From linux-crypto-bounce@nl.linux.org Sun Sep 1 18:13:52 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:35496 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 1 Sep 2002 18:13:46 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 01 Sep 2002 18:13:26 +0200 (CEST) Received: from hank-fep7-0.inet.fi ([IPv6:::ffff:194.251.242.202]:28337 "EHLO fep07.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Sun, 1 Sep 2002 18:13:18 +0200 Received: from pp.inet.fi ([194.197.67.131]) by fep07.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020901161317.LYLH18644.fep07.tmt.tele.fi@pp.inet.fi>; Sun, 1 Sep 2002 19:13:17 +0300 Message-ID: <3D723CB1.77B1D389@pp.inet.fi> Date: Sun, 01 Sep 2002 19:13:37 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Newsmail CC: linux-crypto@nl.linux.org Subject: Re: losetup options References: <5.1.1.6.2.20020831203251.02117c28@pop.tvnet.hu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.6 required=5.0 tests=TO_LOCALPART_EQ_REAL version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Newsmail wrote: > maybe its an already answered question, but I dont find any information > about the -T option Jari uses in his loop-aes examples: losetup -e AES128 > -T /dev/loop0 /dev/hda666 > what is the -T option? Try "man losetup", this line should be there: -T asks password twice. However, a bug in loop-AES' install instructions instruct to install man pages to /usr/man/ directory. Many newer (all?) distros put man pages to /usr/share/man/ directory. So a bug in installation instructions may be the real cause of this. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From isabel@69.com Sun Sep 1 20:53:41 2002 Received: from ACB89665.ipt.aol.com ([IPv6:::ffff:172.184.150.101]:5134 "HELO privat") by humbolt.nl.linux.org with SMTP id ; Sun, 1 Sep 2002 20:53:38 +0200 From: "Isabel" To: Subject: Endlich habe ich Dich gefunden !!! Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Sun, 1 Sep 2002 21:03:16 Message-Id: <20020901185339Z16712-23464+125@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Gruess Dich

Gruess Dich,

nun habe ich mich doch in eine Kontaktdatenbank eingetragen.

Wenn Du Recht haben solltest, bin ich nicht mehr lange

so einsam.....

...und kann meine sexuellen Phantasien ausleben.

Schau Dir mal den Eintrag an, ob er so OKI ist und schreibe

mir Deinen Eindruck.


http://isabel69.yeah.net


Danke noch mal fuer Alles.....


Deine Isabel

From linux-crypto-bounce@nl.linux.org Mon Sep 2 05:14:08 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:32655 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 2 Sep 2002 05:14:01 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 02 Sep 2002 05:13:33 +0200 (CEST) Received: from smtp.comcast.net ([IPv6:::ffff:24.153.64.2]:4258 "EHLO smtp.comcast.net") by humbolt.nl.linux.org with ESMTP id ; Mon, 2 Sep 2002 05:13:25 +0200 Received: from zero (pcp02139429pcs.reston01.va.comcast.net [68.48.29.242]) by mtaout05.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with ESMTP id <0H1S00L34JLGP8@mtaout05.icomcast.net> for linux-crypto@nl.linux.org; Sun, 01 Sep 2002 23:12:52 -0400 (EDT) Received: from nester by zero with local (Exim 3.35 #1 (Debian)) id 17lhe0-0000Cd-00 for ; Sun, 01 Sep 2002 23:12:52 -0400 Date: Sun, 01 Sep 2002 23:12:51 -0400 From: Tom Vier Subject: LOOP_SET_STATUS To: linux-crypto@nl.linux.org Reply-to: Tom Vier Message-id: <20020902031251.GA759@yzero> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.3.28i X-Spam-Status: No, hits=1.9 required=5.0 tests=SUBJ_ALL_CAPS version=2.20 X-Spam-Level: * X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: tmv@comcast.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org this happens with all ciphers. losetup prompts for a keysize, then passwd, then it spits this out: The cipher does not exist, or a cipher module needs to be loaded into the kernel ioctl: LOOP_SET_STATUS: Invalid argument yet, it is loaded. i've tried it with all the crypto stuff compiled in, and as modules, and with the loop file on reiserfs and ext2. same error. this is on an alpha running 2.4.19. i'm using the latest cryptoapi rc1 patch and debian stable's crypto aware losetup. -- Tom Vier DSA Key ID 0xE6CB97DA - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From dyh@mail.wzmc.net Mon Sep 2 22:44:56 2002 Received: from [IPv6:::ffff:61.141.204.212] ([IPv6:::ffff:61.141.204.212]:49925 "ehlo saless16") by humbolt.nl.linux.org with ESMTP id ; Mon, 2 Sep 2002 22:44:51 +0200 From: =?GB2312?B?UG93ZXJTb2Z0VGVhbcP70KO/qreizcW20w==?= Subject: =?GB2312?B?z8i/qreiwvrS4rrzuLa/7g==?= To: linux-crypto-archive@nl.linux.org Content-Type: text/plain;charset="GB2312"; Reply-To: powersoftteam@sohu.com Date: Tue, 3 Sep 2002 04:44:30 +0800 X-Priority: 1 X-Library: Indy 8.0.25 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Message-Id: <20020902204452Z16360-12776+455@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Èç¹û±¾Óʼþ²»ÊÇÄãËùÐèÒªµÄ£¬ÎÒÃDZíʾ±§Ç¸£¬ÇëËæÊÖɾ³ý»ò°´»Ø¸´É¾³ý ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ÒµÎñ˵Ã÷£¨ÏÈÌṩ·þÎñ£¬¿Í»§ÂúÒâºóÔÙ¸¶¿î£© ÎÒÃÇÊÇpowersoftteamÈí¼þÍŶӣ¬ÎÒÃǵijÉÔ±À´×Ô±±º½ÓëÇ廪¡¢»ªÖпƼ¼´óѧ£¨Ô­»ªÖÐÀí¹¤´óѧ£©Õã´óµÄÈí¼þ¹¤³ÌµÄ˶ʿÒÔ¼°²©Ê¿£¬ÎÒÃÇÌṩÈçÏ·þÎñ£º 1¡¢¿Í»§¹Øϵ¹ÜÀí£¨CRM£©¡¢½øÏú´æϵͳ¡¢ÏúÊÛ¹ÜÀíϵͳ¡¢°ì¹«×Ô¶¯»¯ÏµÍ³£¨OA£©¡¢Îĵ²¹ÜÀíϵͳ¡¢ERP¡¢MRP¡¢MISµÈ¸÷ÀàÈí¼þµÄ¶¨ÖÆ¿ª·¢£¬ÎÒÃÇ¿ÉÒÔÌá½»Ô´³ÌÐò£¬ÎÒÃÇÓÐÕâ·½Ãæ·á¸»µÄ¾­ÑéÓëÖÚ¶àµÄ³É¹¦°¸Àý£» 2¡¢¸÷ÀàÐÐÒµÐÔÈí¼þµÄ¿ª·¢ÒÔ¼°ÏµÍ³¼¯³É£¨ÀýÈ磺µçÐŵÄÍø¹ÜÈí¼þ¡¢Ò½ÔºµÄÐÅÏ¢¹ÜÀíϵͳ¡¢Ð£Ô°¹ÜÀíϵͳ¡¢¾ÆµêÐÅÏ¢¹ÜÀíϵͳ¡­¡­£©£» 3¡¢µç×ÓÕþÎñ¡¢µç×ÓÉÌÎñµÈ´óÐÍϵͳµÄ¿ª·¢£» 4¡¢×¨ÒµÎª¹úÄÚÈËÊ¿ÌṩÈí¼þÆƽâºÍ¼ÓÃÜ·þÎñ£¬ÆƽâЧ¹û¿ÉÒÔ´ïµ½Á½¸ö²ã´Î£¬Ò»¸öÊÇÃÜÂë»òʹÓÃÆÚÏÞÖƵĽâ³ý£¬ÁíÒ»¸ö²ã´ÎÊÇÔÚÒÔÉÏ»ù´¡ÉϽøÒ»²½°´¿Í»§ÐèÇóÐÞ¸ÄÈí¼þ½çÃ棬·½±ã¿Í»§°´ÕÕ×Ô¼ºµÄÏ°¹ßʹÓ᣷½±ã´ó¼ÒʹÓùúÄÚÍâ¼Û¸ñ¸ß´ï¼¸Íò¡¢¼¸Ê®ÍòµÄ´óÐÍ»òרҵÈí¼þ¡£¸ÃÏî·þÎñÐèÒª¿Í»§¼òµ¥½éÉÜÈí¼þ²¢ÌṩδÆÆÃܵÄÈí¼þµÄÏÂÔصØÖ·»ò¹âÅÌ·½Ê½£» 5¡¢×¨ÒµÎª±¾ÍÁÈí¼þÌṩ¼ÓÃܱ£»¤£»±¾¹¤×÷ÊÒ±£ÕÏÁ¼ºÃµÄÆƽâºÍ¼ÓÃÜÖÊÁ¿£¬³ä·ÖÂú×ãÓû§µÄÐèÇó£¡ 6¡¢ÎÒÃdzнÓÈ«¹ú¸÷µØµÄÒÔÉÏ·½ÃæµÄÒµÎñ£¡ ÁªÏµ·½Ê½£ºpowersoftteamÈí¼þÍÅ¶Ó powersoftteam@sohu.com £¨ÓëÎÒÃÇÁªÏµ£¬Çë°´ÕÕÒÔÉÏÓʼþµØÖ·£¬²»ÒªÖ±½Ó»Ø¸´ÄãËù½ÓÊÕµ½µÄÓʼþ£© ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ±¸×¢ 1¡¢ÎÒÃÇ¿ÉÒÔ¸ø×îÖÕÓû§¿ª·¢£¬Ò²¿ÉÒÔ¸øÈí¼þ¹«Ë¾»òÏà¹ØÆóÒµ¿ª·¢£¬¿Í»§¿ÉÒÔÔÚÎÒÃÇÈí¼þÉÏÃæÖ¸Ã÷Ϊ¿Í»§×Ô¼º¿ª·¢£¨¼ÈÈí¼þ°æȨ¿ÉÒÔ¸ø¿Í»§£© 2£ºÎÒÃDz»ÌṩÆƽ⹤¾ßºÍÅàѵ½Ì³Ì£¬¿¼Âǵ½²Ù×÷ÎÊÌ⣬ÔÝʱ²»Ìṩµ¥Æ¬»ú¡¢ICоƬºÍCPUµÄÆƽâ·þÎñ£» 3£ºµ¥¼ÛÈËÃñ±Ò5000ÔªÒÔϵÄÈí¼þ£¬½¨Ò鹺ÂòÕý°æ»òÇëÎÒÃǽøÐпª·¢£¬ÎÒÃDz»ÌṩÆƽâ·þÎñ£» 4£º²»³öÊÛ´óÖÚÈí¼þ¡¢Ô´´úÂëºÍ×¢²áºÅ£¬ÇëÎðÀ´ÐÅË÷È¡£» 5£º²»ÌṩÍøÕ¾ºÍµç×ÓÓÊÏäµÄÃÜÂëÆƽâ·þÎñ ÁªÏµ·½Ê½£ºpowersoftteamÈí¼þÍÅ¶Ó powersoftteam@sohu.com £¨ÓëÎÒÃÇÁªÏµ£¬Çë°´ÕÕÒÔÉÏÓʼþµØÖ·£¬²»ÒªÖ±½Ó»Ø¸´ÄãËù½ÓÊÕµ½µÄÓʼþ£© ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Çë±£Áô´ËÓʼþÒÔ±¸²»Ê±Ö®Ðè From linux-crypto-bounce@nl.linux.org Fri Sep 6 09:31:20 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:34753 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 09:31:12 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 06 Sep 2002 09:30:44 +0200 (CEST) Received: from [IPv6:3ffe:501:1057:710::53] ([IPv6:3ffe:501:1057:710::53]:62379 "EHLO zanzibar.karaba.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 09:30:32 +0200 Received: from [3ffe:501:1057:710::1] (helo=hyakusiki.karaba.org.karaba.org) by zanzibar.karaba.org with esmtp (Exim 3.35 #1 (Debian)) id 17nDZO-0002lc-00 for ; Fri, 06 Sep 2002 16:30:22 +0900 Date: Fri, 06 Sep 2002 16:32:34 +0900 Message-ID: From: Mitsuru KANDA / =?ISO-2022-JP?B?GyRCP0BFRBsoQiAbJEI9PBsoQg==?= To: linux-crypto@nl.linux.org Subject: [Q] merging mainline kernel User-Agent: Wanderlust/2.8.1 (Something) Emacs/21.2 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, hits=1.8 required=5.0 tests=CHARSET_FARAWAY_HEADERS version=2.20 X-Spam-Level: * X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mk@karaba.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello CryptoAPI developers, let me ask a question. Would you have a plan to merge cryptoapi code into the mainline kernel(2.5)? USAGI uses CryptoAPI for IPv6 IPsec. I would like to know whether you have a plan or not. Thanks, -mk - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 6 09:53:02 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:41159 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 09:52:53 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 06 Sep 2002 09:52:45 +0200 (CEST) Received: from h195202190178.med.cm.kabsi.at ([IPv6:::ffff:195.202.190.178]:33517 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 09:52:27 +0200 Received: from janus.txd.hvrlab.org (IDENT:TnAKmdjBIjJgCj6swvmdyUhPw0TRE1oD@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g867qMr27690; Fri, 6 Sep 2002 09:52:22 +0200 Subject: Re: [Q] merging mainline kernel From: Herbert Valerio Riedel To: Mitsuru KANDA / =?UTF-8?Q?=E7=A5=9E=E7=94=B0_?= =?UTF-8?Q?=E5=85=85?= Cc: linux-crypto@nl.linux.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-TaGuDav/MgnHtSvAnlDk" X-Mailer: Ximian Evolution 1.0.8 Date: 06 Sep 2002 09:52:22 +0200 Message-Id: <1031298742.13228.86.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-TaGuDav/MgnHtSvAnlDk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 2002-09-06 at 09:32, Mitsuru KANDA / =E7=A5=9E=E7=94=B0 =E5=85=85 w= rote: > Would you have a plan to merge cryptoapi code into the mainline kernel(2.= 5)? > USAGI uses CryptoAPI for IPv6 IPsec. ...there are a few other projects using it as well... =20 > I would like to know whether you have a plan or not. ...we'd love to and that's our goal in the long term, but this is linus' decision... you might want to ask on the linux kernel mailing list, what their current position regarding cryptography in the kernel is right now... regards, --=20 Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 --=-TaGuDav/MgnHtSvAnlDk Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9eF62SYHgZIg/QUIRAr1HAJwJMHCk4cfGnjbE0JjP7Mr3YbEkEACbBipP gqD4wvBckz4Ns84fHefT6+E= =SytA -----END PGP SIGNATURE----- --=-TaGuDav/MgnHtSvAnlDk-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 6 10:30:27 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:43726 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 10:30:16 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 06 Sep 2002 10:30:07 +0200 (CEST) Received: from [IPv6:3ffe:501:1057:710::53] ([IPv6:3ffe:501:1057:710::53]:8876 "EHLO zanzibar.karaba.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 10:29:45 +0200 Received: from [3ffe:501:1057:710::1] (helo=hyakusiki.karaba.org.karaba.org) by zanzibar.karaba.org with esmtp (Exim 3.35 #1 (Debian)) id 17nEUR-0004WY-00; Fri, 06 Sep 2002 17:29:19 +0900 Date: Fri, 06 Sep 2002 17:31:31 +0900 Message-ID: From: Mitsuru KANDA / =?ISO-2022-JP?B?GyRCP0BFRBsoQiAbJEI9PBsoQg==?= To: Herbert Valerio Riedel Cc: linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel In-Reply-To: <1031298742.13228.86.camel@janus.txd.hvrlab.org> References: <1031298742.13228.86.camel@janus.txd.hvrlab.org> User-Agent: Wanderlust/2.8.1 (Something) Emacs/21.2 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, hits=-2.6 required=5.0 tests=IN_REP_TO,CHARSET_FARAWAY_HEADERS version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mk@karaba.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello Herbert, > > i would like to know whether you have a plan or not. > ...we'd love to and that's our goal in the long term, but this is linus' > decision... you might want to ask on the linux kernel mailing list, what > their current position regarding cryptography in the kernel is right > now... Yes, this is Linus' decision..., ok, I'll ask on lkml. BTW, would you have a plan to submit patches by code-freeze date(end of Oct) whether it will be merged or not? # sorry for inquisitive queston. Regards, -mk - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 6 15:05:19 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:7301 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 15:05:10 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 06 Sep 2002 15:04:58 +0200 (CEST) Received: from megaman.certainkey.com ([IPv6:::ffff:134.117.69.100]:275 "EHLO megaman.certainkey.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 15:04:24 +0200 Received: (from jlcooke@localhost) by megaman.certainkey.com (8.11.0/8.11.2) id g86D4E215709; Fri, 6 Sep 2002 09:04:14 -0400 Date: Fri, 6 Sep 2002 09:04:14 -0400 From: Jean-Luc Cooke To: "Mitsuru KANDA / ?$B?@ED?(B ?$B= Cc: Herbert Valerio Riedel , linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel Message-ID: <20020906090414.B15623@certainkey.com> References: <1031298742.13228.86.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from mk@karaba.org on Fri, Sep 06, 2002 at 05:31:31PM +0900 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jlcooke@certainkey.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I hate to speek for people, but the general view in CryptoAPI is a solid 'yes' (we're moments away from a release as-is). JLC On Fri, Sep 06, 2002 at 05:31:31PM +0900, Mitsuru KANDA / ?$B?@ED?(B ?$B= > Hello Herbert, > > > > i would like to know whether you have a plan or not. > > ...we'd love to and that's our goal in the long term, but this is linus' > > decision... you might want to ask on the linux kernel mailing list, what > > their current position regarding cryptography in the kernel is right > > now... > Yes, this is Linus' decision..., ok, I'll ask on lkml. > > BTW, would you have a plan to submit patches by code-freeze date(end of Oct) > whether it will be merged or not? > > # sorry for inquisitive queston. > > Regards, > -mk > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 6 16:43:13 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:16530 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 16:43:10 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 06 Sep 2002 16:42:59 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:58065 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 16:42:47 +0200 Received: from sandelman.ottawa.on.ca (marajade.sandelman.ottawa.on.ca [192.139.46.20]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g86EfGW19868 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Fri, 6 Sep 2002 10:41:23 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g86EfEi9029958 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Fri, 6 Sep 2002 10:41:16 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g86EfCXR029954; Fri, 6 Sep 2002 10:41:13 -0400 Message-Id: <200209061441.g86EfCXR029954@marajade.sandelman.ottawa.on.ca> To: Mitsuru KANDA / =?ISO-2022-JP?B?GyRCP0BFRBsoQiAbJEI9PBsoQg==?= cc: linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel In-reply-to: Your message of "Fri, 06 Sep 2002 16:32:34 +0900." Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Fri, 06 Sep 2002 10:41:11 -0400 From: Michael Richardson X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Until such time as the mainline kernel resides in a free country, I would strongly recommend that the crypto code stay out. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 6 17:33:58 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:44189 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 17:33:52 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 06 Sep 2002 17:33:45 +0200 (CEST) Received: from karaba.org ([IPv6:::ffff:218.219.152.88]:6830 "EHLO zanzibar.karaba.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 17:33:28 +0200 Received: from [3ffe:501:1057:710::1] (helo=hyakusiki.karaba.org.karaba.org) by zanzibar.karaba.org with esmtp (Exim 3.35 #1 (Debian)) id 17nL6h-0002cb-00; Sat, 07 Sep 2002 00:33:15 +0900 Date: Sat, 07 Sep 2002 00:35:25 +0900 Message-ID: From: Mitsuru KANDA / =?ISO-2022-JP?B?GyRCP0BFRBsoQiAbJEI9PBsoQg==?= To: Michael Richardson Cc: linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel In-Reply-To: <200209061441.g86EfCXR029954@marajade.sandelman.ottawa.on.ca> References: <200209061441.g86EfCXR029954@marajade.sandelman.ottawa.on.ca> User-Agent: Wanderlust/2.8.1 (Something) Emacs/21.2 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, hits=-2.6 required=5.0 tests=IN_REP_TO,CHARSET_FARAWAY_HEADERS version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mk@karaba.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello Michael, > Until such time as the mainline kernel resides in a free country, > I would strongly recommend that the crypto code stay out. You mean the mainline kernel shuold reside outside of U.S like OpenBSD :-) ? I'm not familiar with the limitations on crypto exports of U.S. but I think at least CryptoAPI scheme existing inside the mainline kernel is useful for kernel developers who want to use cryptoapi. (e.g. abstraction layer: cryptoapi.c crypto.h) Regards, -mk -- ---------------------------------------- Mitsuru KANDA (mk@karaba.org) Toshiba Reseach & Development Center Communication Platform Laboratory (mk@isl.rdc.toshiba.co.jp) USAGI Project (mk@linux-ipv6.org) - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 6 20:18:05 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:37552 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 20:17:59 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 06 Sep 2002 20:17:46 +0200 (CEST) Received: from zork.zork.net ([IPv6:::ffff:66.92.188.166]:23212 "EHLO zork.zork.net") by humbolt.nl.linux.org with ESMTP id ; Fri, 6 Sep 2002 20:17:32 +0200 Received: from sneakums by zork.zork.net with local (Exim 3.35 #1 (Debian)) id 17nNfe-0005hE-00; Fri, 06 Sep 2002 11:17:30 -0700 To: linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel References: <200209061441.g86EfCXR029954@marajade.sandelman.ottawa.on.ca> From: Sean Neakums Organization: The Emadonics Institute X-Worst-Pick-Up-Line-Ever: "Hey baby, wanna peer with my leafnode instance?" X-Groin-Mounted-Steering-Wheel: "Arrrr... it's driving me nuts!" X-Message-Flag: Message text advisory: SALACIOUS IMAGININGS, DENIAL OF THE ANTECEDENT X-Mailer: Norman Mail-Followup-To: linux-crypto@nl.linux.org Date: Fri, 06 Sep 2002 19:17:29 +0100 In-Reply-To: (Mitsuru KANDA's message of "Sat, 07 Sep 2002 00:35:25 +0900") Message-ID: <6uvg5jkmo6.fsf@zork.zork.net> Lines: 22 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sneakums@zork.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org commence Mitsuru KANDA quotation: > Hello Michael, > >> Until such time as the mainline kernel resides in a free country, >> I would strongly recommend that the crypto code stay out. > You mean the mainline kernel shuold reside outside of U.S like OpenBSD :-) ? > > I'm not familiar with the limitations on crypto exports of U.S. but > I think at least CryptoAPI scheme existing inside the mainline > kernel is useful for kernel developers who want to use cryptoapi. > (e.g. abstraction layer: cryptoapi.c crypto.h) My recollection (which could be faulty) is that under the export regulations, code that contained crypto hooks was treated the same as code that actually implemented cryptography. -- / | [|] Sean Neakums | Questions are a burden to others; [|] | answers a prison for oneself. \ | - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 16:39:49 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:64173 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 16:39:37 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 16:39:06 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:60111 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 16:38:38 +0200 Received: from sandelman.ottawa.on.ca (marajade.sandelman.ottawa.on.ca [192.139.46.20]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g87Eb2W21978 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Sat, 7 Sep 2002 10:37:10 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g87Eaxi9004341 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Sat, 7 Sep 2002 10:37:01 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g87EatJj004337; Sat, 7 Sep 2002 10:36:56 -0400 Message-Id: <200209071436.g87EatJj004337@marajade.sandelman.ottawa.on.ca> To: Mitsuru KANDA / =?ISO-2022-JP?B?GyRCP0BFRBsoQiAbJEI9PBsoQg==?= cc: linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel In-reply-to: Your message of "Sat, 07 Sep 2002 00:35:25 +0900." Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Sat, 07 Sep 2002 10:36:55 -0400 From: Michael Richardson X-Spam-Status: No, hits=-6.0 required=5.0 tests=IN_REP_TO,LINES_OF_YELLING,PGP_SIGNATURE version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- >>>>> "mk" == mk writes: >> Until such time as the mainline kernel resides in a free country, >> I would strongly recommend that the crypto code stay out. mk> You mean the mainline kernel shuold reside outside of U.S like mk> OpenBSD :-) ? Yes. mk> I'm not familiar with the limitations on crypto exports of U.S. I strongly suggest that unless you want to be the Skyleroff, that you become familliar with them. Well, there are the same limitations that there always have been. The difference is that for the past 3 or 4 years, the bureaucrats have actually been following the law, which exempts open source software, except that they ask that you notify them that you are exporting things. The notice is not legal. Most believe it is so they can round you up later on to threaten you, if there is something that they want you to do. As this is an administrative change, not a legal one, they can change it back at any time, and can make it retroactively illegal. Note that current "cybercrime" laws in the US are retroactive as well. The "rules" apply to all people in the US (including non-US citizens), and all US citizens, regardless of where they are in the world. mk> but I think at least CryptoAPI scheme existing inside the mainline mk> kernel mk> is useful for kernel developers who want to use cryptoapi. mk> (e.g. abstraction layer: cryptoapi.c crypto.h) useful, yes. But, asking the US developers to risk their lives, families and possessions over? Remember that disney owns congresspersons, and I would presume so does Microsoft. Neither is happy with what Linux does to them. Having crypto in a US-maintained Linux kernel would provide trivial ways for Linux people to threatened and controlled. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPXoPBIqHRg3pndX9AQHVUAP/WYuzE1hymykqOnSJfTzi1wa66nY5+W0D LfF1fuKBRYBAjmot7/tGD0FFwJWN0NXA0kEzN8LA6xdUdzLpzm5KyENg6UvA3C0O YL4o9m3SUUXGDG53Tx1SvCyrQPz8v23//3M4tWNk3hsrpAmhZ+rwmO8Kk0c7ARrz xSqc6wAI2gE= =e8X7 -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 17:05:30 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:17077 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 17:05:15 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 17:05:09 +0200 (CEST) Received: from mx-03.carambole.com ([IPv6:::ffff:213.180.68.11]:47275 "HELO mx-03.carambole.com") by humbolt.nl.linux.org with SMTP id ; Sat, 7 Sep 2002 17:04:44 +0200 Received: (qmail 16435 invoked from network); 7 Sep 2002 15:04:42 -0000 Received: from unknown (HELO bifrost) (213.64.142.172) by mail.carambole.com with SMTP; 7 Sep 2002 15:04:42 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Thomas =?iso-8859-1?q?Sj=F6gren?= Reply-To: thomas@northernsecurity.net To: linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel Date: Sat, 7 Sep 2002 17:06:07 +0200 X-Mailer: KMail [version 1.2] References: <200209071436.g87EatJj004337@marajade.sandelman.ottawa.on.ca> In-Reply-To: <200209071436.g87EatJj004337@marajade.sandelman.ottawa.on.ca> MIME-Version: 1.0 Message-Id: <02090717060701.08582@bifrost> Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: thomas@northernsecurity.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Saturday 07 September 2002 16:36, Michael Richardson wrote: > mk> I'm not familiar with the limitations on crypto exports of > U.S. > > I strongly suggest that unless you want to be the Skyleroff, that > you become familliar with them. Check out the Crypto Law Survey and the summary of international crypto controls: http://rechten.kub.nl/koops/cryptolaw/ http://rechten.kub.nl/koops/cryptolaw/cls-sum.htm /Thomas -- thomas@northernsecurity.net | www.northernsecurity.net thomas@se.linux.org | www.se.linux.org - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 17:59:38 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:42173 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 17:59:27 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 17:59:17 +0200 (CEST) Received: from adsl-64-108-120-47.dsl.applwi.ameritech.net ([IPv6:::ffff:64.108.120.47]:15594 "EHLO cybershamanix.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 17:59:02 +0200 Received: (from hseaver@localhost) by cybershamanix.com (8.11.0/8.11.6) id g87F1uo24074; Sat, 7 Sep 2002 10:01:56 -0500 Date: Sat, 7 Sep 2002 10:01:56 -0500 From: Harmon Seaver To: Thomas =?iso-8859-1?Q?Sj=F6gren?= Cc: linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel Message-ID: <20020907150156.GA24010@cybershamanix.com> References: <200209071436.g87EatJj004337@marajade.sandelman.ottawa.on.ca> <02090717060701.08582@bifrost> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <02090717060701.08582@bifrost> User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hseaver@cybershamanix.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org It would seem that the best places to publish the kernel itself and all crypto would be countries such as Germany and Japan who are pro-free crypto. In fact, I think it's a very bad idea to have the kernel releases done in the US at all in the current political climate. What's the point of taking a chance of them being comprimised? I can download kernels from Germany just as easily as I can from the US, perhaps a tiny bit slower. I don't understand why the linux community releases kernels in the US, release them elsewhere and let the US mirror them. Besides, there are *no* regulations on import of crypto to the US, only export, so the solution would seem obvious. On Sat, Sep 07, 2002 at 05:06:07PM +0200, Thomas Sjögren wrote: > On Saturday 07 September 2002 16:36, Michael Richardson wrote: > > > mk> I'm not familiar with the limitations on crypto exports of > > U.S. > > > > I strongly suggest that unless you want to be the Skyleroff, that > > you become familliar with them. > > Check out the Crypto Law Survey and the summary of international crypto > controls: > http://rechten.kub.nl/koops/cryptolaw/ > http://rechten.kub.nl/koops/cryptolaw/cls-sum.htm > > /Thomas > -- > thomas@northernsecurity.net | www.northernsecurity.net > thomas@se.linux.org | www.se.linux.org > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ -- Harmon Seaver CyberShamanix http://www.cybershamanix.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 18:11:43 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:57280 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 18:11:29 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 18:11:24 +0200 (CEST) Received: from karaba.org ([IPv6:::ffff:218.219.152.88]:60849 "EHLO zanzibar.karaba.org") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Sat, 7 Sep 2002 18:11:01 +0200 Received: from [3ffe:501:1057:710::1] (helo=hyakusiki.karaba.org.karaba.org) by zanzibar.karaba.org with esmtp (Exim 3.35 #1 (Debian)) id 17niAJ-0003dD-00; Sun, 08 Sep 2002 01:10:31 +0900 Date: Sun, 08 Sep 2002 01:12:44 +0900 Message-ID: From: Mitsuru KANDA / =?ISO-2022-JP?B?GyRCP0BFRBsoQiAbJEI9PBsoQg==?= To: Harmon Seaver Cc: Thomas =?ISO-8859-1?Q?Sj=F6gren?= , linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel In-Reply-To: <20020907150156.GA24010@cybershamanix.com> References: <200209071436.g87EatJj004337@marajade.sandelman.ottawa.on.ca> <02090717060701.08582@bifrost> <20020907150156.GA24010@cybershamanix.com> User-Agent: Wanderlust/2.8.1 (Something) Emacs/21.2 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, hits=-2.6 required=5.0 tests=IN_REP_TO,CHARSET_FARAWAY_HEADERS version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mk@karaba.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I wonder why NetBSD and FreeBSD main tree are still in US. They include crypto code. Does anyone know the reasons about this? It might occured big discussion when merging KAME IPsec code... At Sat, 7 Sep 2002 10:01:56 -0500 Harmon Seaver wrote: > > It would seem that the best places to publish the kernel itself and all > crypto would be countries such as Germany and Japan who are pro-free crypto. In > fact, I think it's a very bad idea to have the kernel releases done in the US at > all in the current political climate. What's the point of taking a chance of > them being comprimised? I can download kernels from Germany just as easily as I > can from the US, perhaps a tiny bit slower. > I don't understand why the linux community releases kernels in the US, > release them elsewhere and let the US mirror them. Besides, there are *no* > regulations on import of crypto to the US, only export, so the solution would > seem obvious. > > > On Sat, Sep 07, 2002 at 05:06:07PM +0200, Thomas Sjögren wrote: > > On Saturday 07 September 2002 16:36, Michael Richardson wrote: > > > > > mk> I'm not familiar with the limitations on crypto exports of > > > U.S. > > > > > > I strongly suggest that unless you want to be the Skyleroff, that > > > you become familliar with them. > > > > Check out the Crypto Law Survey and the summary of international crypto > > controls: > > http://rechten.kub.nl/koops/cryptolaw/ > > http://rechten.kub.nl/koops/cryptolaw/cls-sum.htm > > > > /Thomas > > -- > > thomas@northernsecurity.net | www.northernsecurity.net > > thomas@se.linux.org | www.se.linux.org > > - > > Linux-crypto: cryptography in and on the Linux system > > Archive: http://mail.nl.linux.org/linux-crypto/ > > -- > Harmon Seaver > CyberShamanix > http://www.cybershamanix.com > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 18:12:44 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:37570 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 18:12:29 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 18:12:24 +0200 (CEST) Received: from ool-4352c2ce.dyn.optonline.net ([IPv6:::ffff:67.82.194.206]:18938 "EHLO motoko.thetransmission.net") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 18:11:53 +0200 Received: from chamoof (ool-18bcef43.dyn.optonline.net [24.188.239.67]) by motoko.thetransmission.net (8.11.6/8.11.6) with SMTP id g87GV5J12640 for ; Sat, 7 Sep 2002 12:31:05 -0400 (EDT) Message-ID: <000d01c25689$414f0080$1900a8c0@xmsn.net> Reply-To: "mike" From: "mike" To: References: <200209071436.g87EatJj004337@marajade.sandelman.ottawa.on.ca> <02090717060701.08582@bifrost> <20020907150156.GA24010@cybershamanix.com> Subject: Re: [Q] merging mainline kernel Date: Sat, 7 Sep 2002 12:11:41 -0400 Organization: davis MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: phar@thetransmission.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org actually.. as long as you release the code and have someone else build it (without support) in a country without export controls there is no issue.. the source code is free speech (see junger v. daley) and not subject to export restrictions. -phar www.im-passe.com/phar ----- Original Message ----- From: "Harmon Seaver" To: "Thomas Sjögren" Cc: Sent: Saturday, September 07, 2002 11:01 AM Subject: Re: [Q] merging mainline kernel > It would seem that the best places to publish the kernel itself and all > crypto would be countries such as Germany and Japan who are pro-free crypto. In > fact, I think it's a very bad idea to have the kernel releases done in the US at > all in the current political climate. What's the point of taking a chance of > them being comprimised? I can download kernels from Germany just as easily as I > can from the US, perhaps a tiny bit slower. > I don't understand why the linux community releases kernels in the US, > release them elsewhere and let the US mirror them. Besides, there are *no* > regulations on import of crypto to the US, only export, so the solution would > seem obvious. > > > On Sat, Sep 07, 2002 at 05:06:07PM +0200, Thomas Sjögren wrote: > > On Saturday 07 September 2002 16:36, Michael Richardson wrote: > > > > > mk> I'm not familiar with the limitations on crypto exports of > > > U.S. > > > > > > I strongly suggest that unless you want to be the Skyleroff, that > > > you become familliar with them. > > > > Check out the Crypto Law Survey and the summary of international crypto > > controls: > > http://rechten.kub.nl/koops/cryptolaw/ > > http://rechten.kub.nl/koops/cryptolaw/cls-sum.htm > > > > /Thomas > > -- > > thomas@northernsecurity.net | www.northernsecurity.net > > thomas@se.linux.org | www.se.linux.org > > - > > Linux-crypto: cryptography in and on the Linux system > > Archive: http://mail.nl.linux.org/linux-crypto/ > > -- > Harmon Seaver > CyberShamanix > http://www.cybershamanix.com > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 18:26:30 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:56517 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 18:26:24 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 18:26:19 +0200 (CEST) Received: from mx-04.carambole.com ([IPv6:::ffff:213.180.68.12]:61324 "HELO mx-04.carambole.com") by humbolt.nl.linux.org with SMTP id ; Sat, 7 Sep 2002 18:25:56 +0200 Received: (qmail 15495 invoked from network); 7 Sep 2002 16:25:54 -0000 Received: from unknown (HELO bifrost) (213.64.142.172) by mail.carambole.com with SMTP; 7 Sep 2002 16:25:54 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Thomas =?iso-8859-1?q?Sj=F6gren?= Reply-To: thomas@northernsecurity.net To: Harmon Seaver Subject: Re: [Q] merging mainline kernel Date: Sat, 7 Sep 2002 18:30:55 +0200 X-Mailer: KMail [version 1.2] Cc: linux-crypto@nl.linux.org References: <200209071436.g87EatJj004337@marajade.sandelman.ottawa.on.ca> <02090717060701.08582@bifrost> <20020907150156.GA24010@cybershamanix.com> In-Reply-To: <20020907150156.GA24010@cybershamanix.com> MIME-Version: 1.0 Message-Id: <02090718305503.08582@bifrost> Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: thomas@northernsecurity.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Saturday 07 September 2002 17:01, Harmon Seaver wrote: > It would seem that the best places to publish the kernel itself > and all crypto would be countries such as Germany and Japan who are > pro-free crypto. <-- snip --> > I don't understand why the linux community releases kernels in the > US, release them elsewhere and let the US mirror them. Besides, there > are *no* regulations on import of crypto to the US, only export, so > the solution would seem obvious. I completly agree with you. However, what good is the export regulations if the only thing that stopping me from dowloading the source code of, lets say, the Rijndael (AES) algorithm is a notice stating that i'm not allowed to download the code if i live in Iraq, Afghanistan, etc? what role does kerneli.org play in this? (is it still alive? i couldnt reach it). /Thomas -- thomas@northernsecurity.net | www.northernsecurity.net thomas@se.linux.org | www.se.linux.org - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 19:07:58 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:64715 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 19:07:51 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 19:07:42 +0200 (CEST) Received: from h195202190178.med.cm.kabsi.at ([IPv6:::ffff:195.202.190.178]:21899 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 19:07:19 +0200 Received: from janus.txd.hvrlab.org (IDENT:Uf8o1glylnLdRXV3cBzoTVLEVgiEzw7a@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g87H79r09138; Sat, 7 Sep 2002 19:07:09 +0200 Subject: Re: [Q] merging mainline kernel From: Herbert Valerio Riedel To: thomas@northernsecurity.net Cc: Harmon Seaver , linux-crypto@nl.linux.org In-Reply-To: <02090718305503.08582@bifrost> References: <200209071436.g87EatJj004337@marajade.sandelman.ottawa.on.ca> <02090717060701.08582@bifrost> <20020907150156.GA24010@cybershamanix.com> <02090718305503.08582@bifrost> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-l4jOfaOiMigRU7Xt66oa" X-Mailer: Ximian Evolution 1.0.8 Date: 07 Sep 2002 19:07:09 +0200 Message-Id: <1031418430.2897.76.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-l4jOfaOiMigRU7Xt66oa Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable On Sat, 2002-09-07 at 18:30, Thomas Sj=F6gren wrote: > what role does kerneli.org play in this? (is it still alive? i couldnt=20 > reach it). ...it's alive; we just seem to have some problems w/ international connectivity - I hope they'll fix that after the weekend; and before you ask, it's located in vienna/austria :-) ...by coincidence, master.kernel.org is down for more than a day :-/ regards, --=20 Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 --=-l4jOfaOiMigRU7Xt66oa Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9ejI9SYHgZIg/QUIRAieiAKCqGtL6eYvZGqMV/J/86jbm4usujgCfe1sl mvMIOjPK19h9K3MclgcVgBo= =pkQc -----END PGP SIGNATURE----- --=-l4jOfaOiMigRU7Xt66oa-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 20:44:32 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:32216 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 20:44:25 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 20:44:08 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:37839 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 20:43:53 +0200 Received: from sandelman.ottawa.on.ca (marajade.sandelman.ottawa.on.ca [192.139.46.20]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g87IgHW22226 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Sat, 7 Sep 2002 14:42:23 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g87IgGi9005865 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Sat, 7 Sep 2002 14:42:17 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g87IgDi3005861; Sat, 7 Sep 2002 14:42:14 -0400 Message-Id: <200209071842.g87IgDi3005861@marajade.sandelman.ottawa.on.ca> To: Mitsuru KANDA / =?ISO-2022-JP?B?GyRCP0BFRBsoQiAbJEI9PBsoQg==?= cc: Harmon Seaver , Thomas =?ISO-8859-1?Q?Sj=F6?= =?ISO-8859-1?Q?gren?= , linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel In-reply-to: Your message of "Sun, 08 Sep 2002 01:12:44 +0900." Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Sat, 07 Sep 2002 14:42:13 -0400 From: Michael Richardson X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org >>>>> "mk" == mk writes: mk> I wonder why NetBSD and FreeBSD main tree are still in US. mk> They include crypto code. cvs.netbsd.org has been in Finland for four years now. FreeBSD, I can not explain. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 7 20:47:53 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:30426 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 20:47:34 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 07 Sep 2002 20:47:29 +0200 (CEST) Received: from cyphermail.sandelman.ottawa.on.ca ([IPv6:::ffff:192.139.46.78]:36815 "EHLO noxmail.sandelman.ottawa.on.ca") by humbolt.nl.linux.org with ESMTP id ; Sat, 7 Sep 2002 20:47:05 +0200 Received: from sandelman.ottawa.on.ca (marajade.sandelman.ottawa.on.ca [192.139.46.20]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g87IjeW22238 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Sat, 7 Sep 2002 14:45:46 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g87Ijdi9005882 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Sat, 7 Sep 2002 14:45:40 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g87IjbZ6005878; Sat, 7 Sep 2002 14:45:38 -0400 Message-Id: <200209071845.g87IjbZ6005878@marajade.sandelman.ottawa.on.ca> To: "mike" cc: linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel In-reply-to: Your message of "Sat, 07 Sep 2002 12:11:41 EDT." <000d01c25689$414f0080$1900a8c0@xmsn.net> Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Sat, 07 Sep 2002 14:45:37 -0400 From: Michael Richardson X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mcr@sandelman.ottawa.on.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org >>>>> "mike" == mike writes: mike> in a country without export controls there is no issue.. mike> the source code is free speech (see junger v. daley) and not mike> subject to mike> export restrictions. That's a nice theory. Also in theory, RSA and DNA is not patentable, US citizens can never be denied their constitutional rights, Scott Adams Games is still in business, and sysadmins have the right to verify the security of their systems. If US citizens work on crypto, regardless of where they compile it, they make that crypto become under the control of the US. That is still true even today. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Sep 8 02:22:50 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:64914 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 8 Sep 2002 02:22:42 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 08 Sep 2002 02:22:29 +0200 (CEST) Received: from adsl-64-108-120-47.dsl.applwi.ameritech.net ([IPv6:::ffff:64.108.120.47]:40170 "EHLO cybershamanix.com") by humbolt.nl.linux.org with ESMTP id ; Sun, 8 Sep 2002 02:22:03 +0200 Received: (from hseaver@localhost) by cybershamanix.com (8.11.0/8.11.6) id g87NOlE24302; Sat, 7 Sep 2002 18:24:47 -0500 Date: Sat, 7 Sep 2002 18:24:47 -0500 From: Harmon Seaver To: Michael Richardson Cc: mike , linux-crypto@nl.linux.org Subject: Re: [Q] merging mainline kernel Message-ID: <20020907232447.GB24081@cybershamanix.com> References: <000d01c25689$414f0080$1900a8c0@xmsn.net> <200209071845.g87IjbZ6005878@marajade.sandelman.ottawa.on.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200209071845.g87IjbZ6005878@marajade.sandelman.ottawa.on.ca> User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hseaver@cybershamanix.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Sat, Sep 07, 2002 at 02:45:37PM -0400, Michael Richardson wrote: > Also in theory, RSA and DNA is not patentable, US citizens can never be > denied their constitutional rights, Scott Adams Games is still in business, Scott Adams??? Are you sure you aren't talking about Steve Jackson Games? > and sysadmins have the right to verify the security of their systems. > > If US citizens work on crypto, regardless of where they compile it, > they make that crypto become under the control of the US. That is still > true even today. Far be it for me to defend the US gov actions, but (other than on the hemp front) I think CA is pretty scary as well. In fact, if you've noticed, other than their moves to end the War on Some Drugs outside the US, the whole English speaking world is getting *really* scary. I lived in CA for a year, came back to the US after it became quite clear to me that civil rights were totally non-existent in CA, and that was 30 years ago. Really good to see what CA is doing on the marijuana issue, but I sure don't see them otherwise looking like a safe place to live or do business. Not that the US is, even remotely. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From delete@nr1call.com Sun Sep 8 17:51:50 2002 Received: from peregrine.cqhost.net ([IPv6:::ffff:209.126.140.2]:36359 "EHLO peregrine.cqhost.net") by humbolt.nl.linux.org with ESMTP id ; Sun, 8 Sep 2002 17:51:36 +0200 Received: from nr1call.com (216.85-200-80.adsl.skynet.be [80.200.85.216]) by virtualperegrine.cqhost.net (8.10.2/8.10.2) with SMTP id g88Fp8O29966; Sun, 8 Sep 2002 11:51:08 -0400 Message-Id: <200209081551.g88Fp8O29966@peregrine.cqhost.net> From: "Work from home in your own free time" To: Subject: Work from home in your own free time! Sender: "Work from home in your own free time" Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="= Multipart Boundary 0908021751" Date: Sun, 8 Sep 2002 17:51:22 +0200 Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multipart MIME message. --= Multipart Boundary 0908021751 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit --= Multipart Boundary 0908021751 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit

< /a >< /p > < /t d> < /t d> < /D IV > --= Multipart Boundary 0908021751-- From linux-crypto-bounce@nl.linux.org Wed Sep 11 12:03:32 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:902 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 11 Sep 2002 12:03:13 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 11 Sep 2002 12:02:45 +0200 (CEST) Received: from hera.rbi.informatik.uni-frankfurt.de ([IPv6:::ffff:141.2.20.2]:59140 "EHLO hera.rbi.informatik.uni-frankfurt.de") by humbolt.nl.linux.org with ESMTP id ; Wed, 11 Sep 2002 12:02:36 +0200 Received: (from opitz@localhost) by hera.rbi.informatik.uni-frankfurt.de (8.9.3 (PHNE_18979)/8.9.3) id MAA08079 for linux-crypto@nl.linux.org; Wed, 11 Sep 2002 12:02:34 +0200 (METDST) Date: Wed, 11 Sep 2002 12:02:33 +0200 From: Martin To: linux-crypto@nl.linux.org Subject: cryptoapi & loop-aes & ext3 & file based encryption Message-ID: <20020911120233.A7697@hera.rbi.informatik.uni-frankfurt.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: opitz@informatik.uni-frankfurt.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello All, I have one question. I have an ext3-filesystem. I want to make a file in this filesystem and want to encrypt & mount it (file based system, not the whole device based system) What filesystem can I use in that encrypted file, ext3 or only ext2 when the filesystem where that file will be uses ext3 ? Can you tell me the answer for both loop-aes & cryptoapi, please ? I don't want my data get corrupted by using wrong combinations. Many thanks for the Help ! Martin - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Sep 11 13:47:06 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:13200 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 11 Sep 2002 13:47:01 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 11 Sep 2002 13:46:53 +0200 (CEST) Received: from usenet.otenet.gr ([IPv6:::ffff:195.170.0.4]:29997 "EHLO usenet.otenet.gr") by humbolt.nl.linux.org with ESMTP id ; Wed, 11 Sep 2002 13:46:36 +0200 Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by usenet.otenet.gr (8.12.4/8.12.4) with ESMTP id g8BBkX8J019209 for ; Wed, 11 Sep 2002 14:46:34 +0300 (EEST) Received: from shyrka.localdom (leva364-isdn-a040.otenet.gr [62.103.242.232]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g8BBjOK9023839; Wed, 11 Sep 2002 14:45:25 +0300 (EEST) Received: from localhost ([127.0.0.1] ident=42) by shyrka.localdom with esmtp (Exim 3.36 #1 (Debian)) id 17p5vw-0004AV-00; Wed, 11 Sep 2002 14:45:24 +0300 Date: Wed, 11 Sep 2002 14:45:03 +0300 Message-ID: <87vg5ckaww.wl@shyrka.localdom> From: Stelios Bounanos To: Martin Cc: linux-crypto@nl.linux.org Subject: Re: cryptoapi & loop-aes & ext3 & file based encryption In-Reply-To: <20020911120233.A7697@hera.rbi.informatik.uni-frankfurt.de> References: <20020911120233.A7697@hera.rbi.informatik.uni-frankfurt.de> User-Agent: Wanderlust/2.9.14 (Unchained Melody) Emacs/21.2.1 X-PGP-Key: http://www.sb.dial.pipex.com/sb-gpg-pub.asc X-Attribution: sb MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sb@dial.pipex.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org >>>>> On Wed, 11 Sep 2002 12:02:33 +0200, Martin >>>>> was rumoured to have said: > Hello All, > I have one question. I have an ext3-filesystem. I want to make a file > in this filesystem and want to encrypt & mount it (file based system, not > the whole device based system) > What filesystem can I use in that encrypted file, ext3 or only ext2 when > the filesystem where that file will be uses ext3 ? > Can you tell me the answer for both loop-aes & cryptoapi, please ? > I don't want my data get corrupted by using wrong combinations. In the archives, explained by Jari Ruusu: http://mail.nl.linux.org/linux-crypto/2002-02/msg00020.html http://mail.nl.linux.org/linux-crypto/2002-06/msg00047.html (and other messages in this thread) > Many thanks for the Help ! > Martin Rgds, /-sb. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Sep 11 21:10:43 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:45020 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 11 Sep 2002 21:10:37 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 11 Sep 2002 21:10:22 +0200 (CEST) Received: from hera.rbi.informatik.uni-frankfurt.de ([IPv6:::ffff:141.2.20.2]:16914 "EHLO hera.rbi.informatik.uni-frankfurt.de") by humbolt.nl.linux.org with ESMTP id ; Wed, 11 Sep 2002 21:10:00 +0200 Received: (from opitz@localhost) by hera.rbi.informatik.uni-frankfurt.de (8.9.3 (PHNE_18979)/8.9.3) id VAA12665 for linux-crypto@nl.linux.org; Wed, 11 Sep 2002 21:09:58 +0200 (METDST) Date: Wed, 11 Sep 2002 21:09:57 +0200 From: Martin To: linux-crypto@nl.linux.org Subject: Re: cryptoapi & loop-aes & ext3 & file based encryption Message-ID: <20020911210957.A11813@hera.rbi.informatik.uni-frankfurt.de> References: <20020911120233.A7697@hera.rbi.informatik.uni-frankfurt.de> <87vg5ckaww.wl@shyrka.localdom> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <87vg5ckaww.wl@shyrka.localdom>; from Stelios Bounanos on Wed, Sep 11, 2002 at 02:45:03PM +0300 X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: opitz@informatik.uni-frankfurt.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > http://mail.nl.linux.org/linux-crypto/2002-02/msg00020.html > > http://mail.nl.linux.org/linux-crypto/2002-06/msg00047.html > (and other messages in this thread) Many thanks for the interesting arcticles. So, if I understand right: When I mount ext3 at boot with fstab it defaults to data=ordered and thus I can use for loop-aes & cryptoapi: ext3 -> loop -> ext3 (default=ordered) -> partition with no future options. Also ext2 -> loop -> ext3 -> partition should work with no problem. Correct ? BTW, what is more reliable, loop-aes or cryptoapi ? I have the feeling from the postings that more people use loop-aes. Maybe I'm wrong. Thanks ! Martin - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Sep 12 02:39:42 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:62619 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 12 Sep 2002 02:39:34 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 12 Sep 2002 02:39:20 +0200 (CEST) Received: from usenet.otenet.gr ([IPv6:::ffff:195.170.0.4]:60852 "EHLO usenet.otenet.gr") by humbolt.nl.linux.org with ESMTP id ; Thu, 12 Sep 2002 02:39:04 +0200 Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by usenet.otenet.gr (8.12.4/8.12.4) with ESMTP id g8C0d28J024910 for ; Thu, 12 Sep 2002 03:39:02 +0300 (EEST) Received: from shyrka.localdom (leva364-a12.otenet.gr [212.205.237.236]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g8C0bwlp009786 for ; Thu, 12 Sep 2002 03:38:00 +0300 (EEST) Received: from localhost ([127.0.0.1] ident=42) by shyrka.localdom with esmtp (Exim 3.36 #1 (Debian)) id 17pHzb-0002k6-00 for ; Thu, 12 Sep 2002 03:37:59 +0300 Date: Thu, 12 Sep 2002 03:37:59 +0300 Message-ID: <87bs74rqjc.wl@shyrka.localdom> From: Stelios Bounanos To: linux-crypto@nl.linux.org Subject: Re: cryptoapi & loop-aes & ext3 & file based encryption In-Reply-To: <20020911210957.A11813@hera.rbi.informatik.uni-frankfurt.de> References: <20020911120233.A7697@hera.rbi.informatik.uni-frankfurt.de> <87vg5ckaww.wl@shyrka.localdom> <20020911210957.A11813@hera.rbi.informatik.uni-frankfurt.de> User-Agent: Wanderlust/2.9.14 (Unchained Melody) Emacs/21.2.1 X-PGP-Key: http://www.sb.dial.pipex.com/sb-gpg-pub.asc X-Attribution: sb MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sb@dial.pipex.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org >>>>> On Wed, 11 Sep 2002 21:09:57 +0200, Martin >>>>> was rumoured to have said: >> http://mail.nl.linux.org/linux-crypto/2002-02/msg00020.html >> >> http://mail.nl.linux.org/linux-crypto/2002-06/msg00047.html >> (and other messages in this thread) > Many thanks for the interesting arcticles. > So, if I understand right: > When I mount ext3 at boot with fstab it defaults to data=ordered and thus I can > use for loop-aes & cryptoapi: > ext3 -> loop -> ext3 (default=ordered) -> partition > with no future options. > Also > ext2 -> loop -> ext3 -> partition > should work with no problem. > Correct ? Yes, this is my understanding as well. > BTW, what is more reliable, loop-aes or cryptoapi ? I have the feeling > from the postings that more people use loop-aes. Maybe I'm wrong. I can't comment on this, as I've never used loop-aes or run cryptoapi in a particularly stressing environment. However, I seem to remember the author of loop-aes claiming that it perfoms better than the cryptoapi, so you might want to test and compare them on that basis also. > Thanks ! > Martin Rgds, /-sb. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Sep 12 02:52:20 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:415 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 12 Sep 2002 02:52:09 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 12 Sep 2002 02:52:04 +0200 (CEST) Received: from hera.rbi.informatik.uni-frankfurt.de ([IPv6:::ffff:141.2.20.2]:25098 "EHLO hera.rbi.informatik.uni-frankfurt.de") by humbolt.nl.linux.org with ESMTP id ; Thu, 12 Sep 2002 02:51:56 +0200 Received: (from opitz@localhost) by hera.rbi.informatik.uni-frankfurt.de (8.9.3 (PHNE_18979)/8.9.3) id CAA02571 for linux-crypto@nl.linux.org; Thu, 12 Sep 2002 02:51:55 +0200 (METDST) Date: Thu, 12 Sep 2002 02:51:54 +0200 From: Martin To: linux-crypto@nl.linux.org Subject: ext3 & e2fsck & simulated crash & loop-aes Message-ID: <20020912025154.A2251@hera.rbi.informatik.uni-frankfurt.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: opitz@informatik.uni-frankfurt.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, so I have now loop-aes with file backed and ext3->ext3->partition. I did copy a large file from the normal partition to the crypto-file and in the middle just pressed reset. I wanted to see what happens. I just wonder because at boot e2fsck says for the whole partition (where the cryptofile is as well) "recovering journal". Now when I make a losetup -e to /dev/loop0 for the file and then a e2fsck /dev/loop0 (or e2fsck -f /dev/loop0) it says everything is ok. I wonder why it doesn't say recovering journal for the crypto-fs as well like for the whole partition on boot ? Anyone can explain it to me ? Thanks ! Martin PS: It really is very fast with loop-aes. Great thing ! - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From isabel@69.com Sat Sep 14 14:20:09 2002 Received: from ACB0FB84.ipt.aol.com ([IPv6:::ffff:172.176.251.132]:14861 "HELO privat") by humbolt.nl.linux.org with SMTP id ; Sat, 14 Sep 2002 14:20:04 +0200 From: "Isabel" To: Subject: E_R_O_T_I_K___P_U_R_!!! Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Sat, 14 Sep 2002 14:30:09 Message-Id: <20020914122009Z16311-28044+134@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hallo, endlich bin ich frei und total hemmungslos nur fuer dich. Wir koennen miteinander reden oder du schaust mir einfach zu. Alles was DU willst!!!! Ich kann dir eine voellig neue Seite von mir zeigen. Ich mach dir ein Angebot, das du unmoeglich ablehnen kannst, wenn du nur ein bischen Spass haben willst, Ich warte auf dich!!!! http://isabel69.yeah.net Deine Isabel From linux-crypto-bounce@nl.linux.org Mon Sep 16 07:10:30 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:56784 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 16 Sep 2002 07:10:25 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 16 Sep 2002 07:08:53 +0200 (CEST) Received: from hank-fep7-0.inet.fi ([IPv6:::ffff:194.251.242.202]:3760 "EHLO fep07.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Mon, 16 Sep 2002 07:08:34 +0200 Received: from pp.inet.fi ([194.197.67.107]) by fep07.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020916050829.STKH1337.fep07.tmt.tele.fi@pp.inet.fi>; Mon, 16 Sep 2002 08:08:29 +0300 Message-ID: <3D85674D.58058CE9@pp.inet.fi> Date: Mon, 16 Sep 2002 08:08:29 +0300 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Martin CC: linux-crypto@nl.linux.org Subject: Re: ext3 & e2fsck & simulated crash & loop-aes References: <20020912025154.A2251@hera.rbi.informatik.uni-frankfurt.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Martin wrote: > so I have now loop-aes with file backed and ext3->ext3->partition. > I did copy a large file from the normal partition to the crypto-file > and in the middle just pressed reset. I wanted to see what happens. > > I just wonder because at boot e2fsck says for the whole partition (where > the cryptofile is as well) "recovering journal". Now when I make > a losetup -e to /dev/loop0 for the file and then a e2fsck /dev/loop0 > (or e2fsck -f /dev/loop0) it says everything is ok. I wonder why it > doesn't say recovering journal for the crypto-fs as well like for the > whole partition on boot ? Anyone can explain it to me ? If you use fsck, be sure to specify filesystem type as ext3. And if you are just mounting it without fsck, EXT3 FS writes "recovery complete" message using kernel printk(). You have to use dmesg program to display it on your console. On boot before klogd and syslogd are started, such printk()s are usually displayed on the console. That doesn't necessarily happen after boot has completed. I tried to reproduce this twice in data=ordered mode. On first attempt I used fsck to replay the journal. Here is output of that attempt: # losetup -e AES128 /dev/loop0 /root/zz loop: loaded (max 8 devices) Password: # fsck -t ext3 -f /dev/loop0 fsck 1.27 (8-Mar-2002) e2fsck 1.27 (8-Mar-2002) /dev/loop0: recovering journal Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information /dev/loop0: 12/102400 files (0.0% non-contiguous), 7322/102400 blocks On second attempt, I just mounted it and EXT3 FS replayed the journal. Here is output of that attempt: # mount -t ext3 /root/zz /mnt666 -o loop=/dev/loop0,encryption=AES128 loop: loaded (max 8 devices) Password: kjournald starting. Commit interval 5 seconds EXT3 FS 2.4-0.9.17, 10 Jan 2002 on loop(7,0), internal journal EXT3-fs: recovery complete. EXT3-fs: mounted filesystem with ordered data mode. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Sep 20 17:37:46 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:36009 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 20 Sep 2002 17:37:34 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 20 Sep 2002 17:36:51 +0200 (CEST) Received: from web40511.mail.yahoo.com ([IPv6:::ffff:66.218.78.128]:5535 "HELO web40511.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Fri, 20 Sep 2002 17:36:36 +0200 Message-ID: <20020920153630.70118.qmail@web40511.mail.yahoo.com> Received: from [134.93.8.241] by web40511.mail.yahoo.com via HTTP; Fri, 20 Sep 2002 08:36:30 PDT Date: Fri, 20 Sep 2002 08:36:30 -0700 (PDT) From: Mr etwcn etwcn Subject: Which patch-int for 2.4.19 To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: etwcn@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, I want to be able to use cryptographic filesystems with my linux 2.4.19 kernel. The last official patch is patch-int-2.4.3.1 but I can not apply it to the 2.4.19 kernel without rejects. I see a patch-int-2.4.19.1 in the TESTING directory, which works fine. But actually I want to use a stable version because I do not want to lose data. Can I savely use the patch-int-2.4.19.1 or is there any other way to get the patch-int-2.4.3.1 applied. Any help would be greatly appreciated. Thomas Müller __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 21 02:50:07 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:30683 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 21 Sep 2002 02:49:58 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 21 Sep 2002 02:49:41 +0200 (CEST) Received: from p5087E857.dip0.t-ipconnect.de ([IPv6:::ffff:80.135.232.87]:31078 "HELO webmaster2") by humbolt.nl.linux.org with SMTP id ; Sat, 21 Sep 2002 02:49:32 +0200 From: "Jasmina Richter" To: Subject: Danke =?ISO-8859-1?Q?f=FCr?= Deine Hilfe Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Sun, 22 Sep 2002 02:49:54 Message-Id: <20020921004934Z16840-3005+506@humbolt.nl.linux.org> X-Spam-Status: No, hits=3.0 required=5.0 tests=INVALID_DATE_NO_TZ,FROM_ENDS_IN_NUMS version=2.20 X-Spam-Level: *** X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: JasminaRichter33@web.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Gruess Dich, nun habe ich mich doch in eine Kontaktdatenbank eingetragen. Wenn Du Recht haben solltest, bin ich nicht mehr lange so einsam..... ...und kann meine sexuellen Phantasien ausleben. Schau Dir mal den Eintrag an, ob er so OKAY ist und schreibe mir Deinen Eindruck. http://jassiemaus.yeah.net Danke noch mal fuer Alles..... Deine Jasmina PS: DU kannst ja mal wieder anrufen!! - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 21 19:10:25 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:65225 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 21 Sep 2002 19:10:17 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 21 Sep 2002 19:09:51 +0200 (CEST) Received: from pop.gmx.de ([IPv6:::ffff:213.165.64.20]:56669 "HELO mail.gmx.net") by humbolt.nl.linux.org with SMTP id convert rfc822-to-8bit; Sat, 21 Sep 2002 19:09:31 +0200 Received: (qmail 8381 invoked by uid 0); 21 Sep 2002 17:09:28 -0000 Received: from rou-woko-nat.ethz.ch (HELO localhost.localdomain) (129.132.107.21) by mail.gmx.net (mp016-rz3) with SMTP; 21 Sep 2002 17:09:28 -0000 Subject: Re: Which patch-int for 2.4.19 From: m96 To: Mr etwcn etwcn Cc: linux-crypto@nl.linux.org In-Reply-To: <20020920153630.70118.qmail@web40511.mail.yahoo.com> References: <20020920153630.70118.qmail@web40511.mail.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Mailer: Ximian Evolution 1.0.8 Date: 21 Sep 2002 19:08:34 +0200 Message-Id: <1032628119.18983.8.camel@symirna> Mime-Version: 1.0 X-Spam-Status: No, hits=-3.4 required=5.0 tests=IN_REP_TO,FROM_ENDS_IN_NUMS version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: m96@gmx.li Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org testing works fine. and there is no way to use such an old patch for the current kernel source. don't worry... but don't forget to read the docs in ../linux/Documentation/cryptoapi cheers... On Fri, 2002-09-20 at 17:36, Mr etwcn etwcn wrote: > Hi, > > I want to be able to use cryptographic filesystems > with my linux 2.4.19 kernel. The last official patch > is patch-int-2.4.3.1 but I can not apply it to the > 2.4.19 kernel without rejects. I see a > patch-int-2.4.19.1 in the TESTING directory, which > works fine. But actually I want to use a stable > version because I do not want to lose data. Can I > savely use the patch-int-2.4.19.1 or is there any > other way to get the patch-int-2.4.3.1 applied. Any > help would be greatly appreciated. > > Thomas Müller > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Finance - Get real-time stock quotes > http://finance.yahoo.com > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Sep 21 21:49:22 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:38614 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 21 Sep 2002 21:49:08 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 21 Sep 2002 21:47:40 +0200 (CEST) Received: from [IPv6:::ffff:61.235.68.66] ([IPv6:::ffff:61.235.68.66]:17223 "HELO 19.54.11.17") by humbolt.nl.linux.org with SMTP id ; Sat, 21 Sep 2002 21:47:21 +0200 From: yang To: linux-crypto@nl.linux.org Reply-To: yang@21cn.com Subject: =?gb2312?q?__=C8=AB=CA=D0=D7=EE=B1=E3=D2=CB=B5=C4=CA=D0=BB=B0=CD=A8=BA=CDCDMA=BA=CDGSM=CA=D6=BB=FA?= Date: Tue, 17 Aug 1999 03:54:23 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="afd38946-5452-11d3-a98a-5254ab006df4" Message-Id: <20020921194724Z16612-19650+65@humbolt.nl.linux.org> X-Spam-Status: No, hits=3.7 required=5.0 tests=CHARSET_FARAWAY_HEADERS,SUBJ_ALL_CAPS version=2.20 X-Spam-Level: *** X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: yang@21cn.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format --afd38946-5452-11d3-a98a-5254ab006df4 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: quoted-printable CDMA=CA=D6=BB=FA900=D4=AA=CB=CD1300=BB=B0=B7=D1=A3=A8=C3=BF=B7=D6=D6=D30=A1=A3= 20=D4=AA=A3=A9=3D=3D=3D=3D=3D =CF=D6=B4=FA1100=CA=D0=BB=B0=CD=A8600=D4=AA=A3=A8=BA=AC400=BB=B0=B7=D1 CDMA=CA=D6=BB=FA=BF=A8150=D4=AA=D2=BB=D5=C5=A3=A8=BA=AC1000=D4=AA=BB=B0=B7=D1= =A3=A9=B4=F2=CA=D0=C4=DA=B5=E7=BB=B0=CF=E0=B5=B1=D3=DA7=B7=D6=C7=AE=D2=BB=B7= =D6=D6=D3 SONY100=CA=D0=BB=B0=CD=A8500=D4=AA=A3=A8=CB=CD400=BB=B0=B7=D1 =C4=A6=CD=D0=C2=DE=C0=AD=C0=CF=BF=EE=CA=D6=BB=FA120=D4=AA=D2=BB=CC=A8 =C4=DC=C9=CF=CD=F8=B5=C4=CE=F7=C3=C5=D7=D33508=CA=D6=BB=FA430=D4=AA =C4=DC=C9=CF=CD=F8=B5=C4=B0=AE=C1=A2=D0=C5T29=CA=D6=BB=FA500=D4=AA =CA=D0=BB=B0=CD=A8=B4=F8=BB=FA=C8=EB=CC=A8150=D4=AA=CB=CD400=BB=B0=B7=D1 =CF=EA=C7=E9=C7=EB=D7=C9=D1=AF26840989 ---------------------------------------------------- DEMO=B0=E6=B1=BE=B7=A2=CB=CD ---------------------------------------------------- --afd38946-5452-11d3-a98a-5254ab006df4-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Sep 22 20:23:37 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:51909 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 22 Sep 2002 20:23:24 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 22 Sep 2002 20:22:52 +0200 (CEST) Received: from [IPv6:::ffff:61.235.68.66] ([IPv6:::ffff:61.235.68.66]:20551 "HELO 16.30.16.18") by humbolt.nl.linux.org with SMTP id ; Sun, 22 Sep 2002 20:22:27 +0200 From: yang To: linux-crypto@nl.linux.org Reply-To: yang@21cn.com Subject: =?gb2312?q?=CE=D2=D3=D0=C8=AB=CA=D0=D7=EE=B1=E3=D2=CB=B5=C4=CA=D0=BB=B0=CD=A8=BA=CDCDMA=BA=CDGSM=CA=D6=BB=FA,_cdma=CA=D6=BB=FA=BA=C5=C2=EB150=D4=AA=A3=A8=BA=AC1000=D4=AA=BB=B0=B7=D1?= Date: Wed, 18 Aug 1999 02:30:41 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="2ae84372-550f-11d3-a98a-5254ab006df4" Message-Id: <20020922182236Z16530-2197+34@humbolt.nl.linux.org> X-Spam-Status: No, hits=1.8 required=5.0 tests=CHARSET_FARAWAY_HEADERS version=2.20 X-Spam-Level: * X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: yang@21cn.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format --2ae84372-550f-11d3-a98a-5254ab006df4 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: quoted-printable CDMA=CA=D6=BB=FA900=D4=AA=CB=CD1300=BB=B0=B7=D1=A3=A8=C3=BF=B7=D6=D6=D30=A1=A3= 20=D4=AA=A3=A9=3D=3D=3D=3D=3D =CF=D6=B4=FA1100=CA=D0=BB=B0=CD=A8600=D4=AA=A3=A8=BA=AC400=BB=B0=B7=D1 CDMA=CA=D6=BB=FA=BF=A8150=D4=AA=D2=BB=D5=C5=A3=A8=BA=AC1000=D4=AA=BB=B0=B7=D1= =A3=A9=B4=F2=CA=D0=C4=DA=B5=E7=BB=B0=CF=E0=B5=B1=D3=DA7=B7=D6=C7=AE=D2=BB=B7= =D6=D6=D3 SONY100=CA=D0=BB=B0=CD=A8580=D4=AA=A3=A8=CB=CD400=BB=B0=B7=D1 =C4=A6=CD=D0=C2=DE=C0=AD=C0=CF=BF=EE=CA=D6=BB=FA120=D4=AA=D2=BB=CC=A8 =C4=DC=C9=CF=CD=F8=B5=C4=CE=F7=C3=C5=D7=D33508=CA=D6=BB=FA430=D4=AA =C4=DC=C9=CF=CD=F8=B5=C4=B0=AE=C1=A2=D0=C5T29=CA=D6=BB=FA450=D4=AA =CA=D0=BB=B0=CD=A8=B4=F8=BB=FA=C8=EB=CC=A8220=D4=AA=CB=CD400=BB=B0=B7=D1 =CF=EA=C7=E9=C7=EB=D7=C9=D1=AF26840989 --2ae84372-550f-11d3-a98a-5254ab006df4-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Sep 23 17:43:49 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:47568 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 23 Sep 2002 17:43:44 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 23 Sep 2002 17:43:13 +0200 (CEST) Received: from ADijon-106-1-10-116.abo.wanadoo.fr ([IPv6:::ffff:81.48.214.116]:11518 "EHLO mouveupe") by humbolt.nl.linux.org with ESMTP id ; Mon, 23 Sep 2002 17:42:09 +0200 Received: from intrigeri by mouveupe with local (Exim 3.35 #1 (Debian)) id 17tVBN-000156-00 for ; Mon, 23 Sep 2002 17:31:33 +0200 Date: Mon, 23 Sep 2002 17:31:33 +0200 From: intrigeri To: linux-crypto@nl.linux.org Subject: cryptoAPI howto in french Message-ID: <20020923153133.GC1022@localhost> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="/aVve/J9H4Wl5yVO" Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4i X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: intrigeri@no-log.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --/aVve/J9H4Wl5yVO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, I've translated the cryptoAPI howto in french. I mean, the document called "The Linux CryptoAPI - A User's Perspective", by David Bryson ; I've worked on the pdf version, written on may 31, 2002. my translation is attached. Does David Bryson still maintain this howto ? Will he update this document ? If not, I'm interested in doing this work. Just let me know. -- intrigeri --/aVve/J9H4Wl5yVO Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: attachment; filename="cryptoAPI-howto-fr.txt" Content-Transfer-Encoding: 8bit # CryptoAPI pour GNU/Linux, du point de vue de l'utilisateur/ice # # Auteur original : David Bryson # Date de publication initiale : 31 mai 2002 # # Traducteur : intrigeri@no-log.org # Date de la traduction : 23 septembre 2002 # # Théorie Nous allons parler de l'utilisation de la cryptographie forte sous GNU/Linux. A l'aide des patches pour le noyau dont cet article parle, vous pouvez crypter l'intégralité de votre disque dur, de vos connections réseau, et même votre swap. Nous allons présenter deux de ces solutions, et nous concentrer principalement sur l'une d'entre elles : CryptoAPI pour GNU/Linux. La "cryptographie" est la science qui conçoit et analyse des "chiffres". Un chiffre est un algorithme qui transforme du texte "en clair" en une soupe incompréhensible nommée "texte crypté", via une séquence de code prédéterminée. Le but est que seul-e-s l'expéditeur/ice et le/la destinataire aient accès à la clé, et donc qu'ils/elles soient les seul-e-s à avoir accès au texte en clair. L'application du chiffre sur le texte se nomme l'encryptage, et le processus inverse, le décryptage. Une clé est nécessaire pour encrypter des données avec un chiffre donné. Cette clé est ce qui sécurise le chiffre, et permet son/sa seul-e propriétaire de décrypter ce qui a été encrypté. La clé est fournie au chiffre, en plus du texte en clair, pour produire le texte crypté. Pour ce qui est du décryptage, la clé et le texte crypté sont fournis au chiffre, qui renvoie le texte en clair. -- figure 1 : encryptage et décryptage -- Donner au noyau Linux le support de la cryptographie vous donne moult moyens de sécuriser vos données. Cet article explique comment le faire, en utilisant CryptoAPI. Quelques utilisations possibles de CryptoAPI sont : - l'encryptage de tout support physique (partitions de disque dur, swap, cdroms) ; sans ça, toute personne qui prendrait votre disque dur et l'installerait sur une autre machine pourrait lire les données qui y sont stockées... grâce au support de la cryptographie au niveau du noyau, vous pouvez encrypter la partition qui contient vos répertoire home ; ainsi, vos données seront illisibles... sauf par vous. - l'encryptage du trafic réseau, ie. IPsec ou toute autre forme de cryptage réseau d'un bout à l'autre ; les VPNs (Virtual Private Networks / réseaux privés virtuels) permettent d'encrypter les communications avant qu'elles ne sortent de votre ordinateur ; l'utilisation des VPNs étant en pleine expansion, il est important, pour conserver un niveau correct de performances et de sécurité, d'avoir un noyau gérant la cryptographie. # 1. Les différentes implémentations de la cryptographie Il existe actuellement deux principaux moyen d'ajouter le support de la cryptographie au noyau Linux. Nous citerons brièvement loop-AES, puis nous nous concentrerons sur CryptoAPI. Ces deux solutions ont l'avantage de se "brancher" sur le noyau sans modifier ses sources (ni redémarrer !). La seule modification devant être faite au code source du noyau est un patch à appliquer sur le pilote de loopback, qui peut aisément être chargé/déchargé s'il est compilé sous forme de module. Nous espérons voir ce patch intégré dans le noyau prochainement. Ce patch permet au module de loopback d'intercepter les requêtes de lecture/écriture sur le système de fichiers crypté, et d'encrypter/décrypter les données à la volée. Nous préciserons ceci dans les prochains paragraphes. Loop-AES est conçu uniquement pour le cryptage de systèmes de fichiers ; il utilise comme chiffre le fameux AES (Advanced Encryption Standard / Standard avancé de cryptage), et donc l'algorithme de Rijndael. Il est plutôt rapide, et fournit une implémentation en assembleur pour les processeurs Intel x86 (les autre architectures se contenteront de l'implémentation en C). Pour plus d'informartion sur loop-AES, visitez http://loopaes.sourceforge.net. Le package CryptoAPI fournit une solution plus polyvalente de cryptographie au niveau du noyau. Il utilise une interface générique permettant à tout module du noyau d'encrypter/décrypter des données. Le cryptage de systèmes de fichiers n'est qu'une de ses nombreuses applications possibles. CryptoAPI fournit 12 chiffres différents, et supporte le montage/démontage et l'utilisation des systèmes de fichiers encryptés avec loop-AES. # 2. Installation de CryptoAPI Voyons maitenant comment faire fonctionner CryptoAPI sur votre machine. Il nous faut tout d'abord obtenir les sources de votre noyau et les dernières sources de CryptoAPI correspondant au noyau que vous utilisez. La dernière version de CryptoAPI peut toujours être trouvée ici : http://www.kernel.org/pub/linux/kernel/crypto/. Une fois que vous l'avez téléchargée, décompressez l'archive dans /usr/src/cryptoapi : $ cd /usr/src/cryptoapi $ tar xvzf cryptoapi-0.1.0.tar.tz NB : lisez toujours le README pour tout logiciel que vous téléchargez ! Avant de compiler un chiffre, nous devons patcher le driver de loop pour les raisons évoquées plus haut. Il existe actuellement deux patches, tout deux distribués avec CryptoAPI. Le patch loop-iv offre le support minimal nécessaire à CryptoAPI, tandis que le patch loop-jari, distribué avec loop-AES, corrige quelques bugs. Nous aurons une approche minimaliste, et nous ne nous occuperons que du patch loop-iv (Initialization Vector), suffisant pour ce qui nous occupe. Pour cela, allez dans le répertoire contenant les sources de CryptoAPI, et lancez cette commande : $ make patchkernel KDIR= LOOP=iv NB : même si vous n'utilisez pas une version du noyau correspondant exactement à celle du patch loop-iv, vous avez des chances de parvenir à vos fins, car le driver de loop n'a presque pas changé depuis le passage du noyau 2.2 au 2.4. Il existe un script permettant de déterminer la version du patch la plus proche de celle de votre noyau, et d'appliquer le patch automatiquement. Si vous souhaitez utiliser le le patch loop-jari, donnez au paramètre LOOP la valeur 'jari' au lieu de 'iv'. Ceci étant fait, vous devez recompiler le driver de loop. Si vous avez déjà une configuration de noyau prête, vous pouvez vous contenter de recompiler et installer le module loop. Sinon, il vous faut compiler le module à la main, en précisant quelques flags au compilateur C. Vous pouvez maintenant compiler les modules des chiffres et le plugin de loopback pour la cryptographie, puis les installer sans recompiler l'intégralité de notre noyau, grâce à la magie des modules. Pour compiler ces modules, tapez simplement : $ make modules KDIR= Et les modules de CrytoAPI seront compilés, après quoi nous pouvons les installer dans le répertoire approprié, afin de pouvoir les charger. Un script le fera pour vous si vous exécutez cette commande : $ make install_modules Avant que de pouvoir utiliser le cryptage via loopback, il nous faut compiler un logiciel ne faisant pas partie du noyau : le programme losetup, qui fait partie du package util-linux, a besoin d'être patché pour être capable de dire au noyau quel chiffre et quelle clé utiliser. Selon la distribution GNU/Linux utilisée, la méthode est différente : si vous utilisez Debian Woody (ou supérieure), la version patchée de losetup est d'ores et déjà installée, dans le package util-linux. Les utilisateur/ice/s de Debian Potato peuvent télécharger le patch et recompiler util-linux. Il existe des RPMs patchés pour RedHat, ainsi que des patches pour les sources, sur http://www.kerneli.org/. Si votre distribution ne fournit pas ce patch, proposez à ses fournisseur/se/s une version patchée de losetup. Une fois que la bonne version de losetup est installée, CryptoAPI est installée sur votre ordinateur, et vous êtes prêt-e à mettre en place des systèmes de fichiers cryptés ! # 3. Utiliser CryptoAPI Nous parlerons dans ce paragraphe d'une des applications de CryptoAPI : encrypter un système de fichiers entier. Sur la plupart des systèmes, le disque dur est partagé en plusieurs partitions. Chaque partition peut être montée dans un répertoire vide. Une configuration pourrait être, par exemple : Partition Mount point /dev/hda1 / /dev/hda2 swap space /dev/hda5 /usr /dev/hda6 /var /dev/hda7 /home Supposons que vous vouliez encrypter la partition qui contient vos répertoires home, c'est-à-dire /dev/hda7. Cela signifie que toute donnée écrite sur cette partition sera encryptée : texte brut, fichiers binaires, et même les données propres au système de fichiers (des choses comme les informations sur les inodes, les noms de fichiers et de répertoires, etc.). Dans l'introduction, nous avons dit que CryptoAPI supportait l'encryptage de systèmes de fichiers via le périphérique de loopback ; nous allons maintenant expliquer ce mécanisme. La méthode traditionnelle pour monter un système de fichiers, que ce soit au démarrage ou plus tard, est l'utilisation de la commande mount. Nous pouvons, dans notre exemple, monter les répertoires home par la commande suivante : $ mount -t ext2 /dev/hda7 /home ... qui dit au noyau que le périphérique /dev/hda7 contient un système de fichiers ext2 (le système de fichiers traditionnel sous GNU/Linux), et que toute requête vers un fichier de /home doit aller vers cette partition. Le périphérique de loopback ajoute un niveau de redirection pour monter un système de fichiers. Au lieu de monter le système de fichiers directement sur /home, on monte le système de fichiers sur le périphérique de loopback, puis on monte ce dernier sur /home. Ceci a l'effet de faire passer par le périphérique de loopback toutes les commandes du noyau vers le système de fichiers. -- figure 2 : le périphérique de loopback -- C'est à cette étape que toute commande peut être interceptée et modifiée pour encrypter (pour une commande d'écriture) et décrypter (pour une commande de lecture). Ici intervient le pilote cryptoloop. Une fois que tout a été monté, chaque commande dirigée vers le système de fichiers est interceptée par le périphérique de loopback, redirigée vers le driver cryptoloop, qui la traite, puis la passe au système de fichiers. Nous pouvons maintenant encrypter toutes les données sur la partition ! Vous pouvez aussi réléchir à la façon dont tout ceci s'insère dans le schéma d'encryptage/décryptage du début. Le périphérique de loopback a le rôle du chiffre, cryptoloop fournit la clé, et le système de fichiers représente le texte en clair et le texte encrypté. -- figure 3 : le filtre cryptoloop -- Il y a deux façons d'encrypter des fichiers sur votre système. L'une utilise un vrai périphérique, tel qu'une partition de disque dur. L'autre consiste en l'utilisation d'un très gros fichier contenant un système de fichiers, qui sera monté via le périphérique de loopback. Nous étudierons ici la seconde méthode. La première étape est de créer un gros fichier ; plus il sera gros, plus il pourra contenir de données, exactement comme une partition de disque dur. De même, une fois que le fichier est créé, et qu'un système de fichiers y est mis en place, nous ne pouvons plus le redimensionner sans perdre les données qui y sont stockées. Afin de créer ce gros fichier, nous devons le remplir de données pour qu'il prenne de l'espace sur le disque dur. Nous le remplirons de données pseudo-aléatoires, générées par le périphérique /dev/urandom. Il serait aussi possible (et plus rapide) de le remplir de zéros, à l'aide de /dev/zero. Toutefois, ceci permettrait à un-e éventuel-le attaqueur/se de voir où sont stockées les données : -- figure 4 ; un fichier rempli de zéros et de données aléatoires -- Les bandes représentent les zéros, et les carrés chaotiques représentent les données stockées, qui semblent aléatoires. Comme vous pouvez le constater, cela facilite grandement la tache d'un-e attaqueur/se, par rapport à un périphérique de stockage semblant ne contenir que des données aléatoires, comme ici : -- figure 5 : un fichier rempli de données "aléatoires" -- Maintenant que nous avons expliqué comment tout ceci fonctionne, configurons-le. Commençons par charger les quatre principaux modules CryptoAPI dans le noyau : 1. cryptoapi, qui fournit l'interface générique pour les différents chiffres 2. cryptoloop, l'interface entre les chiffres et le pilote loop 3. loop, le pilote patché avec lequel cryptoloop communique 4. cipher-x, où x est le chiffre que vous souhaitez utiliser Pour charger les trois premiers modules, utilisons la commande modprobe : $ modprobe cryptoloop Ceci devrait charger les modules cryptoapi, loop et cryptoloop dans le noyau. Vous pouvez le vérifier avec la commande lsmod, qui devrait donner quelque chose dans ce genre : Module Size Used by Not tainted cryptoloop 1884 0 (unused) loop 7664 0 [cryptoloop] cryptoapi 3204 0 [cryptoloop] Il nous faut maintenant créer le fichier contenant des données pseudo-aléatoires, avec la commande dd, avant de créer un système de fichiers dessus. Le périphérique /dev/urandom génère des données pseudo-aléatoires, à partir des données fournies par le périphérique /dev/random. A la différence de /dev/random, il fournit un flux constant d'octets, mais plus l'entropie fournie par /dev/random sera faible, moins /dev/urandom sera aléatoire. Ceci fonctionne mieux quand des événements aléatoires se produisent, comme des mouvements de souris. Par conséquent, quand vous exécuterez la commande suivante, essayez de déplacer votre souris, ou de taper énormément sur votre clavier. Ces deux manipulations contribuent à la source d'entropie. $ dd if=/dev/urandom of=/home/intrigeri/cryptofichier bs=1M count=50 Ceci créera un fichier de 50 Mo dans mon répertoire home. Cette étape peut malheureusement prendre beaucoup de temps, selon la rapidité de votre système. Puis nous devons charger un module fournissant un chiffre. Dans ces exemples, j'utiliserai le chiffre nommé twofish). Tous ces modules ont des noms préfixés par "cipher-" ; pour charger twofish avec modprobe, nous exécuterons donc : $ modprobe cipher-twofish Nous pouvons maintenant monter ce fichier comme un périphérique de stockage normal ; avant tout, utilisons la commande losetup : $ losetup -e twofish /dev/loop0 /home/intrigeri/cryptofichier L'option -e précise le chiffre devant êt eutilisé, qui est, dans notre cas, twofish ; /dev/loop0 est le périphérique de loop que nous utilisons, et /home/intrigeri/cryptofichier est le nom du fichier. Le programme losetup vous demandera la taille de la clé (keysize) à utiliser et un mot de passe, dans lequel j'ai entré '128' puis mon mot de passe. En général, pour un chiffre donné, plus la clé est longue, et plus vos données seront difficiles à décrypter par une attaque de type "force brute". Toutefois, une clé de 128 bits pour un chiffre donné peut être plus forte qu'une clé de 1024 bits pour un autre chiffre. Votre mot de passe est utilisé pour générer la clé, mais point n'est besoin qu'il ait la même longueur que la clé ; il serait en effet pour le moins pénible de taper un mot de passe de 128 caractères pour générer une clé de 1024 bits. Le mot de passe sera plutôt utilisé pour générer une clé avec une fonction de hash. Available keysizes (bits) : 128 192 256 Keysize: 128 Password: Initialisons ensuite un système de fichiers, via le périphérique de loopback, sur le fichier que nous avons créé, grâce à la commande mkfs : $ mkfs -t ext2 /dev/loop0 Vous pouvez évidemment choisir le type du système de fichiers à créer, mais cet exemple utilise ext2. Nous pouvons maintenant monter notre système de fichiers exactement comme un périphérique de stockage normal, avec la commande mount : $ mount -t ext2 /dev/loop0 /mnt/crypto Vous devriez maintenant pouvoir y copier des fichiers comme s'il s'agissait d'un périphérique de stockage monté classique. Vous avez un système de fichiers crypté, profitez-en ! Une question redondante sur la liste de discussion linux-crypto est "Comment fait-on pour une partition root cryptée ?". Ceci, bien qu'étant possible avec le périphérique cryptoloop, n'est pas recommandé. L'impact sur les performances de la machine serait en effet très mauvais, et cela nécessiterait quelques modifications de la procédure d'initialisation du système. Il est plus logique de n'encrypter que les informations "sensibles", comme un répertoire home. N'oubliez pas ensuite de démonter votre système de fichiers crypté et de libérer le périphérique de loop, afin que quiconque souhaitant le monter doive entrer le mot de passe. $ umount /mnt/crypto $ losetup -d /dev/loop0 Il est facile d'automatiser ces étapes avec des scripts shell, afin de n'avoir pas à exécuter ces deux commandes pour le montage/démontage. Note du traducteur : il est aussi possible d'intégrer votre système de fichiers c