From olemon100@mail.com Tue Jul 2 04:02:21 2002 Received: from [IPv6:::ffff:193.110.2.157] ([IPv6:::ffff:193.110.2.157]:5203 "HELO coolre41061.com") by humbolt.nl.linux.org with SMTP id convert rfc822-to-8bit; Tue, 2 Jul 2002 04:02:11 +0200 From: "DR.OTUNMBA OLEMON." Reply-To: olemon100@mail.com To: linux-crypto-archive@nl.linux.org Date: Tue, 2 Jul 2002 03:28:51 -0700 Subject: PRIVATE X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT Message-Id: <20020702020213Z16647-27769+423@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org FROM THE DESK OF: DR.OTUNMBA OLEMON. E-Mail: olemon100@mail.com LAGOS - NIGERIA. Dear friend, REQUEST FOR URGENT BUSINESS RELATIONSHIP. - STRICTLY CONFIDENTIAL. It is with my profound dignity that I write you this very important and highly confidential letter. First, I must solicit your strictest confidentiality in this transaction. This is by virtue of its nature as being utterly CONFIDENTIAL and "TOP SECRET". Though I know that a transaction of this magnitude will make any one apprehensive and worried,considering the fact that we have not met each other before, but I am assuring you that all will be well at the end of the day. We have decided to contact you by email due to the urgency of this transaction, as we have been reliably informed that it will take at least a minimum of two to three weeks for a normal post to reach you, so we decided it is best using the e-mail,which is quicker and also to enable us meet up with the first payment quarter for the year 2002 which has already begun. However, let me start by introducing myself properly to you. I am DR.OTUMBA OLEMON a Director General in the NIGERIAN NATIONAL PETROLEUM COOPERATION and I presently head a seven man tenders board incharge of Contract Awards and Payment Approvals. I came to know of you in my search for a reliable and reputable person to handle a very confidential business transaction which involves the transfer of a huge sum of money to a foreign account requiring maximum CONFIDENCE. I and my colleagues are Top Officials of the Federal Government Contract Review and Award Panel. Our duties include Evaluation, Vetting, Approval for payment of Contract jobs done for the NIGERIAN NATIONAL PETROLEUM COOPERATION e.t.c. In order to commence this business we solicit for your assistance to enable us transfer into your Account the said funds. The source of this funds is as follows: In the first quarter of 2001, this committee was mandated to review and award contracts to the tune of US$400 million US dollars to a group of five firms for the supply and installation of medical equipments in all the government owened hospitals in Nigeria. During this process my colleagues and I decided and agreed among ourselves to deliberately over-inflate the total contract sum from US$400 million to US$428 million United States dollars with the main intention of sharing the remaining sum of US$28 miilion amongst ourselves. The Federal Government of Nigeria has since last year approved the sum of US$428 million for us as the contract sum, and the sum of US$400 million has also been paid to the foreign companies concerned as contract entitlements for the various contracts done, but since the companies are entiltled to US$400 million dollars only, we are now left with US$28 million dollars balance in the account which we intend to disburse amongst ourselves, but by virtue of our positions as civil servants and members of this panel, we cannot do this by ourselves, as we are prohibited by the Code of Conduct Bureau (Civil Service Laws) from opening and/or operating foreign accounts in our names while still in Government service, makingit impossible for us to acquire the money in our names right now. I have therefore, been delegated as a matter of trust and urgency by my colleagues in the panel to look for an overseas partner into whose account we would transfer the sum of US$28 million. Hence we are writing you this letter. My Colleagues and I have agreed that if you or your company can act as the beneficiary of this funds on our behalf, you or your Company will retain 20% of the total amount (US$28 million), while 60%will be for us (OFFICIALS) and the remaining 20% will be used in offsetting all debts/expenses and Taxes incurred both local and foreign in the course of this transfer. Needless to say, the trust reposed on you at this juncture is enormous. In return we demand your complete honesty and trust. You must however NOTE that this transaction will be strictly based on the following terms and conditions as we have stated below; a) Our conviction of your transparent honesty and diligence b) That you would treat this transaction with utmost secrecy and confidentiality c) That you will not ask for more share or try to sit on the funds once it is under your custody, or any form of blackmail. c) That upon receipt of the funds you will release the funds as instructed by us after you have removed your share of 20% from the total amount. Please, note that this transaction is 100% legal and risk free and we hope to conclude this transaction seven bank working days from the date of receipt of the necessary requirements from you . We are looking forward to doing business with you and solicit your Total Confidentiality in this transaction. There is no cause for alarm. I give you my word that you are completely safe in doing business with us. Transactions like this have been successfully carried out in the past by most government executives. Here in my country there is great economic and political disarray and thus looting and corruption is rampant and the order of the day, thus explaining why you might have heard stories of how money is been taken out of Nigeria, this is because everyone is making desperate attempts to secure his or her future, so that when we retire from active service we do not languish in poverty. I will explain more to you when I have heard from you. Please acknowledge the receipt of this letter using the above e-mail address. I will bring you into the complete picture of this pending business transaction when I have heard from you and also receive your confidential telephone and fax numbers to enable me fax to you all necessary information you need to know about our pending business transaction. Your urgent response will be highly appreciated to enable us transfer the funds under this second quarter of the year 2002. Thank you and God Bless. Yours faithfully, DR.OTUMBA OLEMON N.B. PLEASE BE INFORMED THAT THIS BUSINESS TRANSACTION IS 100% LEGAL From linux-crypto-bounce@nl.linux.org Tue Jul 2 09:24:12 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:22696 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 2 Jul 2002 09:23:58 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 02 Jul 2002 09:23:04 +0200 (CEST) Received: from roc-24-169-104-177.rochester.rr.com ([IPv6:::ffff:24.169.104.177]:26649 "EHLO ntserver.infopkg.com") by humbolt.nl.linux.org with ESMTP id ; Tue, 2 Jul 2002 09:22:40 +0200 Received: from computer (24-168-122-54.si.rr.com [24.168.122.54]) by ntserver.infopkg.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id 3CXW1HWR; Tue, 2 Jul 2002 03:12:06 -0400 MIME-Version: 1.0 Date: Tue, 02 Jul 2002 03:22:09 -0500 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-Mailer: PSS Bulk Mailer To: linux-crypto@nl.linux.org From: hottie@lovesex.com Subject: New Member Newsletter! Message-Id: <20020702072240Z16241-29580+556@humbolt.nl.linux.org> X-Spam-Status: No, hits=1.2 required=5.0 tests=NO_REAL_NAME,PLING,PORN_10,PORN_3,TO_UNSUB_REPLY,PORN_4 version=2.20 X-Spam-Level: * X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hottie@lovesex.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hey, sick of those sites where you pay good money and don't get what you want ? These sites are all free trials you only need a Credit Card for age verification! That means NO RISK if you dont like it simply stop using it! There are a number of sites to choose from. 1. Clitty - http://www.clitty.com/ad.html?16A45 2. EbonyPearls - http://www.ebonypearls.com/ad.html?16A45 3. Faceload - http://www.faceload.com/ad.html?16A45 4. Gynoclinic - http://www.gynoclinic.com/ad.html?16A45 5. Lezbabes - http://www.lezbabes.com/ad.html?16A45 6. Pinkflix - http://www.pinkflix.com/ad.html?16A45 7. Pinkwet - http://www.pinkwet.com/ad.html?16A45 8. Pussy Japan - http://www.pussyjapan.com/ad.html?16A45 9. Teenfarm - http://www.teenfarm.com/ad.html?16A45 10. Teenisex - http://www.teenisex.com/ad.html?16A45 11. Teenshave - http://www.teenshave.com/ad.html?16A45 12. Spyhole - http://www.spyhole.com/ad.html?16A45 13. Xbitch - http://www.xbitch.com/ad.html?16A45 14. Xsluts - http://www.xsluts.com/ad.html?16A45 And for you Especialy dirty birds! 1. Sick anal - http://www.sickanal.com/ad.html?16A45 2. Sickoporn - http://www.sickoporn.com/ad.html?16A45 3. Sickoteen - http://www.sickoteen.com/ad.html?16A45 4. Teen-Anal - http://www.teen-anal.com/ad.html?16A45 Hope you found something you like! To unsubscribe: Reply to this email with unsubscibe in the subject line. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jul 3 21:52:18 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:49097 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 3 Jul 2002 21:52:09 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 03 Jul 2002 21:51:24 +0200 (CEST) Received: from c-24-131-114-96.mw.client2.attbi.com ([IPv6:::ffff:24.131.114.96]:50696 "HELO gcj.net") by humbolt.nl.linux.org with SMTP id ; Wed, 3 Jul 2002 21:51:04 +0200 From: "jarth34@gcj.net" To: Subject: freewebgrafix.com Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Date: Wed, 3 Jul 2002 15:37:15 -0400 Message-Id: <20020703195105Z16941-24729+458@humbolt.nl.linux.org> X-Spam-Status: No, hits=3.4 required=5.0 tests=FROM_ENDS_IN_NUMS,FROM_NAME_EQ_FROM_ADDR version=2.20 X-Spam-Level: *** X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jarth34@gcj.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org You can't beat FREE. Public-domain photographs, clipart, animated, backgrounds, buttons & more. http://www.freewebgrafix.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jul 3 22:55:26 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:63954 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 3 Jul 2002 22:55:14 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 03 Jul 2002 22:55:07 +0200 (CEST) Received: from 12-234-213-5.client.attbi.com ([IPv6:::ffff:12.234.213.5]:55804 "HELO knave.localdomain") by humbolt.nl.linux.org with SMTP id ; Wed, 3 Jul 2002 22:54:44 +0200 Received: (qmail 3669 invoked by uid 500); 3 Jul 2002 20:29:41 -0000 To: Subject: How do you fsck a loop-aes filesystem? From: dave-mlist@bfnet.com Date: 03 Jul 2002 13:29:41 -0700 In-Reply-To: <20020703195105Z16941-24729+458@humbolt.nl.linux.org> Message-ID: Lines: 14 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, hits=-3.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,NO_REAL_NAME version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: dave-mlist@bfnet.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I created a filesystem following Example 3 of the loop-aes README. My /etc/fstab file has a line that looks something like this: /dev/sda1 /mnt/crypt ext3 defaults,noauto,loop=/dev/loop0,encryption=AES128,pseed= 0 0 So, if I wanted to run fsck on this or just bring the filesystem up to date with the journal, how would I do it? Also, is there any guarantee that the ext3 journal on this filesystem is being written to the physical disk? Or is the loop device totally asynchronous? Thanks, Dave - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jul 4 00:48:27 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:17632 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jul 2002 00:48:13 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 04 Jul 2002 00:48:05 +0200 (CEST) Received: from chello080108023209.34.11.vie.surfer.at ([IPv6:::ffff:80.108.23.209]:19072 "HELO ghanima.endorphin.org") by humbolt.nl.linux.org with SMTP id ; Thu, 4 Jul 2002 00:47:31 +0200 Received: (qmail 18758 invoked by uid 1000); 3 Jul 2002 22:47:29 -0000 Date: Thu, 4 Jul 2002 00:47:29 +0200 To: linux-crypto@nl.linux.org Subject: Cryptoapi kernel-patch packages for debian Message-ID: <20020703224729.GA3440@ghanima.endorphin.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="1yeeQ81UyVL57Vl7" Content-Disposition: inline User-Agent: Mutt/1.3.28i From: "Fruhwirth Clemens" X-Delivery-Agent: TMDA/0.47 (Python 2.1.3 on linux2) X-Spam-Status: No, hits=1.0 required=5.0 tests=FROM_ENDS_IN_NUMS version=2.20 X-Spam-Level: * X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: clemens-dated-1026168449.a913@endorphin.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --1yeeQ81UyVL57Vl7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi everybody! I've created kernel-patch packages for Debian. If you compile your own kernel with debian's make-kpkg tool you will find that very convenient.=20 Step 1: Put deb http://therapy.endorphin.org/kernel-patches/ ./ deb-src http://therapy.endorphin.org/kernel-patches/ ./ into your sources.list and "apt-get update". Step 2: Install kernel-patch-loop-hvr OR kernel-patch-loop-jari. Install kernel-patch-cryptoapi. Step 3: Get your kernel source. Put "patch_the_kernel =3D YES" into your /etc/kernel-pkg.conf And proceed with: "make-kpkg --added_patches=3Dhvrloop,cryptoapi binary-arch" or "make-kpkg --added_patches=3Djariloop,cryptoapi binary-arch" Feedback is appreceated. Clemens --1yeeQ81UyVL57Vl7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9I38AHkYGUbdPrgQRAho7AJwO784jHlc462qcyU5+kd1XVVd1fACdFRXZ YcYrBNE5dC7hPlxj5FH6taQ= =e3dn -----END PGP SIGNATURE----- --1yeeQ81UyVL57Vl7-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jul 4 04:45:29 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:21390 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jul 2002 04:45:19 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 04 Jul 2002 04:44:44 +0200 (CEST) Received: from adsl-216-158-28-251.cust.oldcity.dca.net ([IPv6:::ffff:216.158.28.251]:54147 "EHLO fukurou.paranoiacs.org") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jul 2002 04:44:15 +0200 Received: (from sluskyb@localhost) by fukurou.paranoiacs.org (8.9.3/8.9.3/Debian 8.9.3-21) id WAA26665 for linux-crypto@nl.linux.org; Wed, 3 Jul 2002 22:44:11 -0400 Date: Wed, 3 Jul 2002 22:44:10 -0400 From: Ben Slusky To: linux-crypto@nl.linux.org Subject: Re: How do you fsck a loop-aes filesystem? Message-ID: <20020704024410.GB18416@paranoiacs.org> Mail-Followup-To: linux-crypto@nl.linux.org References: <20020703195105Z16941-24729+458@humbolt.nl.linux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-4.5 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sluskyb@paranoiacs.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Wed, 03 Jul 2002 13:29:41 -0700, dave-mlist@bfnet.com wrote: > I created a filesystem following Example 3 of the loop-aes README. My > /etc/fstab file has a line that looks something like this: > > /dev/sda1 /mnt/crypt ext3 defaults,noauto,loop=/dev/loop0,encryption=AES128,pseed= 0 0 > > So, if I wanted to run fsck on this or just bring the filesystem > up to date with the journal, how would I do it? I don't believe there's any easy way to do this.. here are some (progressively more) difficult ones: -Hack your init scripts to set up the loop device before fsck -A is run, then change the line in fstab to: /dev/loop0 /mnt/crypt ext3 defaults 1 2 -Hack your init scripts to mount /mnt/crypt read-only, fsck it, and then remount it read-write (all after fsck -A) -Hack e2fsck to understand the loop= option and run losetup > Also, is there any guarantee that the ext3 journal on this filesystem > is being written to the physical disk? Or is the loop device > totally asynchronous? I can't find the reference (one of Jari's previous posts) but ISTR that if your loop device is block-device-backed rather than file-backed, then journaling works as it should. I would hope so, 'cuz that's my setup as well. HTH, -- Ben Slusky | "Dance like it hurts, love sluskyb@stwing.org | like you need money, work sluskyb@paranoiacs.org | when people are watching." PGP keyID ADA44B3B | -Dogbert - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jul 4 13:33:18 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:24003 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jul 2002 13:33:15 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 04 Jul 2002 13:32:33 +0200 (CEST) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:4876 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jul 2002 13:32:07 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.35 #1) id 17Q4t4-000147-00 (Debian); Thu, 04 Jul 2002 12:35:02 +0100 Date: Thu, 4 Jul 2002 12:35:02 +0100 From: Dale Amon To: linux-crypto@nl.linux.org Subject: Re: How do you fsck a loop-aes filesystem? Message-ID: <20020704113502.GD25123@vnl.com> Mail-Followup-To: Dale Amon , linux-crypto@nl.linux.org References: <20020703195105Z16941-24729+458@humbolt.nl.linux.org> <20020704024410.GB18416@paranoiacs.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020704024410.GB18416@paranoiacs.org> User-Agent: Mutt/1.4i X-Operating-System: Linux, the choice of a GNU generation X-Spam-Status: No, hits=-4.5 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Wed, Jul 03, 2002 at 10:44:10PM -0400, Ben Slusky wrote: > On Wed, 03 Jul 2002 13:29:41 -0700, dave-mlist@bfnet.com wrote: > > I created a filesystem following Example 3 of the loop-aes README. My > > /etc/fstab file has a line that looks something like this: > > > > /dev/sda1 /mnt/crypt ext3 defaults,noauto,loop=/dev/loop0,encryption=AES128,pseed= 0 0 > > > > So, if I wanted to run fsck on this or just bring the filesystem > > up to date with the journal, how would I do it? > > I don't believe there's any easy way to do this.. here are some > (progressively more) difficult ones: > > -Hack your init scripts to set up the loop device before fsck -A is run, > then change the line in fstab to: > /dev/loop0 /mnt/crypt ext3 defaults 1 2 This is what I do in my cryptoswap init script since obviously a crypto swap must be set up early :-) - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jul 4 17:08:55 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:50655 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jul 2002 17:08:44 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 04 Jul 2002 17:08:29 +0200 (CEST) Received: from hank-fep7-0.inet.fi ([IPv6:::ffff:194.251.242.202]:51383 "EHLO fep07.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Thu, 4 Jul 2002 17:07:52 +0200 Received: from pp.inet.fi ([194.197.67.136]) by fep07.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020704150748.IYNP27340.fep07.tmt.tele.fi@pp.inet.fi>; Thu, 4 Jul 2002 18:07:48 +0300 Message-ID: <3D2464BF.A34BFB15@pp.inet.fi> Date: Thu, 04 Jul 2002 18:07:43 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: dave-mlist@bfnet.com CC: linux-crypto@nl.linux.org Subject: Re: How do you fsck a loop-aes filesystem? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org dave-mlist@bfnet.com wrote: > I created a filesystem following Example 3 of the loop-aes README. My > /etc/fstab file has a line that looks something like this: > > /dev/sda1 /mnt/crypt ext3 defaults,noauto,loop=/dev/loop0,encryption=AES128,pseed= 0 0 > > So, if I wanted to run fsck on this or just bring the filesystem > up to date with the journal, how would I do it? To run fsck manually, do this when /mnt/crypt is _not_ mounted: losetup -e AES128 -S /dev/loop0 /dev/sda1 fsck -t ext3 -f -y /dev/loop0 losetup -d /dev/loop0 > Also, is there any guarantee that the ext3 journal on this filesystem > is being written to the physical disk? Or is the loop device > totally asynchronous? Device backed loops signal writes as 'done' _after_ lower level driver has signaled said writes as 'done', so device backed loops are journaling fs safe. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jul 5 19:55:56 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:52191 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jul 2002 19:55:48 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 05 Jul 2002 19:55:24 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:10259 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jul 2002 19:54:50 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g65Hskk32692 for linux-crypto@nl.linux.org; Fri, 5 Jul 2002 13:54:46 -0400 Date: Fri, 5 Jul 2002 13:54:46 -0400 From: Jean-Luc Cooke To: linux-crypto@nl.linux.org Subject: Re: How do you fsck a loop-aes filesystem? Message-ID: <20020705135446.A32665@certainkey.com> References: <3D2464BF.A34BFB15@pp.inet.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3D2464BF.A34BFB15@pp.inet.fi>; from jari.ruusu@pp.inet.fi on Thu, Jul 04, 2002 at 06:07:43PM +0300 X-Spam-Status: No, hits=-4.5 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org # /bin/sync --help Usage: sync [OPTION] Force changed blocks to disk, update the super block. --help display this help and exit --version output version information and exit Report bugs to . JLC On Thu, Jul 04, 2002 at 06:07:43PM +0300, Jari Ruusu wrote: > dave-mlist@bfnet.com wrote: > > I created a filesystem following Example 3 of the loop-aes README. My > > /etc/fstab file has a line that looks something like this: > > > > /dev/sda1 /mnt/crypt ext3 defaults,noauto,loop=/dev/loop0,encryption=AES128,pseed= 0 0 > > > > So, if I wanted to run fsck on this or just bring the filesystem > > up to date with the journal, how would I do it? > > To run fsck manually, do this when /mnt/crypt is _not_ mounted: > > losetup -e AES128 -S /dev/loop0 /dev/sda1 > fsck -t ext3 -f -y /dev/loop0 > losetup -d /dev/loop0 > > > Also, is there any guarantee that the ext3 journal on this filesystem > > is being written to the physical disk? Or is the loop device > > totally asynchronous? > > Device backed loops signal writes as 'done' _after_ lower level driver has > signaled said writes as 'done', so device backed loops are journaling fs > safe. > > Regards, > Jari Ruusu > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jul 5 20:05:23 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:36322 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jul 2002 20:05:20 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 05 Jul 2002 20:05:15 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:11027 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jul 2002 20:04:32 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g65I4Vg32767 for linux-crypto@nl.linux.org; Fri, 5 Jul 2002 14:04:31 -0400 Date: Fri, 5 Jul 2002 14:04:31 -0400 From: Jean-Luc Cooke To: linux-crypto@nl.linux.org Subject: Re: Cryptoapi kernel-patch packages for debian Message-ID: <20020705140431.B32665@certainkey.com> References: <20020703224729.GA3440@ghanima.endorphin.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020703224729.GA3440@ghanima.endorphin.org>; from clemens-dated-1026168449.a913@endorphin.org on Thu, Jul 04, 2002 at 12:47:29AM +0200 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org A very simple (distro-Agnostic) patch installer is in the works now. Something akin to go-gnome.com's method. Speaking of which, can I get everyone's input on known crypto restrictions and recommendations so this installer can help people comply with the laws in their locality. Clemens, my suspicion that DEBs are better then RPMs is re-confirmed, good work! Once the kerneli.org/go script-rules are ready (with your gracious input) could you wrap it into a DEB? The goals we're all striving for: - make the cryptoapi installer part of standard distros (sans crypto) - assist where possible the users' compliance with law - proliferate the use of strong crypto Cheers, JLC On Thu, Jul 04, 2002 at 12:47:29AM +0200, Fruhwirth Clemens wrote: > Hi everybody! > > I've created kernel-patch packages for Debian. If you compile your own > kernel with debian's make-kpkg tool you will find that very convenient. > > Step 1: > Put > deb http://therapy.endorphin.org/kernel-patches/ ./ > deb-src http://therapy.endorphin.org/kernel-patches/ ./ > into your sources.list and "apt-get update". > > Step 2: > Install kernel-patch-loop-hvr OR kernel-patch-loop-jari. > Install kernel-patch-cryptoapi. > > Step 3: > Get your kernel source. Put > "patch_the_kernel = YES" into your /etc/kernel-pkg.conf > And proceed with: > "make-kpkg --added_patches=hvrloop,cryptoapi binary-arch" or > "make-kpkg --added_patches=jariloop,cryptoapi binary-arch" > > Feedback is appreceated. > Clemens -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jul 5 20:44:52 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:54765 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jul 2002 20:44:39 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 05 Jul 2002 20:44:29 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:12307 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jul 2002 20:44:00 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g65IhxT00486 for linux-crypto@nl.linux.org; Fri, 5 Jul 2002 14:43:59 -0400 Date: Fri, 5 Jul 2002 14:43:59 -0400 From: Jean-Luc Cooke To: linux-crypto@nl.linux.org Subject: (URL) Cryptoapi kernel-patch packages for debian Message-ID: <20020705144359.A302@certainkey.com> References: <20020703224729.GA3440@ghanima.endorphin.org> <20020705140431.B32665@certainkey.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020705140431.B32665@certainkey.com>; from jlcooke@certainkey.com on Fri, Jul 05, 2002 at 02:04:31PM -0400 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org http://jlcooke.ca/go/countryInfo.php -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jul 5 20:44:56 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:59629 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jul 2002 20:44:49 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 05 Jul 2002 20:44:44 +0200 (CEST) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:51716 "EHLO angusbay.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 5 Jul 2002 20:44:16 +0200 Received: from amon by angusbay.vnl.com with local (Exim 3.35 #1) id 17QY7D-0008AD-00 (Debian); Fri, 05 Jul 2002 19:47:35 +0100 Date: Fri, 5 Jul 2002 19:47:35 +0100 From: Dale Amon To: linux-crypto@nl.linux.org Subject: Re: Cryptoapi kernel-patch packages for debian Message-ID: <20020705184735.GC25628@vnl.com> Mail-Followup-To: Dale Amon , linux-crypto@nl.linux.org References: <20020703224729.GA3440@ghanima.endorphin.org> <20020705140431.B32665@certainkey.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020705140431.B32665@certainkey.com> User-Agent: Mutt/1.4i X-Operating-System: Linux, the choice of a GNU generation X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Fri, Jul 05, 2002 at 02:04:31PM -0400, Jean-Luc Cooke wrote: > The goals we're all striving for: > - make the cryptoapi installer part of standard distros (sans crypto) > - assist where possible the users' compliance with law Or perhaps warn them to be secretive and very, very careful if they are residents of a fascist country... It's the people who live in *those* kinds of places who need it the most. > - proliferate the use of strong crypto The more the merrier!! -- ------------------------------------------------------ Nuke bin Laden: Dale Amon, CEO/MD improve the global Islandone Society gene pool. www.islandone.org ------------------------------------------------------ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jul 6 00:27:06 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:19623 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jul 2002 00:26:56 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 06 Jul 2002 00:26:45 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:52728 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jul 2002 00:26:29 +0200 Received: from marajade.sandelman.ottawa.on.ca (x51.mimosa.com [192.139.70.51]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g65MNgi04589 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK) for ; Fri, 5 Jul 2002 18:24:58 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g65JYKoQ006607 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Fri, 5 Jul 2002 15:39:58 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g65JYIMN006603 for ; Fri, 5 Jul 2002 15:34:20 -0400 Message-Id: <200207051934.g65JYIMN006603@marajade.sandelman.ottawa.on.ca> To: linux-crypto@nl.linux.org Subject: regression tests of cipher file systems Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Fri, 05 Jul 2002 15:34:18 -0400 From: Michael Richardson X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Is there any clear set of test cases that I should use when hacking the code to confirm that the loopback FS still work? ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jul 6 00:35:35 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:10924 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jul 2002 00:35:28 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 06 Jul 2002 00:35:23 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:48376 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jul 2002 00:34:50 +0200 Received: from sandelman.ottawa.on.ca (x51.mimosa.com [192.139.70.51]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g65MVek04628 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Fri, 5 Jul 2002 18:33:22 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g65CYoWk002089; Fri, 5 Jul 2002 08:34:50 -0400 Message-Id: <200207051234.g65CYoWk002089@marajade.sandelman.ottawa.on.ca> To: linux-crypto@nl.linux.org cc: design@lists.freeswan.org Subject: questions about Crypto API for disks Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Fri, 05 Jul 2002 08:34:50 -0400 From: Michael Richardson X-Spam-Status: No, hits=-1.6 required=5.0 tests=LINES_OF_YELLING,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- I am working on a revision to the crypto-API - specifically a lower-level access API that would permit asynchronous operations as well as combination operations. Most is inspired from the work that Bart did last summer. We need this for IPsec. Sleeping is just not in for code that may get called from interrupts in some circumstances. It needs to have a callback. Combination operations mean doing things like digest and encryption in one pass. There is existing hardware that can do this. The IPsec aware hardware can often lookup the crypto context from the SPI# and load it. My questions are about the disk I/O work, and whether there might be any benefit from any of these things to that. Finally, many pieces of hardware offer diffie-hellman and RSA accelerators as well. Does anyone have any thoughts on interfaces to these? In initial cases this is used only by user space programs - a simple device driver may suffice. However, dealing with signed binaries and capabilities would require kernel access as well. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPSWSaIqHRg3pndX9AQESAQP+Ksd7h9bZPzkE8O/KpLpa5lVk9cVxvWm4 ZTkRuNv2EToBCHhsNgPls/73aB8L2Spd3n0KkmmX7l0lt8puS7fy3NVnCEpn5b3f utyo6wqGnnhHY6nSdm9nJDaDD4cv7IqkHOTs1R3mi2BguzjLxRXFa31+rUkUqqdh PvjAcsoKtEA= =Ju3O -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jul 6 12:34:05 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:8837 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jul 2002 12:34:03 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 06 Jul 2002 12:33:41 +0200 (CEST) Received: from chello080108023209.34.11.vie.surfer.at ([IPv6:::ffff:80.108.23.209]:9088 "HELO ghanima.endorphin.org") by humbolt.nl.linux.org with SMTP id ; Sat, 6 Jul 2002 12:33:13 +0200 Received: (qmail 1215 invoked by uid 1000); 6 Jul 2002 10:33:09 -0000 Date: Sat, 6 Jul 2002 12:33:08 +0200 To: Jean-Luc Cooke Cc: linux-crypto@nl.linux.org Subject: Re: Cryptoapi kernel-patch packages for debian Message-ID: <20020706103308.GA950@ghanima.endorphin.org> References: <20020703224729.GA3440@ghanima.endorphin.org> <20020705140431.B32665@certainkey.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF" Content-Disposition: inline In-Reply-To: <20020705140431.B32665@certainkey.com> User-Agent: Mutt/1.3.28i From: "Fruhwirth Clemens" X-Delivery-Agent: TMDA/0.47 (Python 2.1.3 on linux2) X-Spam-Status: No, hits=-3.4 required=5.0 tests=IN_REP_TO,FROM_ENDS_IN_NUMS version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: clemens-dated-1026383589.b333@endorphin.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 05, 2002 at 02:04:31PM -0400, Jean-Luc Cooke wrote: > A very simple (distro-Agnostic) patch installer is in the works now.=20 > Something akin to go-gnome.com's method. >=20 > Speaking of which, can I get everyone's input on known crypto restrictions > and recommendations so this installer can help people comply with the laws > in their locality. >=20 > Clemens, my suspicion that DEBs are better then RPMs is re-confirmed, good > work! Once the kerneli.org/go script-rules are ready (with your gracious > input) could you wrap it into a DEB? Sure, but I warn to start using different patch files for different legislations. A simple solution to prevent the patch file maintainance mess is to integrate the selection of legal ciphers/digests with the kernel Config.in mechanism. The go script would have to generate a source-able file (i.e. /etc/kernel-site.cfg) with a content like CONFIG_LEGAL_CIPHERS_STRONG=3D[y|n] CONFIG_LEGAL_CIPHERS_WEAK=3D[y|n] =2E.. and so on This file would be "source"-ed by crypto's Config.in scripts, that select t= he allowed options based on the defined symbols. For deb packaging it'd be convienent to split the /etc/kernel-site.cfg generating part off the rest of the go script, since the deb packages don't need the rest of the patching mechanism. > The goals we're all striving for: > - make the cryptoapi installer part of standard distros (sans crypto) For the deb packages it'll be all or nothing ATM (in terms of source). Regards, Clemens --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9JsdkHkYGUbdPrgQRAm3HAJ4/GRNAuMTYz6lfOOel25D9A7ympwCeMeOx fli3AffUUHbpqi9F1BUqrhw= =bQtm -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jul 6 18:12:46 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:39599 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jul 2002 18:12:35 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 06 Jul 2002 18:12:09 +0200 (CEST) Received: from hank-fep6-0.inet.fi ([IPv6:::ffff:194.251.242.201]:25512 "EHLO fep06.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Sat, 6 Jul 2002 18:11:40 +0200 Received: from pp.inet.fi ([194.197.67.96]) by fep06.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020706161135.XKBP3204.fep06.tmt.tele.fi@pp.inet.fi>; Sat, 6 Jul 2002 19:11:35 +0300 Message-ID: <3D2716AF.1C67C779@pp.inet.fi> Date: Sat, 06 Jul 2002 19:11:27 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Jean-Luc Cooke CC: linux-crypto@nl.linux.org Subject: Re: How do you fsck a loop-aes filesystem? References: <3D2464BF.A34BFB15@pp.inet.fi> <20020705135446.A32665@certainkey.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Jean-Luc Cooke wrote: > # /bin/sync --help > Usage: sync [OPTION] > Force changed blocks to disk, update the super block. > > --help display this help and exit > --version output version information and exit > > Report bugs to . /bin/sync works above device drivers as it just sends dirty pages to device drivers and waits for writes to complete. Loop is a device driver. > On Thu, Jul 04, 2002 at 06:07:43PM +0300, Jari Ruusu wrote: > > Device backed loops signal writes as 'done' _after_ lower level driver has > > signaled said writes as 'done', so device backed loops are journaling fs > > safe. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jul 7 04:18:39 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:40073 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jul 2002 04:18:32 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 07 Jul 2002 04:17:58 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:3588 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jul 2002 04:17:25 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g672HK009755; Sat, 6 Jul 2002 22:17:20 -0400 Date: Sat, 6 Jul 2002 22:17:19 -0400 From: Jean-Luc Cooke To: Fruhwirth Clemens Cc: linux-crypto@nl.linux.org Subject: Re: Cryptoapi kernel-patch packages for debian Message-ID: <20020706221719.D9604@certainkey.com> References: <20020703224729.GA3440@ghanima.endorphin.org> <20020705140431.B32665@certainkey.com> <20020706103308.GA950@ghanima.endorphin.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020706103308.GA950@ghanima.endorphin.org>; from clemens-dated-1026383589.b333@endorphin.org on Sat, Jul 06, 2002 at 12:33:08PM +0200 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org All this is being done right now...and the more I thought about ti today...I'd much prefer having a: "make clean; make get_crypto; make menuconfig; make bzImage; make modules;" ^^^^^^^^^^^^^^^ New kernel make command! This command would hold nothing but a few shell commands, one being: lynx -source http://www.kerneli.org/go?/ | sh As I'm developing now (EXTREME ALPHA): http://jlcooke.ca/go When was the last time linus/alen/marcelo added a new Makefile command? (I'm serious, really!) JLC On Sat, Jul 06, 2002 at 12:33:08PM +0200, Fruhwirth Clemens wrote: > On Fri, Jul 05, 2002 at 02:04:31PM -0400, Jean-Luc Cooke wrote: > > A very simple (distro-Agnostic) patch installer is in the works now. > > Something akin to go-gnome.com's method. > > > > Speaking of which, can I get everyone's input on known crypto restrictions > > and recommendations so this installer can help people comply with the laws > > in their locality. > > > > Clemens, my suspicion that DEBs are better then RPMs is re-confirmed, good > > work! Once the kerneli.org/go script-rules are ready (with your gracious > > input) could you wrap it into a DEB? > > Sure, but I warn to start using different patch files for different > legislations. A simple solution to prevent the patch file maintainance mess > is to integrate the selection of legal ciphers/digests with the kernel > Config.in mechanism. The go script would have to generate a source-able > file (i.e. /etc/kernel-site.cfg) with a content like > > CONFIG_LEGAL_CIPHERS_STRONG=[y|n] > CONFIG_LEGAL_CIPHERS_WEAK=[y|n] > ... and so on > > This file would be "source"-ed by crypto's Config.in scripts, that select the > allowed options based on the defined symbols. > > For deb packaging it'd be convienent to split the /etc/kernel-site.cfg > generating part off the rest of the go script, since the deb packages don't > need the rest of the patching mechanism. > > > The goals we're all striving for: > > - make the cryptoapi installer part of standard distros (sans crypto) > > For the deb packages it'll be all or nothing ATM (in terms of source). > > Regards, Clemens -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jul 7 09:50:24 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:48298 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jul 2002 09:50:12 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 07 Jul 2002 09:49:49 +0200 (CEST) Received: from port-212-202-184-230.reverse.qdsl-home.de ([IPv6:::ffff:212.202.184.230]:2316 "EHLO rimbaud.global-thinking.org") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jul 2002 09:49:27 +0200 Received: (qmail 3795 invoked from network); 7 Jul 2002 07:49:24 -0000 Received: from dix.global-thinking.org (192.168.0.1) by rimbaud.global-thinking.org with RC4-MD5 encrypted SMTP; 7 Jul 2002 07:49:24 -0000 Content-Type: text/plain; charset="iso-8859-1" From: David =?iso-8859-1?q?G=FCmbel?= Organization: - To: Jean-Luc Cooke , Fruhwirth Clemens Subject: Re: Cryptoapi kernel-patch packages for debian Date: Sun, 7 Jul 2002 09:50:04 +0200 User-Agent: KMail/1.4.2 Cc: linux-crypto@nl.linux.org References: <20020706221719.D9604@certainkey.com> In-Reply-To: <20020706221719.D9604@certainkey.com> X-GPG-Fingerprint: B06B 307B 2945 39A3 4236 A0ED 7169 2EA9 85E4 FEEC X-GPG-Key-URL: http://www.david-guembel.de/pgp.asc MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200207070950.07048@dix.global-thinking.org> X-Spam-Status: No, hits=-6.5 required=5.0 tests=IN_REP_TO,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: david.guembel@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sonntag, 7. Juli 2002 04:17:04, Jean-Luc Cooke wrote: > "make clean; make get_crypto; make menuconfig; make bzImage; make > modules;" ^^^^^^^^^^^^^^^ > New kernel make command! > > This command would hold nothing but a few shell commands, one being: > lynx -source http://www.kerneli.org/go?/ | sh I don't really believe that getting a) crypto stuff for b) the kernel by piping unencrypted content into a shell without prior verification could possibly provide additional security. Do you have plans to use digital signatures or something that might guarantee data integrity and verify that the downloaded content is really from the author it is supposed to be? Regards, David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: http://david-guembel.de/webpgp.html iD8DBQE9J/KscWkuqYXk/uwRAvqkAKCqyYPoC/IqaTEENrC3dqGU3sqi4wCfUSyC pwsk7hOj1zGyy8LYbG0gM1g= =GIPP -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jul 7 20:36:29 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:11243 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jul 2002 20:36:20 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 07 Jul 2002 20:35:57 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:15108 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Sun, 7 Jul 2002 20:35:25 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g67IZ6w18367; Sun, 7 Jul 2002 14:35:06 -0400 Date: Sun, 7 Jul 2002 14:35:05 -0400 From: Jean-Luc Cooke To: =?iso-8859-1?Q?David_G=FCmbel?= Cc: Fruhwirth Clemens , linux-crypto@nl.linux.org Subject: Re: Cryptoapi kernel-patch packages for debian Message-ID: <20020707143505.A18349@certainkey.com> References: <20020706221719.D9604@certainkey.com> <200207070950.07048@dix.global-thinking.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5.1i In-Reply-To: <200207070950.07048@dix.global-thinking.org>; from david.guembel@gmx.de on Sun, Jul 07, 2002 at 09:50:04AM +0200 X-Spam-Status: No, hits=-6.5 required=5.0 tests=IN_REP_TO,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Yes, if you look at the script, there are GPG signature performed. example: http://jlcooke.ca/go?2.4.18/CA | less Ideally, I'd rather have an SSL tunnel to the script...but that depends on the server. JLC On Sun, Jul 07, 2002 at 09:50:04AM +0200, David Gümbel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sonntag, 7. Juli 2002 04:17:04, Jean-Luc Cooke wrote: > > "make clean; make get_crypto; make menuconfig; make bzImage; make > > modules;" ^^^^^^^^^^^^^^^ > > New kernel make command! > > > > This command would hold nothing but a few shell commands, one being: > > lynx -source http://www.kerneli.org/go?/ | sh > > I don't really believe that getting a) crypto stuff for b) the kernel by > piping unencrypted content into a shell without prior verification could > possibly provide additional security. Do you have plans to use digital > signatures or something that might guarantee data integrity and verify that > the downloaded content is really from the author it is supposed to be? > > > > > Regards, > > > > David > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: http://david-guembel.de/webpgp.html > > iD8DBQE9J/KscWkuqYXk/uwRAvqkAKCqyYPoC/IqaTEENrC3dqGU3sqi4wCfUSyC > pwsk7hOj1zGyy8LYbG0gM1g= > =GIPP > -----END PGP SIGNATURE----- -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jul 8 00:56:39 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:5787 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 8 Jul 2002 00:56:32 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 08 Jul 2002 00:56:18 +0200 (CEST) Received: from port-212-202-184-230.reverse.qdsl-home.de ([IPv6:::ffff:212.202.184.230]:27920 "EHLO rimbaud.global-thinking.org") by humbolt.nl.linux.org with ESMTP id ; Mon, 8 Jul 2002 00:55:33 +0200 Received: (qmail 8823 invoked from network); 7 Jul 2002 22:55:31 -0000 Received: from dix.global-thinking.org (192.168.0.1) by rimbaud.global-thinking.org with RC4-MD5 encrypted SMTP; 7 Jul 2002 22:55:31 -0000 Content-Type: text/plain; charset="iso-8859-1" From: David =?iso-8859-1?q?G=FCmbel?= Organization: - To: Jean-Luc Cooke Subject: Re: Cryptoapi kernel-patch packages for debian Date: Mon, 8 Jul 2002 00:56:29 +0200 User-Agent: KMail/1.4.2 Cc: Fruhwirth Clemens , linux-crypto@nl.linux.org References: <20020706221719.D9604@certainkey.com> <200207070950.07048@dix.global-thinking.org> <20020707143505.A18349@certainkey.com> In-Reply-To: <20020707143505.A18349@certainkey.com> X-GPG-Fingerprint: B06B 307B 2945 39A3 4236 A0ED 7169 2EA9 85E4 FEEC X-GPG-Key-URL: http://www.david-guembel.de/pgp.asc MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200207080056.32185@dix.global-thinking.org> X-Spam-Status: No, hits=-6.5 required=5.0 tests=IN_REP_TO,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: david.guembel@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 07 July 2002 20:35:20, Jean-Luc Cooke wrote: > Yes, if you look at the script, there are GPG signature performed. > > example: > http://jlcooke.ca/go?2.4.18/CA | less > > Ideally, I'd rather have an SSL tunnel to the script...but that depends on > the server. Yes, I see :) But there are still some things that come to my mind as far as security is concerned: * Placing "KERNKEY=0x517D0F0E" inside the script downloaded from the web might be a potential security risk as this could quite easily be transparently replaced by a different key id I have in my keyring (or that is available via the keyserver)[1]. I think this might be avoided by reading the key ID from a local file that has to be created by the user first (?) * There is no check whether the key used for verification is trusted/has been signed by the user. * The script is being piped directly from the web to a root shell. This looks dangerous to me, even with SSL in use, as long as the SSL certificate doesn't undergo verification. I currently can't find any option for lynx or w3m that does this, but it's very possible I'm just blind. And there's one thing I stumbled across when reading the code - maybe you should start with a section like this: TRUEBIN = `which true` W3MBIN = `which w3m` LYNXBIN = `which lynx` etc., just as you did with the gpg binary. All just IMHO, of course. Greetings, David [1] which would require replacing the signatures as well, but that is possible either. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: http://david-guembel.de/webpgp.html iD8DBQE9KMcdcWkuqYXk/uwRAorDAJ9AU2krpQC61Rg30BC1rDsZ7/78EgCgqzho HNBRJJ0sFWTDfeFzfA/4hVs= =2QuW -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jul 8 16:01:54 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:659 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 8 Jul 2002 16:01:42 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 08 Jul 2002 16:01:06 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:34564 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Mon, 8 Jul 2002 16:00:32 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g68E0OD24342; Mon, 8 Jul 2002 10:00:24 -0400 Date: Mon, 8 Jul 2002 10:00:24 -0400 From: Jean-Luc Cooke To: =?iso-8859-1?Q?David_G=FCmbel?= Cc: linux-crypto@nl.linux.org, Fruhwirth Clemens Subject: Re: Cryptoapi kernel-patch packages for debian Message-ID: <20020708100024.B24209@certainkey.com> References: <20020706221719.D9604@certainkey.com> <200207070950.07048@dix.global-thinking.org> <20020707143505.A18349@certainkey.com> <200207080056.32185@dix.global-thinking.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5.1i In-Reply-To: <200207080056.32185@dix.global-thinking.org>; from david.guembel@gmx.de on Mon, Jul 08, 2002 at 12:56:29AM +0200 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Thanks David, input is wonderful! On Mon, Jul 08, 2002 at 12:56:29AM +0200, David Gümbel wrote: > > example: > > http://jlcooke.ca/go?2.4.18/CA | less > > Yes, I see :) > > But there are still some things that come to my mind as far as security is > concerned: > > * Placing "KERNKEY=0x517D0F0E" inside the script downloaded from the web might > be a potential security risk as this could quite easily be transparently > replaced by a different key id I have in my keyring (or that is available > via the keyserver)[1]. I think this might be avoided by reading the key ID > from a local file that has to be created by the user first (?) go-gnome.com does something like this, so I'm not without precedent. :) I agree, an SSL (https vs http) URL fetch is preferred. This has sent me down a few interesting paths (jl's little secret for now). Worse come to worse, I'll buy a thwate cert for kerneli.org. BTW, lynx and w3m both use libssl.so (openssl). And openssl will disallow a connection to an invalid host/cert pair, I don't think either are using this feature...too bad. The issue with GPG...well I have my own opinions about GPG with most people will not like. Can we assume if the SH script comes from a verified SSL tunnel, that the contents can be trusted? > * There is no check whether the key used for verification is trusted/has > been signed by the user. If the user doesn't have the key yet, how can the user sign it for use? Are you suggesting we prompt the user? > * The script is being piped directly from the web to a root shell. This looks > dangerous to me, even with SSL in use, as long as the SSL certificate > doesn't undergo verification. I currently can't find any option for > lynx or w3m that does this, but it's very possible I'm just blind. Read above, re:verification of the SSL tunnel. > And there's one thing I stumbled across when reading the code - maybe you > should start with a section like this: > > TRUEBIN = `which true` > W3MBIN = `which w3m` > LYNXBIN = `which lynx` > etc., just as you did with the gpg binary. Sounds good. -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 03:38:51 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:22162 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 03:38:34 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 03:38:19 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:1776 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 03:37:53 +0200 Received: from sandelman.ottawa.on.ca (marajade.sandelman.ottawa.on.ca [192.139.46.20]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g691aJY10417 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK) for ; Mon, 8 Jul 2002 21:36:22 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g691U764001961 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Mon, 8 Jul 2002 21:30:07 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g68MC7Lw013324 for ; Mon, 8 Jul 2002 18:13:08 -0400 Message-Id: <200207082213.g68MC7Lw013324@marajade.sandelman.ottawa.on.ca> To: linux-crypto Subject: questions about gen-cipher.h Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Mon, 08 Jul 2002 18:12:06 -0400 From: Michael Richardson X-Spam-Status: No, hits=-1.0 required=5.0 tests=TO_LOCALPART_EQ_REAL,LINES_OF_YELLING,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Can some explain why the constructs: #define __xINIT_CIPHER_BLKOPS(name) INIT_CIPHER_BLKOPS(name) #define __xINIT_CIPHER_OPS(name) INIT_CIPHER_OPS(name) ... #define __STR(x) # x #define __xSTR(x) __STR(x) #define __CAT(x,y) x ## y #define __xCAT(x,y) __CAT(x,y) Why have __xCAT(x,y) at all? Why not just call __CAT() directly? Ditto for INIT_CIPHER_BLKOPS(). ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Finger me for keys iQCVAwUBPSoOMoqHRg3pndX9AQG+lQQAzkznJ7RO+81BQteVWxumLkD7GsAns1gh es+sEbyPw/tmIeMKn2SccspTb5jQRHFV7ohu+FkSMO2DTboEKMbRMs7Yh5ouvr7h P4ze7mUMosJWe3j8jb9T+JIIYAzJ21W+QCyuyDUvAH3ZlzRahVE2yNoYK5ZxEfDm zmmnyYuGpGQ= =8vFf -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 07:46:44 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:440 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 07:46:42 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 07:46:12 +0200 (CEST) Received: from mail.xenux.dk ([IPv6:::ffff:195.184.114.2]:56003 "EHLO mail.xenux.dk") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 07:45:36 +0200 Received: from localhost.localdomain (213.237.42.41.adsl.vby.worldonline.dk [213.237.42.41]) by mail.xenux.dk (Postfix) with ESMTP id EAF80FCB5 for ; Tue, 9 Jul 2002 07:45:19 +0200 (CEST) Subject: Resizing ext3 on a LVM with cryptoapi From: Klaus Agnoletti To: linux-crypto@nl.linux.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-0mCfUBYP5fYHQZ0Cl4NT" X-Mailer: Ximian Evolution 1.0.7 Date: 09 Jul 2002 07:45:33 +0200 Message-Id: <1026193534.747.8.camel@gimli> Mime-Version: 1.0 X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: klaus@xenux.dk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-0mCfUBYP5fYHQZ0Cl4NT Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, I installed LVM and cryptoapi on one harddrive with help from the list. Everything went fine, but I need to resize the partition since I added another drive to the LVM. I tried doing this but I got an error saying that it can't find the magic something of the partition (sorry I can't remember exactly - stupid as I am, I didn't think of writing it down :P). My question is - are there any limitations to using a ext3 partition like this, compared to not using cryptoapi ? e.g. resizing ? or did I do something wrong ? Thanks in advance. --=20 Med venlig hilsen / Regards Klaus Agnoletti Junior Geek Engineer Xenux - The Linux People Bredgade 35A, 2. 1260 K=F8benhavn K Tel: +45 3315 8202 Fax: +45 3332 1832 http://www.xenux.dk 'vi is to EMACS as masturbation is to making love: =20 effective and always available but probably not your first choice.' --=-0mCfUBYP5fYHQZ0Cl4NT Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA9Knh9vxlkpf75rnoRAvNEAJoDvnPJYq7iMY3Qaew7+6+/Dh4w2ACfdjUB A+lIHzUGMGIdGeRzQH3Wa5I= =WPrT -----END PGP SIGNATURE----- --=-0mCfUBYP5fYHQZ0Cl4NT-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 10:37:56 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:43210 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 10:37:43 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 10:37:31 +0200 (CEST) Received: from faui02.informatik.uni-erlangen.de ([IPv6:::ffff:131.188.30.102]:11986 "EHLO faui02.informatik.uni-erlangen.de") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 10:19:21 +0200 Received: from rz.de (root@faui02b.informatik.uni-erlangen.de [131.188.30.151]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id KAA15586; Tue, 9 Jul 2002 10:19:10 +0200 (MEST) Received: (from rz@localhost) by rz.de (8.8.8/8.8.8) id WAA01506; Mon, 8 Jul 2002 22:01:53 +0200 Date: Mon, 8 Jul 2002 22:01:52 +0200 From: Richard Zidlicky To: Jean-Luc Cooke Cc: =?iso-8859-1?Q?David_G=FCmbel?= , linux-crypto@nl.linux.org, Fruhwirth Clemens Subject: Re: Cryptoapi kernel-patch packages for debian Message-ID: <20020708220152.B220@linux-m68k.org> References: <20020706221719.D9604@certainkey.com> <200207070950.07048@dix.global-thinking.org> <20020707143505.A18349@certainkey.com> <200207080056.32185@dix.global-thinking.org> <20020708100024.B24209@certainkey.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020708100024.B24209@certainkey.com>; from jlcooke@certainkey.com on Mon, Jul 08, 2002 at 10:00:24AM -0400 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: rdzidlic@faui02.informatik.uni-erlangen.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Mon, Jul 08, 2002 at 10:00:24AM -0400, Jean-Luc Cooke wrote: > BTW, lynx and w3m both use libssl.so (openssl). And openssl will disallow a > connection to an invalid host/cert pair, I don't think either are using this > feature...too bad. see w3m options. Not that I had ever seriously tested this. Richard - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 11:02:19 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:12494 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 11:02:07 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 11:01:59 +0200 (CEST) Received: from h195202190178.med.cm.kabsi.at ([IPv6:::ffff:195.202.190.178]:8636 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 10:52:36 +0200 Received: from janus.txd.hvrlab.org (IDENT:gvBsvsiE/hYcytRYVrCGh1M2JkWnlmD+@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g698qS000927; Tue, 9 Jul 2002 10:52:29 +0200 Subject: Re: questions about gen-cipher.h From: Herbert Valerio Riedel To: Michael Richardson Cc: linux-crypto , cryptoapi-devel@kerneli.org In-Reply-To: <200207082213.g68MC7Lw013324@marajade.sandelman.ottawa.on.ca> References: <200207082213.g68MC7Lw013324@marajade.sandelman.ottawa.on.ca> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-qmIrmIrw93odfPnMkHcm" X-Mailer: Ximian Evolution 1.0.8 Date: 09 Jul 2002 10:52:28 +0200 Message-Id: <1026204749.5069.156.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-qmIrmIrw93odfPnMkHcm Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-07-09 at 00:12, Michael Richardson wrote: > Can some explain why the constructs: >=20 > #define __xINIT_CIPHER_BLKOPS(name) INIT_CIPHER_BLKOPS(name) > #define __xINIT_CIPHER_OPS(name) INIT_CIPHER_OPS(name) >=20 > ... >=20 > #define __STR(x) # x > #define __xSTR(x) __STR(x) >=20 > #define __CAT(x,y) x ## y > #define __xCAT(x,y) __CAT(x,y) >=20 > Why have __xCAT(x,y) at all? Why not just call __CAT() directly? > Ditto for INIT_CIPHER_BLKOPS(). I'm glad you asked, since it's actually a quite interesting---but little known---issue :-) it has to do with cpp's behaviour, when the macro argument is used as an operand of ## or # in the macro body; usually when a macro call is encountered, it's arguments are 'prescanned' and macro-expanded if necessary; then the result is substituted in the macro body; and after that another scan on the expanded body is performed; thus scanning takes place twice; but when arguments of the macro are used as operands to ## or # they are not prescanned, but are taken literally, as they were passed to the macro;=20 some example; the fragments above are typically used by the following macro: #define CIPHER_SYMBOL(x) __xCAT(CIPHER_ID,x) which in turn is used in the cipher implementations the following way (it's just a simplified case; essentially this macro template stuff allows to let the preprocessor "instantiate" some other symbols and protoype-declarations (which all follow the same scheme) in a batch, which would otherwise need to be typed out by hand...) #define CIPHER_ID twofish /* imagine the macro #defines written above to be in scope here */ /* the following simplified prototypes are #included from a gen(eric) c header */ int CIPHER_SYMBOL(_encrypt) (...); int CIPHER_SYMBOL(_decrypt) (...); int CIPHER_SYMBOL(_setkey) (...); the last 3 lines above would be expanded to int twofish_encrypt (...); int twofish_decrypt (...); int twofish_setkey (...); ...hope I could make it clear a bit (in case it wasn't), why this is a killer feature IMHO... now back to the reason, why the construct above needs those additional "x-layers": imagine we had CIPHER_SYMBOL2 using __CAT directly, instead of __xCAT: #define CIPHER_SYMBOL2(x) __CAT(CIPHER_ID,x) then int CIPHER_SYMBOL2(_encrypt) (...); would evaluate to (pass by pass): int CIPHER_SYMBOL2(_encrypt) (...); int __CAT(CIPHER_ID,_encrypt) (...); /* prescan not used for ##'s operands */ int CIPHER_ID ## _encrypt (...); /* post-scan doesn't change anything */ int CIPHER_ID_encrypt (...); /* since operands to ## are taken as is */ and now compare this to the x-version: int CIPHER_SYMBOL(_encrypt) (...); int __xCAT(CIPHER_ID,_encrypt) (...); /* prescanning takes place */ int __CAT(twofish,_encrypt) (...); /* pre-expanded args filled in, 2nd scan doesn't change anything */ int twofish ## _encrypt (...); /* __CAT got expanded */ int twofish_encrypt (...); /* just what we wanted! */ well, guess that's already off-topic enough for now... :-) regards, --=20 Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 --=-qmIrmIrw93odfPnMkHcm Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9KqRLSYHgZIg/QUIRAps7AJ9M0imTiDgrbsj0RoBrsRsAVDM9fwCg6JTb ZCrbjCyR4F/K+ncHZKhbT8E= =fqiY -----END PGP SIGNATURE----- --=-qmIrmIrw93odfPnMkHcm-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 18:08:30 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:8336 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 18:08:27 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 18:08:02 +0200 (CEST) Received: from port-212-202-184-37.reverse.qdsl-home.de ([IPv6:::ffff:212.202.184.37]:3083 "EHLO rimbaud.global-thinking.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 17:48:49 +0200 Received: (qmail 18961 invoked from network); 9 Jul 2002 15:48:42 -0000 Received: from dix.global-thinking.org (192.168.0.1) by rimbaud.global-thinking.org with RC4-MD5 encrypted SMTP; 9 Jul 2002 15:48:42 -0000 Content-Type: text/plain; charset="iso-8859-1" From: David =?iso-8859-1?q?G=FCmbel?= Organization: - To: Richard Zidlicky , Jean-Luc Cooke Subject: Re: Cryptoapi kernel-patch packages for debian Date: Tue, 9 Jul 2002 17:49:03 +0200 User-Agent: KMail/1.4.2 Cc: linux-crypto@nl.linux.org, Fruhwirth Clemens References: <20020706221719.D9604@certainkey.com> <20020708100024.B24209@certainkey.com> <20020708220152.B220@linux-m68k.org> In-Reply-To: <20020708220152.B220@linux-m68k.org> X-GPG-Fingerprint: B06B 307B 2945 39A3 4236 A0ED 7169 2EA9 85E4 FEEC X-GPG-Key-URL: http://www.david-guembel.de/pgp.asc MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200207091749.05190@dix.global-thinking.org> X-Spam-Status: No, hits=-6.5 required=5.0 tests=IN_REP_TO,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: david.guembel@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 08 July 2002 22:01:22, Richard Zidlicky wrote: > On Mon, Jul 08, 2002 at 10:00:24AM -0400, Jean-Luc Cooke wrote: > > BTW, lynx and w3m both use libssl.so (openssl). And openssl will > > disallow a connection to an invalid host/cert pair, I don't think either > > are using this feature...too bad. > > see w3m options. Not that I had ever seriously tested this. Are you talking about compile options? I don't see anything at the command line that fits here. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: http://david-guembel.de/webpgp.html iD8DBQE9KwXvcWkuqYXk/uwRArS4AJ4vqJEvB5cEVT0diw5mP7u6vn6pCQCdH2+D NadbzjDPGl/Z9t32T1qvbN0= =xPlL -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 19:23:10 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:22936 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 19:23:01 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 19:22:54 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:46061 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 19:07:36 +0200 Received: from sandelman.ottawa.on.ca (marajade.sandelman.ottawa.on.ca [192.139.46.20]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g69H5nW12047 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Tue, 9 Jul 2002 13:05:51 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g69H5Rn0009892 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Tue, 9 Jul 2002 13:05:29 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g69H4nlx009866; Tue, 9 Jul 2002 13:05:00 -0400 Message-Id: <200207091705.g69H4nlx009866@marajade.sandelman.ottawa.on.ca> To: Herbert Valerio Riedel cc: linux-crypto , cryptoapi-devel@kerneli.org Subject: Re: questions about gen-cipher.h In-reply-to: Your message of "09 Jul 2002 10:52:28 +0200." <1026204749.5069.156.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Tue, 09 Jul 2002 13:04:48 -0400 From: Michael Richardson X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Yeah, that's a good reason. I've run into the same thing before. I think that this probably in a FAQ somewhere... A note in the code would help. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 19:47:03 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:5021 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 19:46:55 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 19:46:44 +0200 (CEST) Received: from web6.internetx.de ([IPv6:::ffff:195.127.139.123]:33041 "EHLO web6.internetx.de") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 19:45:07 +0200 Received: from firma (p5081F30A.dip.t-dialin.net [80.129.243.10]) by web6.internetx.de (8.10.2/8.10.2) with SMTP id g69HRsf28169 for linux-crypto@nl.linux.org; Tue, 9 Jul 2002 19:27:54 +0200 Date: Tue, 9 Jul 2002 19:27:54 +0200 Message-Id: <200207091727.g69HRsf28169@web6.internetx.de> To: From: Subject: RE: Pictausch?? MIME-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit X-Spam-Status: No, hits=0.5 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,NO_REAL_NAME version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: nicolescholiz1@web.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org ach Mist jetzt hab ich doch glatt vergessen die Adresse mit zu schicken sorry hier ist sie: http://funchat.rox.to na gut kannste dir ja mal anschauen sehen uns dann evtl wieder im Chat ok ? So muß jetzt zur Arbeit bis dann TINA - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 22:34:26 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:46266 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 22:34:19 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 22:34:00 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:749 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 22:23:12 +0200 Received: from sandelman.ottawa.on.ca (marajade.sandelman.ottawa.on.ca [192.139.46.20]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g69KLXW12337 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK) for ; Tue, 9 Jul 2002 16:21:37 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g69KLBn0031942 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Tue, 9 Jul 2002 16:21:13 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g69KLAhi031938 for ; Tue, 9 Jul 2002 16:21:11 -0400 Message-Id: <200207092021.g69KLAhi031938@marajade.sandelman.ottawa.on.ca> To: linux-crypto Subject: losetup patches for cryptoapi. Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Tue, 09 Jul 2002 16:21:09 -0400 From: Michael Richardson X-Spam-Status: No, hits=-1.0 required=5.0 tests=TO_LOCALPART_EQ_REAL,LINES_OF_YELLING,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- where have these patches gone? I seem to have everything I need in my woody /sbin/losetup, but I want to be build them from scratch. The HOWTO says that they would get copied to /usr/src/linux/Documentation/crypto, but that isn't the case for me. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Finger me for keys iQCVAwUBPStFsYqHRg3pndX9AQEhpAQAxkVFmhaAv3AETklv3VnwPhwyl45tXfHX B+XqCHhviBPRw/QdQDluhpF55nJEpd5/18PI2iSWV5byATZYMJlMbs/tanISf43k Kr0NVtshhyFPO2r3/jw2yyrAQXGsGdqUAd35Yb/Sh7in0Mkyp95avajiea+SKzHg qINLHa6AzJs= =p+rw -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jul 9 22:44:44 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:52413 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 22:44:38 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 09 Jul 2002 22:44:32 +0200 (CEST) Received: from h195202190178.med.cm.kabsi.at ([IPv6:::ffff:195.202.190.178]:17024 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 22:41:23 +0200 Received: from janus.txd.hvrlab.org (IDENT:Dm10jxfLlGqds7JKkSK5+3RZG0nXnAkk@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g69Kf2N02390; Tue, 9 Jul 2002 22:41:02 +0200 Subject: Re: losetup patches for cryptoapi. From: Herbert Valerio Riedel To: Michael Richardson Cc: linux-crypto In-Reply-To: <200207092021.g69KLAhi031938@marajade.sandelman.ottawa.on.ca> References: <200207092021.g69KLAhi031938@marajade.sandelman.ottawa.on.ca> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-w5VpbOFh1gfis86G4mbC" X-Mailer: Ximian Evolution 1.0.8 Date: 09 Jul 2002 22:41:02 +0200 Message-Id: <1026247262.1981.4.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-w5VpbOFh1gfis86G4mbC Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-07-09 at 22:21, Michael Richardson wrote: > where have these patches gone? I seem to have everything I need in my > woody /sbin/losetup, but I want to be build them from scratch. well, that's because debian includes already an (ancient) variant of the patches... =20 > The HOWTO says that they would get copied to > /usr/src/linux/Documentation/crypto, but that isn't the case for me. the HOWTO you have seems to be out-of-date; you can find the latest util-linux patches in http://www.kernel.org/pub/linux/kernel/people/hvr/util-linux-patch-int/ regards, --=20 Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 --=-w5VpbOFh1gfis86G4mbC Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9K0pdSYHgZIg/QUIRAo0RAJ9C57HIHz2U68eSrNlF+VOzJCF3rwCg6C0C ClanXG1BXlX1/d6GYlKfuhs= =9Enm -----END PGP SIGNATURE----- --=-w5VpbOFh1gfis86G4mbC-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jul 10 05:20:16 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:8423 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 10 Jul 2002 05:20:06 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 10 Jul 2002 05:19:53 +0200 (CEST) Received: from port-212-202-184-37.reverse.qdsl-home.de ([IPv6:::ffff:212.202.184.37]:3083 "EHLO rimbaud.global-thinking.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 17:48:49 +0200 Received: (qmail 18961 invoked from network); 9 Jul 2002 15:48:42 -0000 Received: from dix.global-thinking.org (192.168.0.1) by rimbaud.global-thinking.org with RC4-MD5 encrypted SMTP; 9 Jul 2002 15:48:42 -0000 Content-Type: text/plain; charset="iso-8859-1" From: David =?iso-8859-1?q?G=FCmbel?= Organization: - To: Richard Zidlicky , Jean-Luc Cooke Subject: Re: Cryptoapi kernel-patch packages for debian Date: Tue, 9 Jul 2002 17:49:03 +0200 User-Agent: KMail/1.4.2 Cc: linux-crypto@nl.linux.org, Fruhwirth Clemens References: <20020706221719.D9604@certainkey.com> <20020708100024.B24209@certainkey.com> <20020708220152.B220@linux-m68k.org> In-Reply-To: <20020708220152.B220@linux-m68k.org> X-GPG-Fingerprint: B06B 307B 2945 39A3 4236 A0ED 7169 2EA9 85E4 FEEC X-GPG-Key-URL: http://www.david-guembel.de/pgp.asc MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200207091749.05190@dix.global-thinking.org> X-Spam-Status: No, hits=-6.5 required=5.0 tests=IN_REP_TO,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: david.guembel@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 08 July 2002 22:01:22, Richard Zidlicky wrote: > On Mon, Jul 08, 2002 at 10:00:24AM -0400, Jean-Luc Cooke wrote: > > BTW, lynx and w3m both use libssl.so (openssl). And openssl will > > disallow a connection to an invalid host/cert pair, I don't think either > > are using this feature...too bad. > > see w3m options. Not that I had ever seriously tested this. Are you talking about compile options? I don't see anything at the command line that fits here. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: http://david-guembel.de/webpgp.html iD8DBQE9KwXvcWkuqYXk/uwRArS4AJ4vqJEvB5cEVT0diw5mP7u6vn6pCQCdH2+D NadbzjDPGl/Z9t32T1qvbN0= =xPlL -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jul 10 05:20:21 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:14055 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 10 Jul 2002 05:20:09 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 10 Jul 2002 05:20:03 +0200 (CEST) Received: from mail.xenux.dk ([IPv6:::ffff:195.184.114.2]:56003 "EHLO mail.xenux.dk") by humbolt.nl.linux.org with ESMTP id ; Tue, 9 Jul 2002 07:45:36 +0200 Received: from localhost.localdomain (213.237.42.41.adsl.vby.worldonline.dk [213.237.42.41]) by mail.xenux.dk (Postfix) with ESMTP id EAF80FCB5 for ; Tue, 9 Jul 2002 07:45:19 +0200 (CEST) Subject: Resizing ext3 on a LVM with cryptoapi From: Klaus Agnoletti To: linux-crypto@nl.linux.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-0mCfUBYP5fYHQZ0Cl4NT" X-Mailer: Ximian Evolution 1.0.7 Date: 09 Jul 2002 07:45:33 +0200 Message-Id: <1026193534.747.8.camel@gimli> Mime-Version: 1.0 X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: klaus@xenux.dk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-0mCfUBYP5fYHQZ0Cl4NT Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, I installed LVM and cryptoapi on one harddrive with help from the list. Everything went fine, but I need to resize the partition since I added another drive to the LVM. I tried doing this but I got an error saying that it can't find the magic something of the partition (sorry I can't remember exactly - stupid as I am, I didn't think of writing it down :P). My question is - are there any limitations to using a ext3 partition like this, compared to not using cryptoapi ? e.g. resizing ? or did I do something wrong ? Thanks in advance. --=20 Med venlig hilsen / Regards Klaus Agnoletti Junior Geek Engineer Xenux - The Linux People Bredgade 35A, 2. 1260 K=F8benhavn K Tel: +45 3315 8202 Fax: +45 3332 1832 http://www.xenux.dk 'vi is to EMACS as masturbation is to making love: =20 effective and always available but probably not your first choice.' --=-0mCfUBYP5fYHQZ0Cl4NT Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA9Knh9vxlkpf75rnoRAvNEAJoDvnPJYq7iMY3Qaew7+6+/Dh4w2ACfdjUB A+lIHzUGMGIdGeRzQH3Wa5I= =WPrT -----END PGP SIGNATURE----- --=-0mCfUBYP5fYHQZ0Cl4NT-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jul 10 12:51:18 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:24767 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 10 Jul 2002 12:51:09 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 10 Jul 2002 12:50:54 +0200 (CEST) Received: from faui02.informatik.uni-erlangen.de ([IPv6:::ffff:131.188.30.102]:58240 "EHLO faui02.informatik.uni-erlangen.de") by humbolt.nl.linux.org with ESMTP id ; Wed, 10 Jul 2002 12:50:43 +0200 Received: from rz.de (root@faui02b.informatik.uni-erlangen.de [131.188.30.151]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id MAA05700; Wed, 10 Jul 2002 12:50:39 +0200 (MEST) Received: (from rz@localhost) by rz.de (8.8.8/8.8.8) id LAA02158; Wed, 10 Jul 2002 11:51:21 +0200 Date: Wed, 10 Jul 2002 11:51:20 +0200 From: Richard Zidlicky To: =?iso-8859-1?Q?David_G=FCmbel?= Cc: Jean-Luc Cooke , linux-crypto@nl.linux.org, Fruhwirth Clemens Subject: Re: Cryptoapi kernel-patch packages for debian Message-ID: <20020710115120.A2142@linux-m68k.org> References: <20020706221719.D9604@certainkey.com> <20020708100024.B24209@certainkey.com> <20020708220152.B220@linux-m68k.org> <200207091749.05190@dix.global-thinking.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <200207091749.05190@dix.global-thinking.org>; from david.guembel@gmx.de on Tue, Jul 09, 2002 at 05:49:03PM +0200 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: rdzidlic@faui02.informatik.uni-erlangen.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Tue, Jul 09, 2002 at 05:49:03PM +0200, David Gümbel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Monday 08 July 2002 22:01:22, Richard Zidlicky wrote: > > On Mon, Jul 08, 2002 at 10:00:24AM -0400, Jean-Luc Cooke wrote: > > > BTW, lynx and w3m both use libssl.so (openssl). And openssl will > > > disallow a connection to an invalid host/cert pair, I don't think either > > > are using this feature...too bad. > > > > see w3m options. Not that I had ever seriously tested this. > > Are you talking about compile options? I don't see anything at the command > line that fits here. no, those that appear when you hit 'o' inside w3m or use the popup menu entry. Richard - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jul 11 02:05:17 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:23234 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 11 Jul 2002 02:05:13 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 11 Jul 2002 02:04:43 +0200 (CEST) Received: from mail.gmx.net ([IPv6:::ffff:213.165.64.20]:19718 "HELO mail.gmx.net") by humbolt.nl.linux.org with SMTP id convert rfc822-to-8bit; Thu, 11 Jul 2002 02:04:31 +0200 Received: (qmail 25625 invoked by uid 0); 11 Jul 2002 00:04:28 -0000 Received: from pd9e4a5a0.dip.t-dialin.net (HELO notch) (217.228.165.160) by mail.gmx.net (mp019-rz3) with SMTP; 11 Jul 2002 00:04:28 -0000 Content-Type: text/plain; charset="us-ascii" From: Peter Kirk To: linux-crypto@nl.linux.org Subject: What I want to do -doable ? Date: Thu, 11 Jul 2002 02:04:20 +0200 User-Agent: KMail/1.4.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Message-Id: <200207110204.20364.pwk.linuxfan@gmx.de> X-Spam-Status: No, hits=-0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: pwk.linuxfan@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, Since I am realy quite new to crypto stuff....I'll just tell you what I am trying to do....if you could point out bad points or give hints they would be greatly appreciated. To make my system-data totally robbery safe: I'd like to put a loopback-crypto with reiserfs on all my partitions except /boot (so on /, /usr, /home etc.). The encryption I wish to use is the aes (the winner of that competition). This is my little dream: After starting my computer, running lilo and selecting my kernel (lying on /boot the kernel can be read) a initial ramdisk is loaded...containing losetup, mount and a script I will write. This script will ask for the password to decrypt the partitions, and will then mount all my partitions with this passoword, meaning I enter _one_ password _once_. When the partitions are mounted (to /mnt and sub) I chroot into my new system and continue booting. Since with swap it doesnt seem to be possible to encrypt it, I am planning on not using a swap partition at all. Where do you see problems ? Ideas of problems I have: the script: is it possible to "enter" the password with a script ? around the script: where do I put it (so the initial ram disk will load it ?? how will I make the system continue to boot normaly when finished ? does linux work with out swap (I got 512 MB RAM) ? is it safe ?? Thanks for reading (and possibly helping) Peter -- Reality is a cop-out for people who can't handle drugs. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jul 11 02:57:58 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:13001 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 11 Jul 2002 02:57:49 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 11 Jul 2002 02:57:42 +0200 (CEST) Received: from adsl-216-158-28-251.cust.oldcity.dca.net ([IPv6:::ffff:216.158.28.251]:9347 "EHLO fukurou.paranoiacs.org") by humbolt.nl.linux.org with ESMTP id ; Thu, 11 Jul 2002 02:57:28 +0200 Received: (from sluskyb@localhost) by fukurou.paranoiacs.org (8.9.3/8.9.3/Debian 8.9.3-21) id UAA06155 for linux-crypto@nl.linux.org; Wed, 10 Jul 2002 20:57:25 -0400 Date: Wed, 10 Jul 2002 20:57:24 -0400 From: Ben Slusky To: linux-crypto@nl.linux.org Subject: Re: What I want to do -doable ? Message-ID: <20020711005724.GA23509@paranoiacs.org> Mail-Followup-To: linux-crypto@nl.linux.org References: <200207110204.20364.pwk.linuxfan@gmx.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200207110204.20364.pwk.linuxfan@gmx.de> User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-4.5 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sluskyb@paranoiacs.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Thu, 11 Jul 2002 02:04:20 +0200, Peter Kirk wrote: > Hi, > > Since I am realy quite new to crypto stuff....I'll just tell you what I am > trying to do....if you could point out bad points or give hints they would be > greatly appreciated. I've got all that done. I've been meaning to post the whole package "as soon as I clean it up some." Look for it RSN... Oh, and you can encrypt swap; see Jari Ruusu's patches, which have been discussed in previous posts to this list. -- Ben Slusky | The only "intuitive" inter- sluskyb@stwing.org | face is the nipple. After sluskyb@paranoiacs.org | that, it's all learned. PGP keyID ADA44B3B | -Bruce Ediger - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jul 11 13:29:17 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:428 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 11 Jul 2002 13:29:06 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 11 Jul 2002 13:28:51 +0200 (CEST) Received: from [IPv6:::ffff:194.46.8.33] ([IPv6:::ffff:194.46.8.33]:17418 "EHLO crisium.vnl.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 11 Jul 2002 13:28:42 +0200 Received: from amon by crisium.vnl.com with local (Exim 3.35 #1) id 17ScB9-0001Nm-00 (Debian); Thu, 11 Jul 2002 12:32:11 +0100 Date: Thu, 11 Jul 2002 12:32:11 +0100 From: Dale Amon To: linux-crypto@nl.linux.org Subject: Re: What I want to do -doable ? Message-ID: <20020711113211.GL26916@vnl.com> Mail-Followup-To: Dale Amon , linux-crypto@nl.linux.org References: <200207110204.20364.pwk.linuxfan@gmx.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200207110204.20364.pwk.linuxfan@gmx.de> User-Agent: Mutt/1.4i X-Operating-System: Linux, the choice of a GNU generation X-Spam-Status: No, hits=-4.5 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: amon@vnl.com Precedence: bulk List-help: List-