dev/loop0 /mnt/crypt -- Is there anyway I can simplify this? So that I can just type mount /mnt/crypt and type in my password (w/o scripting it)? Thank, Wayne > > Note the 0 in the fsck-pass column, since you can't fsck it. Which isn't > too much of a problem if you use a journaling filesystem. > > HTH, > > -- Wayne Davis - wfdavis@seas.upenn.edu - PGP Key Available - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jun 11 22:29:30 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:37057 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 22:29:27 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 11 Jun 2002 22:29:13 +0200 (CEST) Received: from adsl-216-158-28-251.cust.oldcity.dca.net ([IPv6:::ffff:216.158.28.251]:64387 "EHLO fukurou.paranoiacs.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 11 Jun 2002 22:28:35 +0200 Received: (from sluskyb@localhost) by fukurou.paranoiacs.org (8.9.3/8.9.3/Debian 8.9.3-21) id QAA11935 for linux-crypto@nl.linux.org; Tue, 11 Jun 2002 16:28:26 -0400 Date: Tue, 11 Jun 2002 16:28:25 -0400 From: Ben Slusky To: linux-crypto@nl.linux.org Subject: Re: automating cryptoapi startup & shutdown Message-ID: <20020611202825.GA11677@paranoiacs.org> Mail-Followup-To: linux-crypto@nl.linux.org References: <20020611184720.GA2069@paranoiacs.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sluskyb@paranoiacs.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Tue, 11 Jun 2002 15:20:06 -0400, Wayne F Davis wrote: > my modules.conf includes: > alias cipher-aes-ecb cipher-aes > alias cipher-aes-cbc cipher-aes > > my fstab: > /dev/loop0 /mnt/crypt ext3 defaults,loop,encryption=aes,keybits=128 1 0 > > --- > > However, I can't mount the drive using mount ... > # mount /mnt/crypt > ioctl: LOOP_SET_FD: Device or resource busy The device in your fstab should be /path/cryptfile. > First, I have to setup the loopback device with losetup, after loading > the modueles: > # modprobe cipher-aes > # modprobe cryptoloop Ah yes, I'd forgotten about the cryptoloop module... one way to have it loaded automatically is to add to your modules.conf: add above cipher-aes cryptoloop > # losetup -e aes /dev/loop0 /path/cryptfile > > Then, I can mount it: > mount /dev/loop0 /mnt/crypt Right, that's the long-hand way. When you give mount the "loop" option it does the losetup automagically. One problem is that journaling filesystems don't work well with a file-backed loop---something to do with write-ordering. So, I'd recommend using the "noauto" option in the fstab entry, so you can manually fsck it before mounting if necessary. HTH, -- Ben Slusky | Save the whales. sluskyb@stwing.org | Feed the hungry. sluskyb@paranoiacs.org | Free the mallocs. PGP keyID ADA44B3B - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From benjamin@hot-shot.com Wed Jun 12 21:53:43 2002 Received: from [IPv6:::ffff:195.25.190.34] ([IPv6:::ffff:195.25.190.34]:33165 "HELO hot-shot.com") by humbolt.nl.linux.org with SMTP id ; Wed, 12 Jun 2002 21:53:32 +0200 Received: from unknown (61.76.163.52) by sydint1.microthink.com.au with SMTP; 13 Jun 0102 03:56:45 -0400 Received: from smtp4.cyberecschange.com ([171.176.102.11]) by rly-xl04.mx.aolmd.com with esmtp; Wed, 12 Jun 0102 23:54:52 -1000 Received: from mta85.snfc21.pibi.net ([82.110.59.47]) by m10.grp.snv.yahui.com with smtp; Wed, 12 Jun 0102 13:52:59 +0700 Received: from [169.137.46.224] by da001d2020.loxi.pianstvu.net with esmtp; 12 Jun 0102 20:51:06 +0400 Received: from unknown (HELO rly-xw01.otpalo.com) (79.90.94.169) by m10.grp.snv.yahui.com with asmtp; 13 Jun 0102 00:49:13 -0500 Reply-To: Message-ID: <028c07b24c1d$1885d7b7$0cb03ab6@uflrxg> From: To: benjamin@hot-shot.com Subject: RE: 7735JhJE0-233YuGm9085hEPz2--25 Date: Wed, 12 Jun 0102 11:34:48 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00B8_40E30C6C.E3020E48" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: The Bat! (v1.52f) Business Importance: Normal Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org ------=_NextPart_000_00B8_40E30C6C.E3020E48 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: base64 c2FsdXQNCmhpDQoNCkonYWkgcmVncm91cGUgc3VyIHVuIHNpdGUgbGVzIG1l aWxsZXVycyBzaXRlcyB4IGdyYXR1aXRzIHF1ZSBqJ2FpIHB1IHRyb3V2ZXIN CmVuIDUgYW5zIGRlIHN1cmYhDQoNCkkndmUgcmVncm91cCBoZXJlIHRoZSBi ZXN0IGZyZWUgYWR1bHQgc2l0ZXMgaSd2ZSBmaW5kIG9uIHRoZSB3ZWIgZHVy aW5nIDUgeWVhcnMgb2Ygc3VyZiENCg0KbCdhZHJlc3NlICh0aGUgYWRkcmVz cykgOg0KDQpodHRwOi8vd3d3LnRoZXpzLmNvbS8wMDMwDQoNCnZpc2l0ZXog bW9uIHNwb25zb3IgcG91ciBtJ2FpZGVyIQ0KUGxlYXNlIHZpc2l0IG15IHNw b25zb3IgdG8gaGVscCBtZSENCg0KUG91ciBuZSBwbHVzIHJlY2V2b2lyIGQn ZW1haWwgZWNyaXZleiBtb2kg4CByZW1vdmVAcmVtb3ZlLXRvcC5jb20gYXZl YyBjb21tZSBzdWpldCByZW1vdmUNCklmIHlvdSB3YW50IHRvIHN0b3AgdG8g cmVjZWl2ZSBtYWlscyBlbWFpbCBtZSBhdCAgcmVtb3ZlQHJlbW92ZS10b3Au Y29tIHdpdGggdGhlIHN1YmplY3QgcmVtb3ZlDQoNCjYNCg0KIA0KOTY0N2Fu d0c3LTk0NXFGaFQyOTUzWGlMSTItNTQ4WXZsMzA= From linux-crypto-bounce@nl.linux.org Wed Jun 12 21:55:12 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:63430 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 12 Jun 2002 21:54:58 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 12 Jun 2002 21:54:37 +0200 (CEST) Received: from [IPv6:::ffff:195.25.190.34] ([IPv6:::ffff:195.25.190.34]:33165 "HELO hot-shot.com") by humbolt.nl.linux.org with SMTP id ; Wed, 12 Jun 2002 21:53:32 +0200 Received: from unknown (61.76.163.52) by sydint1.microthink.com.au with SMTP; 13 Jun 0102 03:56:45 -0400 Received: from smtp4.cyberecschange.com ([171.176.102.11]) by rly-xl04.mx.aolmd.com with esmtp; Wed, 12 Jun 0102 23:54:52 -1000 Received: from mta85.snfc21.pibi.net ([82.110.59.47]) by m10.grp.snv.yahui.com with smtp; Wed, 12 Jun 0102 13:52:59 +0700 Received: from [169.137.46.224] by da001d2020.loxi.pianstvu.net with esmtp; 12 Jun 0102 20:51:06 +0400 Received: from unknown (HELO rly-xw01.otpalo.com) (79.90.94.169) by m10.grp.snv.yahui.com with asmtp; 13 Jun 0102 00:49:13 -0500 Reply-To: Message-ID: <028c07b24c1d$1885d7b7$0cb03ab6@uflrxg> From: To: benjamin@hot-shot.com Subject: RE: 7735JhJE0-233YuGm9085hEPz2--25 Date: Wed, 12 Jun 0102 11:34:48 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00B8_40E30C6C.E3020E48" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: The Bat! (v1.52f) Business Importance: Normal X-Spam-Status: No, hits=4.3 required=5.0 tests=NO_REAL_NAME,SUBJ_REMOVE,MAILTO_TO_REMOVE,BASE64_ENC_TEXT,FROM_AND_TO_SAME version=2.20 X-Spam-Level: **** X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: benjamin@hot-shot.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org ------=_NextPart_000_00B8_40E30C6C.E3020E48 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: base64 c2FsdXQNCmhpDQoNCkonYWkgcmVncm91cGUgc3VyIHVuIHNpdGUgbGVzIG1l aWxsZXVycyBzaXRlcyB4IGdyYXR1aXRzIHF1ZSBqJ2FpIHB1IHRyb3V2ZXIN CmVuIDUgYW5zIGRlIHN1cmYhDQoNCkkndmUgcmVncm91cCBoZXJlIHRoZSBi ZXN0IGZyZWUgYWR1bHQgc2l0ZXMgaSd2ZSBmaW5kIG9uIHRoZSB3ZWIgZHVy aW5nIDUgeWVhcnMgb2Ygc3VyZiENCg0KbCdhZHJlc3NlICh0aGUgYWRkcmVz cykgOg0KDQpodHRwOi8vd3d3LnRoZXpzLmNvbS8wMDMwDQoNCnZpc2l0ZXog bW9uIHNwb25zb3IgcG91ciBtJ2FpZGVyIQ0KUGxlYXNlIHZpc2l0IG15IHNw b25zb3IgdG8gaGVscCBtZSENCg0KUG91ciBuZSBwbHVzIHJlY2V2b2lyIGQn ZW1haWwgZWNyaXZleiBtb2kg4CByZW1vdmVAcmVtb3ZlLXRvcC5jb20gYXZl YyBjb21tZSBzdWpldCByZW1vdmUNCklmIHlvdSB3YW50IHRvIHN0b3AgdG8g cmVjZWl2ZSBtYWlscyBlbWFpbCBtZSBhdCAgcmVtb3ZlQHJlbW92ZS10b3Au Y29tIHdpdGggdGhlIHN1YmplY3QgcmVtb3ZlDQoNCjYNCg0KIA0KOTY0N2Fu d0c3LTk0NXFGaFQyOTUzWGlMSTItNTQ4WXZsMzA= - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jun 14 06:44:33 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:32641 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 14 Jun 2002 06:44:23 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 14 Jun 2002 06:43:41 +0200 (CEST) Received: from port-212.169.150.70.flat4all.de ([IPv6:::ffff:212.169.150.70]:65032 "HELO 200.206.216.225") by humbolt.nl.linux.org with SMTP id ; Fri, 14 Jun 2002 06:43:27 +0200 From: cRACkeT To: Undisclosed@nl.linux.org, Recipients@nl.linux.org Subject: Latest Updates for Crack Dialer Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Fri, 14 Jun 2002 06:43:06 +0200 X-Mailer: Microsoft Outlook Build 10.0.2616 Message-Id: <20020614044328Z16007-22152+7@humbolt.nl.linux.org> X-Spam-Status: No, hits=1.1 required=5.0 tests=TO_MALFORMED,PORN_11 version=2.20 X-Spam-Level: * X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: crack@yahoo.ru Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Latest Updates - 83 Deutsche Hardcore Livechatshows - 90 Livestudios mit Stripchat - 3.950 Internationale Livechatshows - 85 000 Softcorevideos - 525 000 Hardcorevideos - 950 000 Hardcorebilder CRACKED DIALER !!! http://www.camcrack.hpg.ig.com.br/1/crack/index.html - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 16 13:38:01 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:54988 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 13:37:45 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 16 Jun 2002 13:36:54 +0200 (CEST) Received: from [IPv6:::ffff:202.98.63.126] ([IPv6:::ffff:202.98.63.126]:17493 "HELO 01") by humbolt.nl.linux.org with SMTP id ; Sun, 16 Jun 2002 13:36:13 +0200 From: Mr.YU Reply-To: Farming-machine@cqxh.com Subject: General Machine Date: Sun, 16 Jun 2002 19:33:22 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="e5c2e891-815d-11d6-8d77-00e04c534a72" Message-Id: <20020616113616Z16025-11563+226@humbolt.nl.linux.org> To: unlisted-recipients:; (no To-header on input) X-Spam-Status: No, hits=-0.6 required=5.0 tests=TO_MALFORMED,DEAR_SOMEBODY,SUPERLONG_LINE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Farming-machine@cqxh.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format --e5c2e891-815d-11d6-8d77-00e04c534a72 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: quoted-printable Dear Sir: We are indebted for your address to the Internet. And know that you are in = the market for Agriculture Machinery. It is on this subject that we approach you today in the hope of establishing = mutually beneficial trading relations. Chongqing ZongShen General Power Machine Co. LTD. It is a subsidiary under = the jurisdiction of ZongShen Group, invested 50 Million CNY from ZongShen = Group&HongKong Enterprise. The company is mainly engaged in the R&D, = production of utility gasoline engine and also including the utility = machinery powered by which, the latest international utility engine = technology was introduced. Currently our company products range covers utility gasoline engine, = multi-functional Mini-tiller, generators, water pump, etc. Annual production = capacity can reach 500 thousand sets. We determined high-tech&premium-quantity as our start point, aims to build-up = a hundred-year-managing enterprise, and to establish worldwide brand. With = the strong and powerful back-up from ZongShen Group, the first-class = personnel resource, the latest high-technology, advanced equipment, complete = management system, our company will put all our efforts to build-up the = first-rate brand in the specialized field. Kindly please click on our website and get the detail information of our = products. http:///www.cq114.com.cn/English/production/mechanic/nongji/zongshen/index.ht= m Should you need anything not mentioned on the list , we shall do everything = necessary, upon receipt of your detailed requirements, to procure the said = items for you. For your information, in our trade with customers in many countries, we = always adhere to the principle of equality, mutual benefit and the exchange = of need goods thus, by our joint efforts, to promote both business and = friendship to our mutual advantage. We look forward to receiving your enquires soon, and remain, Yours faithfully Mr. Yu Wei E-mail: farming-machine@cqxh.com Fax:86-23-67635036 Tel:86-23-67635035-8007 --e5c2e891-815d-11d6-8d77-00e04c534a72-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 16 14:16:11 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:3794 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 14:16:03 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 16 Jun 2002 14:15:56 +0200 (CEST) Received: from [IPv6:::ffff:202.98.63.126] ([IPv6:::ffff:202.98.63.126]:4950 "HELO 01") by humbolt.nl.linux.org with SMTP id ; Sun, 16 Jun 2002 14:15:21 +0200 From: Mr.Weilin Reply-To: motorcycle@qinghecq.com Subject: China motorcycle Date: Sun, 16 Jun 2002 20:20:50 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="90fcc66d-8164-11d6-8d77-00e04c534a72" Message-Id: <20020616121522Z16233-11564+123@humbolt.nl.linux.org> To: unlisted-recipients:; (no To-header on input) X-Spam-Status: No, hits=-0.4 required=5.0 tests=TO_MALFORMED,DEAR_SOMEBODY,HTTP_USERNAME_USED,SUPERLONG_LINE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: motorcycle@qinghecq.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format --90fcc66d-8164-11d6-8d77-00e04c534a72 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: quoted-printable Be interested in importing motorcycles from China, you are on the right way! China Chongqing International Econ & Tech Exchange (Group) Co., Ltd. CHONGQING YINGANG ENERGY SAVING MOTORCYCLE CO., LTD. Dear Sir/Madam, Our company produces and distributes various whole motorcycle units = (displacement ranging from 48cc to 250cc, including two-wheel motorcycle and = three-wheel motorcycle, for carrying goods and taking passengers) and = accessories especially main accessories of motorcycle, such as engine = (including crankcase, crankshaft connecting rod, carburetor, engine cylinder = head, cylinder body, clutch, piston and piston rings), frame, fuel tank, = shock absorber, disk brake, panels, wheel hub and so on. So far, they have sold very well to markets in many countries and areas = around Asia, Africa and Latin America, meanwhile, we establish service spots = and sub-factories around there. We would now like to market the motorcycles = and spare parts directly in your country. We would appreciate your advise on whether your company would be interested = in acting as a distributor in the your country or if you have any = recommendations on any other your country's associates who might also be = interested. For further information about our products, kindly please visit our web page: = http://www.cq114.com.cn/English/production/jiaotongys/moto/motozhanshi/YG/yg5= 0qt.htm We look forward to your reply. Yours sincerely, Best regards, Department Manager of Foreign Trade Telephone: 86-23-67635035-8007 Fax: 86-23-67635036 E-mail:motorcycle@qinghecq.com http://www.cq114.com.cn/English/production/jiaotongys/moto/motozhanshi/YG/yg5= 0qt.htm --90fcc66d-8164-11d6-8d77-00e04c534a72-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 16 14:41:23 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:30166 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 14:41:20 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 16 Jun 2002 14:41:12 +0200 (CEST) Received: from [IPv6:::ffff:202.98.63.126] ([IPv6:::ffff:202.98.63.126]:22869 "HELO 01") by humbolt.nl.linux.org with SMTP id ; Sun, 16 Jun 2002 14:40:34 +0200 From: Ms.Nili Reply-To: wolf@cq114.com.cn Subject: CNG Station Date: Sun, 16 Jun 2002 20:46:04 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="f6384634-8167-11d6-8d77-00e04c534a72" Message-Id: <20020616124035Z16342-29580+51@humbolt.nl.linux.org> To: unlisted-recipients:; (no To-header on input) X-Spam-Status: No, hits=-0.4 required=5.0 tests=TO_MALFORMED,DEAR_SOMEBODY,HTTP_USERNAME_USED,SUPERLONG_LINE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: wolf@cq114.com.cn Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format --f6384634-8167-11d6-8d77-00e04c534a72 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: quoted-printable Be interested in importing compressors from China, you are on the right way! China Chongqing International Econ & Tech Exchange (Group) Co., Ltd. Chongqing Gas Compressor Factory Dear Sir/Madam, Chongqing Gas Compressor Factory produces and distributes middle and = small type; high, middle and low pressure compressors for L type, V type, W = type, Z type, S type seven series; 260 specifications; oil-lubricated or = non-lubricated; stationary or moved type; driven by motor of diesel engine; = water-cooled or air-cooled; controlled by auto record and mini-computer. = Compressor's discharge capacity from 0.09m3/min to 80m3/min, and discharge = pressure can be up to 41.4MPa.Mediums pressed are air, hydrogen gas, cracked = gas, nitrogen-hydrogen gas, carbon dioxide, chlorine gas, mine gad, cool gas, = natural gas, petroleum gas, as well as rare gas such as helium gas, neon gas, = argon gas, krypton gas, xenon gas, radon gas, The productions widely apply to = various industry departments. Our technical level of the complete equipment = of natural gas filling station for vehicle, wind-cooled, high-pressure = compressors are all in the lead in our country. Our company specializes in developing and manufacturing the complete = equipment of NGV (Natural Gas for Vehicle) station (including compressor, = industry control computer or PLC control system, low-pressure dehydration = device, high-pressure dry device, desulphurization device, storage cascade, = dispenser, priority fill panel, high pressure valves, etc.). In addition our = company can undertake station design and engineering installation. With the = international advanced technology of complete equipment of NGV filling = station, our company has the ability to design and manufacture various = compressors and complete equipment of high performance, large type, middle = type, small type, water-cooling, air-cooling, water and air mixture cooling = for filling station and daughter-mother station. According to the demands of = users, the company can provide with imported original compressor, assembled = compressor with imported parts and nationalized compressors with different = degrees those are driven by electric motor or natural gas engine. So far, they have sold very well to markets in many countries and areas We = would now like to market the equipments for natural gas filling station and = spare parts directly in your country. We would appreciate your advise on whether your company would be interested = in acting as a distributor in the your country or if you have any = recommendations on any other your country's associates who might also be = interested. For further information about our products, kindly please visit our web page: = http://www.cq114.com.cn/English/production/mechanic/Compressor/index.htm We look forward to your reply. Best regards, Ms.Nili Department Manager of Foreign Trade Telephone: 86-23-67635035-8007 Fax: 86-23-67635036 E-mail:wolf@cq114.com.cn http://www.cq114.com.cn/English/production/mechanic/Compressor/index.htm --f6384634-8167-11d6-8d77-00e04c534a72-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 16 15:32:06 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:14812 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 15:31:54 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 16 Jun 2002 15:31:46 +0200 (CEST) Received: from ALyon-110-1-9-104.abo.wanadoo.fr ([IPv6:::ffff:193.253.230.104]:48523 "EHLO totor.bouissou.net") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 15:31:27 +0200 Received: (qmail 7246 invoked by uid 501); 16 Jun 2002 13:31:26 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Michel Bouissou Organization: Completely disorganized To: linux-crypto@nl.linux.org Subject: Fed up with spam Date: Sun, 16 Jun 2002 15:31:26 +0200 User-Agent: KMail/1.4.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200206161531.26049@totor.bouissou.net> X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: michel@bouissou.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I'm fed up to see spam propagated thru this mailing-list, just because it is open for anybody to post. I have started reporting to Spamcop every spam that I receive from this ML, and this could result in this ML server to be blacklisted in Spamcop. -- Michel Bouissou OpenPGP ID 0x5C2BEE8F La bergère adorait qu'on borde son mouton. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 16 20:17:44 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:52360 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 20:17:41 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 16 Jun 2002 20:17:32 +0200 (CEST) Received: from mailout01.sul.t-online.com ([IPv6:::ffff:194.25.134.80]:59521 "EHLO mailout01.sul.t-online.com") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 20:17:00 +0200 Received: from fwd03.sul.t-online.de by mailout01.sul.t-online.com with smtp id 17JeaB-0004y8-04; Sun, 16 Jun 2002 20:16:59 +0200 Received: from dragon.flyn.org (520053387957-0001@[217.225.196.39]) by fmrl03.sul.t-online.com with esmtp id 17JeaH-23tfLEC; Sun, 16 Jun 2002 20:17:05 +0200 Received: by dragon.flyn.org (Postfix, from userid 500) id 14A3420091C2; Sun, 16 Jun 2002 20:16:50 +0200 (CEST) Date: Sun, 16 Jun 2002 20:16:50 +0200 From: "W. Michael Petullo" To: linux-crypto@nl.linux.org Subject: Encrypted home directories Message-ID: <20020616201650.A3505@dragon.flyn.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Operating-System: Linux dragon.flyn.org 2.4.18-xfs X-Sender: 520053387957-0001@t-dialin.net X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mike@flyn.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I just ran across a PAM module, pam_mount, and a patch for it which implements encrypted home directories. For example, an encrypted filesystem, call it /home/mike.img, could be mounted by PAM at /home/mike at login time and automatically unmounted upon logging out. I think this PAM module goes far to solve TODO problem number two on kerneli.org, "Security against theft of Linux machines." As a PAM module, it does so in a bit cleaner way than the login patch provided by the folks at grsecurity (http://www.grsecurity.net). I've been looking for a solution like this and was very excited to find pam_mount. However, I have not been able to find a valid email address for the author of either the module or the encrypted home directory patch. As far as I can tell pam_mount has not been worked on since late in 2001. Perhaps one of them is on this mailing list. Do any of you have any experience with this code? I really like it and would be willing to become its new maintainer if necessary. -- Mike :wq - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 16 21:41:07 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:34450 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 21:40:56 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 16 Jun 2002 21:40:48 +0200 (CEST) Received: from www.aarg.net ([IPv6:::ffff:206.101.74.70]:26123 "EHLO www.aarg.net") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 21:40:30 +0200 Received: from www.aarg.net (IDENT:mix@localhost.localdomain [127.0.0.1]) by www.aarg.net (8.12.3/8.12.3) with ESMTP id g5GJeRIG029128 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Sun, 16 Jun 2002 12:40:27 -0700 Received: (from mix@localhost) by www.aarg.net (8.12.3/8.12.1/Submit) id g5GJeQsK029125; Sun, 16 Jun 2002 12:40:26 -0700 Date: Sun, 16 Jun 2002 12:40:26 -0700 From: AARG! Anonymous Comments: This message did not originate from the Sender address above. It was remailed automatically by anonymizing remailer software. Please report problems or inappropriate use to the remailer administrator at . To: linux-crypto@nl.linux.org Subject: Re: Fed up with spam Message-ID: <38c4020d2e0ac2a0589405b586dac808@aarg.net> X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: remailer@aarg.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org So why don't you just unsubscribe? Given the nature of this list, it's important that non-subscribers be able to post, like this, anon if they wish. There hasn't been all that much spam from the list in the first place. So who cares if it gets blacklisted by spamcop -- that's just another clueless big brother anyway. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jun 16 22:52:29 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:20636 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 16 Jun 2002 22:52:18 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 16 Jun 2002 22:52:08 +0200 (CEST) Received: from pop.gmx.de ([IPv6:::ffff:213.165.64.20]:24840 "HELO mail.gmx.net") by humbolt.nl.linux.org with SMTP id ; Sun, 16 Jun 2002 22:51:36 +0200 Received: (qmail 30289 invoked by uid 0); 16 Jun 2002 20:51:33 -0000 Received: from dclient217-162-196-140.hispeed.ch (HELO localhost.localdomain) (217.162.196.140) by mail.gmx.net (mp010-rz3) with SMTP; 16 Jun 2002 20:51:33 -0000 Subject: Re: Encrypted home directories From: m96 To: "W. Michael Petullo" Cc: linux-crypto@nl.linux.org In-Reply-To: <20020616201650.A3505@dragon.flyn.org> References: <20020616201650.A3505@dragon.flyn.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.5 Date: 16 Jun 2002 22:49:20 +0200 Message-Id: <1024260561.26573.6.camel@symirna> Mime-Version: 1.0 X-Spam-Status: No, hits=-3.4 required=5.0 tests=IN_REP_TO,FROM_ENDS_IN_NUMS version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: m96@gmx.li Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org hi, a few months ago i tried to patch pam_mount to do something like that. but i run on too many problems that not only relay on pam_mount or on cryptoapi and had other problems that only my-self haven't found a good solution. so i made a break on working on this code. i also mailed the maintainer of pam_mount and didn't get an answer. so you can imagine that i'm really interested to see that code you have found. is it possible that you send me the patch or the hole code. thank in advance, regards, alias m96. On Sun, 2002-06-16 at 20:16, W. Michael Petullo wrote: > I just ran across a PAM module, pam_mount, and a patch for it which > implements encrypted home directories. > > For example, an encrypted filesystem, call it /home/mike.img, could be > mounted by PAM at /home/mike at login time and automatically unmounted > upon logging out. > > I think this PAM module goes far to solve TODO problem number two on > kerneli.org, "Security against theft of Linux machines." As a PAM > module, it does so in a bit cleaner way than the login patch provided > by the folks at grsecurity (http://www.grsecurity.net). > > I've been looking for a solution like this and was very excited to find > pam_mount. However, I have not been able to find a valid email address > for the author of either the module or the encrypted home directory patch. > As far as I can tell pam_mount has not been worked on since late in 2001. > Perhaps one of them is on this mailing list. > > Do any of you have any experience with this code? I really like it and > would be willing to become its new maintainer if necessary. > > -- > Mike > > :wq > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 17 10:32:27 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:49891 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 10:32:25 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 17 Jun 2002 10:31:52 +0200 (CEST) Received: from smtp01.web.de ([IPv6:::ffff:194.45.170.210]:5657 "EHLO smtp.web.de") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 10:31:28 +0200 Received: from pd9e96508.dip.t-dialin.net ([217.233.101.8] helo=web.de) by smtp.web.de with asmtp (WEB.DE(Exim) 4.60 #1) id 17Jrv5-0000N8-00 for linux-crypto@nl.linux.org; Mon, 17 Jun 2002 10:31:27 +0200 Message-ID: <3D0D9EB4.3050206@web.de> Date: Mon, 17 Jun 2002 10:32:52 +0200 From: Ilsa Gold Reply-To: ilsa.gold@web.de User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530 X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: how stable is the international patch for kernel 2.4.18? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ilsa.gold@web.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, I just set up a new Debian Linux system IMHO. All runs very well. I just wanted to set up a few new partitions for holding so data I use to work with. Now I thought it would be cool to de-/crypt them on the fly. I use kernel version 2.4.18. No here is my question: How stable is the patch for this kernel found under http://www.kernel.org/pub/linux/kernel/crypto/v2.4/testing/? Could it be seen as stable to use it in an productive environment or do I have to bet every evening that my data is there again on the next day? ;-))) lot of thanks for an answer Stefan - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 17 10:47:37 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:53734 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 10:47:28 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 17 Jun 2002 10:47:22 +0200 (CEST) Received: from pong.to.com ([IPv6:::ffff:194.221.251.36]:26372 "EHLO pong.to.com") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Mon, 17 Jun 2002 10:46:50 +0200 Received: from to.com (localhost.localdomain [127.0.0.1]) by pong.to.com (8.11.6/8.11.6) with ESMTP id g5H8kmE15248; Mon, 17 Jun 2002 10:46:48 +0200 Received: from lt-js.think (lt-js.think [192.168.10.183]) by to.com (Postfix) with ESMTP id 74ECE17001D; Mon, 17 Jun 2002 10:46:48 +0200 (CEST) Date: Mon, 17 Jun 2002 10:46:24 +0200 (CEST) From: Jochen Schmidt X-X-Sender: jschmidt@localhost.localdomain To: Ilsa Gold Cc: linux-crypto@nl.linux.org Subject: Re: how stable is the international patch for kernel 2.4.18? In-Reply-To: <3D0D9EB4.3050206@web.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, hits=-4.5 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jochen.schmidt@millenux.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, i running 2.4.18 with the international kernel patch one month on my laptop. I've running three vmware's at a time and all have their disk on an encrypted filesystem. I never had trouble with my crypt-fs. If you run linux on an IBM s390, do *not* use raw partitions on 4096-block dasd's. Every other scenario works well here. On Mon, 17 Jun 2002, Ilsa Gold wrote: > Hi, > > I just set up a new Debian Linux system IMHO. All runs very well. I > just wanted to set up a few new partitions for holding so data I use to > work with. Now I thought it would be cool to de-/crypt them on the fly. > I use kernel version 2.4.18. No here is my question: How stable is the > patch for this kernel found under > http://www.kernel.org/pub/linux/kernel/crypto/v2.4/testing/? Could it be > seen as stable to use it in an productive environment or do I have to > bet every evening that my data is there again on the next day? ;-))) > > lot of thanks for an answer > Stefan -- -------------------------------------------------------------------- Jochen Schmidt jochen.schmidt@millenux.com Millenux GmbH mobile: +49.175.5752483 Lilienthalstraße 2 phone: +49.711.88770.300 70825 Stuttgart-Korntal fax: +49.711.88770.349 -= linux without limits -=- http://linux.zSeries.org/ =- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 17 11:21:36 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:59373 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 11:21:28 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 17 Jun 2002 11:21:21 +0200 (CEST) Received: from mailout05.sul.t-online.com ([IPv6:::ffff:194.25.134.82]:57728 "EHLO mailout05.sul.t-online.com") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 11:20:44 +0200 Received: from fwd09.sul.t-online.de by mailout05.sul.t-online.com with smtp id 17Jsgh-0004aj-0D; Mon, 17 Jun 2002 11:20:39 +0200 Received: from dragon.flyn.org (520053387957-0001@[80.129.121.9]) by fmrl09.sul.t-online.com with esmtp id 17Jsge-1sSlG4C; Mon, 17 Jun 2002 11:20:36 +0200 Received: by dragon.flyn.org (Postfix, from userid 500) id 9B3792008A5B; Mon, 17 Jun 2002 11:20:27 +0200 (CEST) Date: Mon, 17 Jun 2002 11:20:27 +0200 From: "W. Michael Petullo" To: linux-crypto@nl.linux.org Subject: Re: Encrypted home directories Message-ID: <20020617112027.A3274@dragon.flyn.org> References: <20020616201650.A3505@dragon.flyn.org> <1024260561.26573.6.camel@symirna> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1024260561.26573.6.camel@symirna>; from m96@gmx.li on Sun, Jun 16, 2002 at 10:49:20PM +0200 X-Operating-System: Linux dragon.flyn.org 2.4.18-xfs X-Sender: 520053387957-0001@t-dialin.net X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mike@flyn.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org >> I just ran across a PAM module, pam_mount, and a patch for it which >> implements encrypted home directories. >> For example, an encrypted filesystem, call it /home/mike.img, could be >> mounted by PAM at /home/mike at login time and automatically unmounted >> upon logging out. [...] >> I've been looking for a solution like this and was very excited to find >> pam_mount. However, I have not been able to find a valid email address >> for the author of either the module or the encrypted home directory patch. >> As far as I can tell pam_mount has not been worked on since late in 2001. >> Perhaps one of them is on this mailing list. [...] > so you can imagine that i'm really interested to see that code you have > found. is it possible that you send me the patch or the hole code. Here is where the code is: pam_mount: http://pam-mount.conectevil.com/ pam_mount EHD hack: http://www-2.cs.cmu.edu/~mukesh/hacks.html I was able to get a hold of the author of the pam_mount EHD hack. Here is what he had to say: > I'm not sure what the status of pam_mount is. I did send a patch to Elvis > about a year ago, but it (obviously) wasn't incorporated. At the time I > sent him the patch, I did mention that there were some bugs (the ones > mentioned on my web page); it's possible that he was waiting for me to fix > those before accepting the patch. > As for the patch, I use it on my personal laptop. So long as it works with > my laptop (which is usually running the latest Debian release), I don't > mess with it. You'll notice one update on the page -- that was from a > friend of mine who wanted to use pam_mount 0.3.2. > Hopefully, pam and mount won't change much, and things will just continue > to work. > I hope that answers your question. -- Mike :wq - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 17 13:38:47 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:25505 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 13:38:36 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 17 Jun 2002 13:38:05 +0200 (CEST) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:51725 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 13:37:39 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.35 #1) id 17Juqx-0005Ic-00 (Debian); Mon, 17 Jun 2002 12:39:23 +0100 Date: Mon, 17 Jun 2002 12:39:23 +0100 From: Dale Amon To: Jochen Schmidt Cc: Ilsa Gold , linux-crypto@nl.linux.org Subject: Re: how stable is the international patch for kernel 2.4.18? Message-ID: <20020617113923.GB4496@vnl.com> Mail-Followup-To: Dale Amon , Jochen Schmidt , Ilsa Gold , linux-crypto@nl.linux.org References: <3D0D9EB4.3050206@web.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i X-Operating-System: Linux, the choice of a GNU generation X-Spam-Status: No, hits=-4.5 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Mon, Jun 17, 2002 at 10:46:24AM +0200, Jochen Schmidt wrote: > Hi, > > i running 2.4.18 with the international kernel patch one month on my > laptop. I've running three vmware's at a time and all have their disk on > an encrypted filesystem. I never had trouble with my crypt-fs. > > If you run linux on an IBM s390, do *not* use raw partitions on > 4096-block dasd's. Every other scenario works well here. I've a couple machines that have been up for nearly two years that are running it. I've been running crypto swap on all machines for a few months now. I've had some occasional problems with a laptop encrypted loopback reiserfs but that's the only hassle I've had. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 17 16:54:48 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:10466 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 16:54:41 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 17 Jun 2002 16:54:29 +0200 (CEST) Received: from mail.xenux.dk ([IPv6:::ffff:195.184.114.2]:26643 "EHLO mail.xenux.dk") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 16:54:03 +0200 Received: from localhost.localdomain (pc20.xenux.dk [195.184.114.20]) by mail.xenux.dk (Postfix) with ESMTP id 736C52015C for ; Mon, 17 Jun 2002 17:01:11 +0200 (CEST) Subject: Setting up loop-aes or crypto api with lvm From: Klaus Agnoletti To: linux-crypto@nl.linux.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-ARGuCfBA2m1xzWpeCM4j" X-Mailer: Ximian Evolution 1.0.5 Date: 17 Jun 2002 16:54:01 +0200 Message-Id: <1024325641.764.32.camel@gimli> Mime-Version: 1.0 X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: klaus@xenux.dk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-ARGuCfBA2m1xzWpeCM4j Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi I want to set up lvm on top of a loop encrypted fs. I assume it would work due to the modularity of the system, but before I try, I would like to know if anyone has sucessfully tried this :-). Thanks in advance --=20 Med venlig hilsen / Regards Klaus Agnoletti Junior Geek Engineer Xenux - The Linux People Bredgade 35A, 2. 1260 K=F8benhavn K Tel: +45 3315 8202 Fax: +45 3332 1832 http://www.xenux.dk --=-ARGuCfBA2m1xzWpeCM4j Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA9DfgIvxlkpf75rnoRAkaSAJ9kRLmVJHw2PJFvPT7DOYALQtLcMgCZAe1f NYFFOpL0cvVzb/6IOK49204= =YwTp -----END PGP SIGNATURE----- --=-ARGuCfBA2m1xzWpeCM4j-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 17 16:59:14 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:50406 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 16:59:00 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 17 Jun 2002 16:58:55 +0200 (CEST) Received: from zork.zork.net ([IPv6:::ffff:66.92.188.166]:15812 "EHLO zork.zork.net") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 16:58:35 +0200 Received: from sneakums by zork.zork.net with local (Exim 3.35 #1 (Debian)) id 17Jxxi-0007Y8-00; Mon, 17 Jun 2002 07:58:34 -0700 To: linux-crypto@nl.linux.org Subject: Re: Setting up loop-aes or crypto api with lvm References: <1024325641.764.32.camel@gimli> From: Sean Neakums X-Worst-Pick-Up-Line-Ever: "Hey baby, wanna peer with my leafnode instance?" X-Groin-Mounted-Steering-Wheel: "Arrrr... it's driving me nuts!" X-Message-Flag: Message text advisory: HACKING, SALACIOUS IMAGININGS X-Mailer: Norman Mail-Followup-To: linux-crypto@nl.linux.org Date: Mon, 17 Jun 2002 15:58:33 +0100 In-Reply-To: <1024325641.764.32.camel@gimli> (Klaus Agnoletti's message of "17 Jun 2002 16:54:01 +0200") Message-ID: <6uelf6x886.fsf@zork.zork.net> Lines: 13 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sneakums@zork.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org commence Klaus Agnoletti quotation: > I want to set up lvm on top of a loop encrypted fs. I assume it > would work due to the modularity of the system, but before I try, I > would like to know if anyone has sucessfully tried this :-). Cryptoloop works great for me on top of LVM. No joy with EVMS last time I tried, though. -- ///////////////// | | The spark of a pin | (require 'gnu) | dropping, falling feather-like. \\\\\\\\\\\\\\\\\ | | There is too much noise. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 17 17:40:23 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:36588 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 17:40:17 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 17 Jun 2002 17:40:10 +0200 (CEST) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:54798 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 17:39:50 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.35 #1) id 17Jydl-0006BC-00 (Debian); Mon, 17 Jun 2002 16:42:01 +0100 Date: Mon, 17 Jun 2002 16:42:01 +0100 From: Dale Amon To: linux-crypto@nl.linux.org Subject: Re: Setting up loop-aes or crypto api with lvm Message-ID: <20020617154201.GF4496@vnl.com> Mail-Followup-To: Dale Amon , linux-crypto@nl.linux.org References: <1024325641.764.32.camel@gimli> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1024325641.764.32.camel@gimli> User-Agent: Mutt/1.3.28i X-Operating-System: Linux, the choice of a GNU generation X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Mon, Jun 17, 2002 at 04:54:01PM +0200, Klaus Agnoletti wrote: > I want to set up lvm on top of a loop encrypted fs. I assume it would > work due to the modularity of the system, but before I try, I would like > to know if anyone has sucessfully tried this :-). I run it on top of md0 raid partitions with no problem. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jun 17 18:47:05 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:39045 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jun 2002 18:46:58 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 17 Jun 2002 18:46:49 +0200 (CEST) Received: from chello080108023209.34.11.vie.surfer.at ([IPv6:::ffff:80.108.23.209]:12162 "HELO ghanima.endorphin.org") by humbolt.nl.linux.org with SMTP id ; Mon, 17 Jun 2002 18:46:15 +0200 Received: (qmail 3053 invoked by uid 1000); 17 Jun 2002 16:46:12 -0000 Date: Mon, 17 Jun 2002 18:46:12 +0200 To: Jochen Schmidt Cc: Ilsa Gold