From linux-crypto-bounce@nl.linux.org Tue Jan 04 23:38:42 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ClxK4-0000Bp-0C; Tue, 04 Jan 2005 23:38:40 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 04 Jan 2005 23:37:31 +0100 (CET) Received: from revere.aoc.nrao.edu ([146.88.1.15]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ClxIk-0000BC-GU for linux-crypto@nl.linux.org; Tue, 04 Jan 2005 23:37:18 +0100 Received: from [146.88.33.242] (samsara.aoc.nrao.edu [146.88.33.242]) by revere.aoc.nrao.edu (8.11.6/8.11.6) with ESMTP id j04Mb7r16315 for ; Tue, 4 Jan 2005 15:37:08 -0700 User-Agent: Microsoft-Entourage/11.1.0.040913 Date: Tue, 04 Jan 2005 15:37:41 -0700 Subject: Using loop-AES on SeLinux? From: Boyd Waters To: Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-MailScanner-Information: Please contact postmaster@aoc.nrao.edu for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-5.2, required 7, BAYES_00 -5.20, USER_AGENT 0.00) Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bwaters+mac@aoc.nrao.edu Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto I have experimented with NSA's Security-Enhanced Linux via the Gentoo-Hardened project. I can run loop-AES in "permissive" mode, but in "enforcing" mode, mount(8) is not able to read the password file from a file descriptor. Does anyone else have an SeLinux setup with loop-AES? Regards, ~ boyd Boyd Waters National Radio Astronomy Observatory Socorro, New Mexico http://www.aoc.nrao.edu/~bwaters - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 09 23:56:50 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CnlzN-0003rI-MF; Sun, 09 Jan 2005 23:56:49 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 09 Jan 2005 23:55:55 +0100 (CET) Received: from server2.pe-servers.com ([64.71.151.83]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CnlyJ-0003ql-Mj; Sun, 09 Jan 2005 23:55:43 +0100 Received: from nobody by server2.pe-servers.com with local (Exim 4.43) id 1CnlG1-0002dZ-VI; Sun, 09 Jan 2005 14:09:57 -0800 To: Subject: TSUNAMI RELIEF AIDS APPEAL From: stones X-Priority: 3 (Normal) CC: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: RLSP Mailer Message-Id: Date: Sun, 09 Jan 2005 14:09:57 -0800 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server2.pe-servers.com X-AntiAbuse: Original Domain - nl.linux.org X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - server2.pe-servers.com X-Source: X-Source-Args: X-Source-Dir: Received-SPF: X-Spam-Level: ** X-Spam-Status: No, score=2.2 required=5.0 tests=DEAR_SOMETHING, FORGED_HOTMAIL_RCVD2,SUBJ_ALL_CAPS autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: choicegemstones@hotmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Dear Sir/Madam, We are from a small village in the Aceh Region in Indonesia affected by the recent Tsunami Quakes/floods Disaster that swept through South Eastern Asia. We have been rendered homeless and have lost all we have in life. Many foreign tourists also were affected by the quakes/floods. Since we have no other way to survive as of now and have lost most of our relations and children, we have decided to write this letter of APPEAL FOR DONATIONS. We will be very grateful if you can assist us with any amount of money to enable us start a new lease of life. Our little business have been swept off by the floods and we cannot go and steal. All we need is money to rehabilitate and start business again to make a living. No amount is too small to assist in this relief efforts. We are sending this mail to many people all over the world for assistance as we can't help ourselves. The United Nations and other world bodies/organisations are helping but the funds are not well circulated. So we need your assistance. Sir/Madam we pray that God/Allah will reward you abundantly for listening to the voice of the less privileged and people whose lives have been devastated by a natural disaster. Any donation can be sent either by Western Union Money Transfer Services or Money Gram Transfer to: Mr. Musliman Musliman Kp Kurus RT 009-RT0089 Utara, Jakarta, Indonesia, 14130. As soon as you effect the Payment, email me the relevant Money Transfer details vis: Money transfer control number, senders name and address as it appears in the transfer receipt, amount sent, test question and answer (if any). My email for further contact is: tsunamirehab@netscape.net Your assistance will be appreciated. Thanks for your anticipated cooperation. Mr. Musliman Musliman For: Aceh Victims of Tsunami Indonesia email: tsoonamirehab@netscape.net ___________________________________________________________________________ Mail sent from Penny's Research service at - http://iresearch-solutions.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jan 10 18:21:05 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Co3Dz-0007t1-QV; Mon, 10 Jan 2005 18:21:03 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 10 Jan 2005 18:20:14 +0100 (CET) Received: from pop.gmx.de ([213.165.64.20] helo=mail.gmx.net) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1Co3D3-0007rZ-K7 for linux-crypto@nl.linux.org; Mon, 10 Jan 2005 18:20:05 +0100 Received: (qmail invoked by alias); 10 Jan 2005 17:19:53 -0000 Received: from dial-194-8-195-231.netcologne.de (EHLO gustav.local) (194.8.195.231) by mail.gmx.net (mp005) with SMTP; 10 Jan 2005 18:19:53 +0100 X-Authenticated: #4240698 From: Jan =?iso-8859-1?q?L=FChr?= To: linux-crypto@nl.linux.org Subject: Setting up loog-aes in detail Date: Mon, 10 Jan 2005 18:19:31 +0100 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200501101819.31228.jluehr@gmx.net> X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jluehr@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Greetings, now i have time to take a closer lock on loop-aes and try to encrypt my home-partition using it. At first, I did some rtfm but I didn't understand it completely. In nearly every multi-key example a keyfile with 65 keys is used. Why do you use exactly 65 keys? Every example I see in the docs uses AES128. Is there a reason not to use AES256? (Of cource AES-128 will be secure for some time, but this is a reason pro aes-128 and not against aes-256, because AES-256 is also for some time ;) Example 2 uses a lot of head / tail stuff to manipulate the /dev/urandom output. Why do I need this? Keep smiling yanosz - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jan 10 19:55:52 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Co4hi-00080L-PA; Mon, 10 Jan 2005 19:55:50 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 10 Jan 2005 19:55:07 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Co4go-0007z7-JM for linux-crypto@nl.linux.org; Mon, 10 Jan 2005 19:54:54 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 117632A3B73; Mon, 10 Jan 2005 20:54:48 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10028-06; Mon, 10 Jan 2005 20:54:42 +0200 (EET) Received: from armas (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id C22C22A3D5A; Mon, 10 Jan 2005 20:53:34 +0200 (EET) Received: from localhost ([127.0.0.1] helo=users.sourceforge.net) by armas with esmtp (Exim) id 1Co4fW-0000UZ-00; Mon, 10 Jan 2005 20:53:34 +0200 Message-ID: <41E2CF2E.523844A4@users.sourceforge.net> Date: Mon, 10 Jan 2005 20:53:34 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.22aa1r8 i686) X-Accept-Language: en MIME-Version: 1.0 To: Jan =?iso-8859-1?Q?L=FChr?= Cc: linux-crypto@nl.linux.org Subject: Re: Setting up loog-aes in detail References: <200501101819.31228.jluehr@gmx.net> Content-Type: text/plain; charset=iso-8859-1 X-Virus-Scanned: by amavisd-new at mail Content-Transfer-Encoding: quoted-printable Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jan L=FChr wrote: > In nearly every multi-key example a keyfile with 65 keys is used. Why d= o you > use exactly 65 keys? Because version 3 on-disk format requires 65 keys. README section 2.6. > Every example I see in the docs uses AES128. Is there a reason not to u= se > AES256? (Of cource AES-128 will be secure for some time, but this is a = reason > pro aes-128 and not against aes-256, because AES-256 is also for some t= ime ;) AES128 is a little bit faster than AES256 > Example 2 uses a lot of head / tail stuff to manipulate the /dev/urando= m > output. Why do I need this? Key file needs 65 random keys, each separated by newline. The head / tail pipe strips away uuencode header and footer which are _not_ random. --=20 Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 = DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 09:56:17 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoHp2-0002GJ-LI; Tue, 11 Jan 2005 09:56:16 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 09:55:20 +0100 (CET) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1CoHnx-0002Ev-T6 for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 09:55:09 +0100 Received: (qmail invoked by alias); 11 Jan 2005 08:54:58 -0000 Received: from dial-195-14-235-195.netcologne.de (EHLO dagobert) (195.14.235.195) by mail.gmx.net (mp006) with SMTP; 11 Jan 2005 09:54:58 +0100 X-Authenticated: #4240698 From: Jan =?iso-8859-1?q?L=FChr?= To: linux-crypto@nl.linux.org Subject: Setting up loop-aes: Using util-linux != 2.12i Date: Tue, 11 Jan 2005 09:55:30 +0100 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <200501110955.30879.jluehr@gmx.net> X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jluehr@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Greetings, I'm still trying to set up util-linux 3.0a. The included patch seems to=20 require util-linux 2.12i, but 2.12p seems to be the latest release. Thus I= =20 can either use 2.12 (without any letter) or 2.12p (both are useable with my= =20 distribution (debian), but not 2.12i as easy as the others.)=20 Has anyone tried to patch util-linux !=3D 2.12i? Are there any known proble= ms? (Well, there is a patched version of util-linux in debian already, but it=20 supports only loop-aes 2.X) Keep smiling yanosz =2D-=20 Achtung: Die E-Mail-Adresse jluehr@netcologne.de wird in K=FCrze=20 deaktiviert werden. Bitte nutzen Sie die Adresse jluehr@gmx.net - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 13:15:54 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoKwD-0003nN-GT; Tue, 11 Jan 2005 13:15:53 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 13:15:10 +0100 (CET) Received: from smtp108.mail.sc5.yahoo.com ([66.163.170.6]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1CoKv8-0003lc-10 for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 13:14:46 +0100 Received: from unknown (HELO yahoo.dk) (castrolkonto2@192.38.9.236 with plain) by smtp108.mail.sc5.yahoo.com with SMTP; 11 Jan 2005 12:14:42 -0000 Message-ID: <41E3C482.5000501@yahoo.dk> Date: Tue, 11 Jan 2005 13:20:18 +0100 From: Petersen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040421 X-Accept-Language: da, en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3' except for swap Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: castrolkonto2@yahoo.dk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto http://www.spinics.net/lists/crypto/msg02628.html states that loop-aes 2.0f can't use multi-key encryption without using gpg-key also. I use the latest, loop-AES-v3.0a (README of November 27 2004 ), but only swap-encryption reports multi-key-v3, losetup -a reports 'AES256' only for drives created with losetup -e AES256 -itercountk=300 .... - so no multi-key-v3. Am I sitting on a timebomp (as Jari puts it), or does multi-key-v3 only appear with gpg-keys? I didn't build (with) gpg because I want to have a change of recreating my data in case of loss of gpg-key. Could that be why 'make tests' fails? For the same reason I don't use password seed; it is also difficult to figure out how to do it, from reading the README. Is the security level of my setup (AES256, no gpg, no seed, itercountk=300) to weak to bother? Could you explain how the watermark attack work? - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 14:15:52 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoLsE-0002oy-6S; Tue, 11 Jan 2005 14:15:50 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 14:15:16 +0100 (CET) Received: from [65.19.163.244] (helo=mail0.rayservers.com) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoLrQ-0002n4-KP for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 14:15:00 +0100 Received: (qmail 18085 invoked from network); 11 Jan 2005 08:15:59 -0500 Received: from unknown (HELO ?192.168.2.2?) (venkat@rayservers.com@12.31.6.2) by 0 with AES256-SHA encrypted SMTP; 11 Jan 2005 08:15:59 -0500 Message-ID: <41E3D169.2040505@rayservers.com> Date: Tue, 11 Jan 2005 08:15:21 -0500 From: Venkat Manakkal User-Agent: Mozilla Thunderbird 1.0 (X11/20041224) X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Setting up loop-aes: Using util-linux != 2.12i References: <200501110955.30879.jluehr@gmx.net> In-Reply-To: <200501110955.30879.jluehr@gmx.net> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Received-SPF: X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: venkat@rayservers.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jan Lühr wrote: | Greetings, | | I'm still trying to set up util-linux 3.0a. The included patch seems to | require util-linux 2.12i, but 2.12p seems to be the latest release. Thus I | can either use 2.12 (without any letter) or 2.12p (both are useable with my | distribution (debian), but not 2.12i as easy as the others.) | Has anyone tried to patch util-linux != 2.12i? Are there any known problems? | (Well, there is a patched version of util-linux in debian already, but it | supports only loop-aes 2.X) | | Keep smiling | yanosz Hi Yanosz, I usually follow the instructions to the letter - download, compile and install just the specific binaries, and lock the util-linux on the system from automatic updates. You won't break anything AFAIK when the system thinks it has one of the other 2.12 series when you install the patched binaries using Jari's instructions. I've never had any troubles. Cheers! - ---Venkat. - ------------------------------------------------------------------------- Venkat Manakkal Tel:+1-607-546-7300 Fax: 1-607-546-7387 venkat@rayservers.com http://www.rayservers.com/ rayservers@hushmail.com Computers. Installed Secure. Wholesale Prices. PGP/GPG Key: https://www.rayservers.com/keys/0x12430522.asc Get Windows Privacy Tools for free: http://winpt.sf.net/ - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB49FoWdkW/RJDBSIRAvchAKCFr2CWIlGaAd05l9Ue7oOnurjuQwCgpgm0 Ol/lMsyB2WqIG0Ho3Qa5i9c= =Zfoh -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 14:31:29 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoM7M-0003rN-H9; Tue, 11 Jan 2005 14:31:28 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 14:30:56 +0100 (CET) Received: from [65.19.163.244] (helo=mail0.rayservers.com) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoM6N-0003of-1y for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 14:30:27 +0100 Received: (qmail 18159 invoked from network); 11 Jan 2005 08:31:24 -0500 Received: from unknown (HELO ?192.168.2.2?) (venkat@rayservers.com@12.31.6.2) by 0 with AES256-SHA encrypted SMTP; 11 Jan 2005 08:31:24 -0500 Message-ID: <41E3D505.6070603@rayservers.com> Date: Tue, 11 Jan 2005 08:30:45 -0500 From: Venkat Manakkal User-Agent: Mozilla Thunderbird 1.0 (X11/20041224) X-Accept-Language: en-us, en MIME-Version: 1.0 CC: linux-crypto@nl.linux.org Subject: Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3' except for swap References: <41E3C482.5000501@yahoo.dk> In-Reply-To: <41E3C482.5000501@yahoo.dk> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: venkat@rayservers.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Petersen, Petersen wrote: | http://www.spinics.net/lists/crypto/msg02628.html states that loop-aes | 2.0f can't use multi-key encryption without using gpg-key also. | | I use the latest, loop-AES-v3.0a (README of November 27 2004 ), but only | swap-encryption reports multi-key-v3, losetup -a reports 'AES256' only | for drives created with | | losetup -e AES256 -itercountk=300 .... | | - so no multi-key-v3. Am I sitting on a timebomp (as Jari puts it), or | does multi-key-v3 only appear with gpg-keys? The latest loop-aes, will do multi-key if the keys are piped to it via -p0. You will need to ensure exactly 65 keys in the format generated via the commands in the loop-AES.readme. See section 2.6. http://loop-aes.sourceforge.net/loop-AES.README | | I didn't build (with) gpg because I want to have a change of recreating | my data in case of loss of gpg-key. Could that be why 'make tests' | fails? For the same reason I don't use password seed; it is also | difficult to figure out how to do it, from reading the README. You can use symmetric gpg support, then no public keys are used to encrypt the ~ stored keys. You could also use openssl and pam_mount, although I have not done this in a while. http://www.flyn.org/projects/pam_mount/ | Is the security level of my setup (AES256, no gpg, no seed, | itercountk=300) to weak to bother? Choose a strong password of known entropy - such as a 10 word diceware passphrase with some extra tidbit thrown in. Your security is as good as the passphrase and should deter most adversaries. See diceware.com for details. It still won't protect from a watermark attack AFAIK. | | Could you explain how the watermark attack work? Someone better qualified should do this, but here is some reading material. http://mareichelt.de/pub/texts.cryptoloop.php Cheers! - ---Venkat. - ------------------------------------------------------------------------- Venkat Manakkal Tel:+1-607-546-7300 Fax: 1-607-546-7387 venkat@rayservers.com http://www.rayservers.com/ rayservers@hushmail.com Computers. Installed Secure. Wholesale Prices. PGP/GPG Key: https://www.rayservers.com/keys/0x12430522.asc Get Windows Privacy Tools for free: http://winpt.sf.net/ - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB49UFWdkW/RJDBSIRAo1JAKCKwEK04mZHeLkSh2jt1CRc67h2qQCeMYpG Y2OaUhPiP33NgGXcKuNxydA= =aixp -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 15:36:03 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoN7q-00030A-9G; Tue, 11 Jan 2005 15:36:02 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 15:35:24 +0100 (CET) Received: from [83.137.99.112] (helo=mx01.hinterhof.net) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoN73-0002zh-FV for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 15:35:13 +0100 Received: from localhost (localhost [127.0.0.1]) by mx01.hinterhof.net (Postfix) with ESMTP id C193710D69 for ; Tue, 11 Jan 2005 15:36:23 +0100 (CET) Received: from nautile.roam.hinterhof.net (pD9E76340.dip.t-dialin.net [217.231.99.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "nautile.roam.hinterhof.net", Issuer "hinterhofCA" (verified OK)) by mx01.hinterhof.net (Postfix) with ESMTP id D42EB10AA3 for ; Tue, 11 Jan 2005 15:36:21 +0100 (CET) Received: by nautile.roam.hinterhof.net (Postfix, from userid 1000) id 9A73510A763; Tue, 11 Jan 2005 15:34:38 +0100 (CET) Date: Tue, 11 Jan 2005 15:34:38 +0100 From: Max Vozeler To: linux-crypto@nl.linux.org Subject: Re: Setting up loop-aes: Using util-linux != 2.12i Message-ID: <20050111143437.GA19623@nautile.roam.hinterhof.net> Mail-Followup-To: linux-crypto@nl.linux.org References: <200501110955.30879.jluehr@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200501110955.30879.jluehr@gmx.net> User-Agent: Mutt/1.5.6+20040907i Content-Transfer-Encoding: quoted-printable Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: max@hinterhof.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi yanosz, Jan L=FChr wrote: > I'm still trying to set up util-linux 3.0a. The included patch seems to= =20 > require util-linux 2.12i, but 2.12p seems to be the latest release.=20 You can find an updated patch on http://loop-aes.sf.net/updates/ > (Well, there is a patched version of util-linux in debian already, but = it=20 > supports only loop-aes 2.X) I know :^) A new version based on v3.0a and 2.12p is pending upload to unstable. If you don't want to patch yourself or wait longer, you can find the new package version here: http://debian.hinterhof.net/unstable/ Sarge is probably still going to include loop-AES 2.X. The update to v3.0a would need a newer version of util-linux to make it into testing first, and this is unlikely to happen before the release. Regards, Max --=20 308E81E7B97963BCA0E6ED889D5BD511B7CDA2DC - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 16:09:52 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoNeZ-0000Fv-1b; Tue, 11 Jan 2005 16:09:51 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 16:09:17 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoNdr-0000FE-5A for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 16:09:07 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 99B6E2A3AD6; Tue, 11 Jan 2005 17:08:58 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25686-10; Tue, 11 Jan 2005 17:08:56 +0200 (EET) Received: from armas (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id CF81F293E93; Tue, 11 Jan 2005 17:08:56 +0200 (EET) Received: from localhost ([127.0.0.1] helo=users.sourceforge.net) by armas with esmtp (Exim) id 1CoNdg-00012Y-00; Tue, 11 Jan 2005 17:08:56 +0200 Message-ID: <41E3EC08.23D8D04F@users.sourceforge.net> Date: Tue, 11 Jan 2005 17:08:56 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.22aa1r8 i686) X-Accept-Language: en MIME-Version: 1.0 To: Jan =?iso-8859-1?Q?L=FChr?= Cc: linux-crypto@nl.linux.org Subject: Re: Setting up loop-aes: Using util-linux != 2.12i References: <200501110955.30879.jluehr@gmx.net> Content-Type: text/plain; charset=iso-8859-1 X-Virus-Scanned: by amavisd-new at mail Content-Transfer-Encoding: quoted-printable Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jan L=FChr wrote: > I'm still trying to set up util-linux 3.0a. The included patch seems to > require util-linux 2.12i, but 2.12p seems to be the latest release. Thu= s I > can either use 2.12 (without any letter) or 2.12p (both are useable wit= h my > distribution (debian), but not 2.12i as easy as the others.) util-linux-2.12p patch is here: http://loop-aes.sourceforge.net/updates/util-linux-2.12p.diff.bz2 http://loop-aes.sourceforge.net/updates/util-linux-2.12p.diff.bz2.sign The patch is for vanilla util-linux. --=20 Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 = DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 16:14:34 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoNj4-0000W0-Kq; Tue, 11 Jan 2005 16:14:30 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 16:14:06 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoNiQ-0000VP-KS for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 16:13:50 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id EF02A2A3A77; Tue, 11 Jan 2005 17:13:49 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26072-02; Tue, 11 Jan 2005 17:13:43 +0200 (EET) Received: from armas (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id C6F682A3D03; Tue, 11 Jan 2005 17:10:14 +0200 (EET) Received: from localhost ([127.0.0.1] helo=users.sourceforge.net) by armas with esmtp (Exim) id 1CoNew-00012a-00; Tue, 11 Jan 2005 17:10:14 +0200 Message-ID: <41E3EC56.C402A323@users.sourceforge.net> Date: Tue, 11 Jan 2005 17:10:14 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.22aa1r8 i686) X-Accept-Language: en MIME-Version: 1.0 To: Petersen Cc: linux-crypto@nl.linux.org Subject: Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3'except for swap References: <41E3C482.5000501@yahoo.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Petersen wrote: > http://www.spinics.net/lists/crypto/msg02628.html states that loop-aes > 2.0f can't use multi-key encryption without using gpg-key also. loop-AES-v3.0a mount and losetup can also read multi-key from file descriptor specified with -p command line option. > I use the latest, loop-AES-v3.0a (README of November 27 2004 ), but only > swap-encryption reports multi-key-v3, losetup -a reports 'AES256' only > for drives created with > > losetup -e AES256 -itercountk=300 .... That loop device is not in multi-key mode. The -C option (itercountk= mount option) has no effect in multi-key mode. > - so no multi-key-v3. Am I sitting on a timebomp (as Jari puts it) No. The timebomb can explode only if someone uses version 3 multi-key file with losetup/mount from loop-AES-v1.X or loop-AES-v2.X, or if someone uses version 2 multi-key file with losetup/mount from loop-AES-v1.X. In other words, all is fine is you use latest losetup/mount. > I didn't build (with) gpg because I want to have a change of recreating > my data in case of loss of gpg-key. Could that be why 'make tests' > fails? For the same reason I don't use password seed; it is also > difficult to figure out how to do it, from reading the README. Please post exact error message of 'make tests' failure. > Is the security level of my setup (AES256, no gpg, no seed, > itercountk=300) to weak to bother? Too weak. Avoid that kind of setup. > Could you explain how the watermark attack work? Watermarked files use special bit patterns that happen to trigger identical ciphertexts. The number of consecutive identical ciphertexts can be controlled and is used encode watermark. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 17:22:01 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoOSw-0004Dz-RQ; Tue, 11 Jan 2005 17:01:54 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 17:01:10 +0100 (CET) Received: from smtp110.mail.sc5.yahoo.com ([66.163.170.8]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1CoORA-00046x-GO for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 17:00:04 +0100 Received: from unknown (HELO yahoo.dk) (castrolkonto2@192.38.9.236 with plain) by smtp110.mail.sc5.yahoo.com with SMTP; 11 Jan 2005 16:00:02 -0000 Message-ID: <41E3F951.4070705@yahoo.dk> Date: Tue, 11 Jan 2005 17:05:37 +0100 From: Petersen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040421 X-Accept-Language: da, en-us, en MIME-Version: 1.0 To: Jari Ruusu CC: linux-crypto@nl.linux.org Subject: Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3'except for swap References: <41E3C482.5000501@yahoo.dk> <41E3EC56.C402A323@users.sourceforge.net> In-Reply-To: <41E3EC56.C402A323@users.sourceforge.net> Content-Type: multipart/mixed; boundary="------------000608050407010507060406" Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: castrolkonto2@yahoo.dk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto This is a multi-part message in MIME format. --------------000608050407010507060406 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Jari Ruusu wrote: > Petersen wrote: > >>http://www.spinics.net/lists/crypto/msg02628.html states that loop-aes >>2.0f can't use multi-key encryption without using gpg-key also. > > > loop-AES-v3.0a mount and losetup can also read multi-key from file > descriptor specified with -p command line option. > But don't I need gpg-keys then? Perhaps I misunderstood the concept of multi-key-v3, is the keys actually gpg-keys? Of course I want a secure system, but I also would like to avoid kB's of random ascii data for the case if they disappear, and only have my memorised password left (and the encrypted partition). > >>I use the latest, loop-AES-v3.0a (README of November 27 2004 ), but only >>swap-encryption reports multi-key-v3, losetup -a reports 'AES256' only >>for drives created with >> >> losetup -e AES256 -itercountk=300 .... > So does the encrypted swap in fact use 65 random/"unknown" gpg-keys? > > That loop device is not in multi-key mode. The -C option (itercountk= mount > option) has no effect in multi-key mode. > > >>- so no multi-key-v3. Am I sitting on a timebomp (as Jari puts it) > > > No. > > The timebomb can explode only if someone uses version 3 multi-key file with > losetup/mount from loop-AES-v1.X or loop-AES-v2.X, or if someone uses > version 2 multi-key file with losetup/mount from loop-AES-v1.X. > > In other words, all is fine is you use latest losetup/mount. > > >>I didn't build (with) gpg because I want to have a change of recreating >>my data in case of loss of gpg-key. Could that be why 'make tests' >>fails? For the same reason I don't use password seed; it is also >>difficult to figure out how to do it, from reading the README. > > > Please post exact error message of 'make tests' failure. > > >>Is the security level of my setup (AES256, no gpg, no seed, >>itercountk=300) to weak to bother? > > > Too weak. Avoid that kind of setup. > I suppose I can set a seed with 'losetup .. -S we23fef ...' or something? As the machine I want to encrypt is switched on and off every day, I will store gpg-keys and seed on hard disk or floppy (and put a copy 'somewhere safe').That equals security level 2) from your readme. The seed, being available to the attacker, is only good to force the attacter to discard his precomputed, nonseeded, dictionary list?? > >>Could you explain how the watermark attack work? > > > Watermarked files use special bit patterns that happen to trigger identical > ciphertexts. The number of consecutive identical ciphertexts can be > controlled and is used encode watermark. > Venkat gave some good explaining links, thanks. I understand that some file (all zeroes for example) will give identical encrypted blocks on the disk. Consequently, our all-zero file must give different blocks upon encryption(?) But doesn't this give easier corruption; for example, zip-files gets easily destroyed because byte N depends of bytes 0 to N-1, and if byte N gets altered, N to Nlast are wrong. I found that 'hdparm -W 0 /dev/hdx' is necessary to switch off the write-cache (http://lwn.net/Articles/67223/). Perhaps you should add this to your README. Another thing I struggled with a while back, is the confusion around the cryptoloop/loop-aes that kernel 2.6.x contains. I thought your loop-AES equaled the kernel option, and supposed doing it 'your way' was getting obsolete after kernel 2.6.x integrated encryption in the kernel. I never got the 2.4.x-cryptoloop kernel patch to work, so I did it your way; it seems now that this is the superior method security wise. Regards, Henning Petersen 'make tests' complain about 'already existing directory', see attached output. --------------000608050407010507060406 Content-Type: text/plain; name="maketests.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="maketests.txt" dd if=/dev/zero of=test-file1 bs=1024 count=33 cp test-file1 test-file3 echo 09876543210987654321 | /sbin/losetup -p 0 -e AES128 /dev/loop7 test-file3 dd if=/dev/zero of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 make test-part2 CT=XOR ITER=0 HF=sha256 GK= MD=d28220a1737763260f6e0109f141814a TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e XOR -H sha256 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e XOR -H sha256 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "d28220a1737763260f6e0109f141814a test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=NONE ITER=0 HF=sha256 GK= MD=0b08ceeb8b609b0885471ba25a23f5a5 TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e NONE -H sha256 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e NONE -H sha256 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "0b08ceeb8b609b0885471ba25a23f5a5 test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES128 ITER=0 HF=sha256 GK= MD=7c1cfd4fdd0d7cc847dd0942a2d48e48 TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES128 -H sha256 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES128 -H sha256 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "7c1cfd4fdd0d7cc847dd0942a2d48e48 test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES192 ITER=0 HF=sha384 GK= MD=51c91bcc04ee2a4ca00310b519b3228c TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES192 -H sha384 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES192 -H sha384 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "51c91bcc04ee2a4ca00310b519b3228c test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES256 ITER=0 HF=sha512 GK= MD=1bf92ee337b653cdb32838047dec00fc TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "1bf92ee337b653cdb32838047dec00fc test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES256 ITER=0 HF=rmd160 GK= MD=c85eb59da18876ae71ebd838675c6ef4 TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H rmd160 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H rmd160 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "c85eb59da18876ae71ebd838675c6ef4 test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES256 ITER=10 HF=sha512 GK= MD=dadad48a6d3d9b9914199626ed7b710c TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 10 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 10 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "dadad48a6d3d9b9914199626ed7b710c test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' mkdir test-dir1 --------------000608050407010507060406-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 17:22:55 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoOnF-0000OV-VA; Tue, 11 Jan 2005 17:22:54 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 17:22:28 +0100 (CET) Received: from smtp106.mail.sc5.yahoo.com ([66.163.169.226]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1CoOmG-0000Km-7x for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 17:21:52 +0100 Received: from unknown (HELO yahoo.dk) (castrolkonto2@192.38.9.236 with plain) by smtp106.mail.sc5.yahoo.com with SMTP; 11 Jan 2005 16:21:45 -0000 Message-ID: <41E3FE69.8050305@yahoo.dk> Date: Tue, 11 Jan 2005 17:27:21 +0100 From: Petersen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040421 X-Accept-Language: da, en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3'except for swap References: <41E3C482.5000501@yahoo.dk> <41E3EC56.C402A323@users.sourceforge.net> In-Reply-To: <41E3EC56.C402A323@users.sourceforge.net> Content-Type: multipart/mixed; boundary="------------010405050307030003090902" Received-SPF: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: castrolkonto2@yahoo.dk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto This is a multi-part message in MIME format. --------------010405050307030003090902 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Jari Ruusu wrote: > Petersen wrote: > >>http://www.spinics.net/lists/crypto/msg02628.html states that loop-aes >>2.0f can't use multi-key encryption without using gpg-key also. > > > loop-AES-v3.0a mount and losetup can also read multi-key from file > descriptor specified with -p command line option. > But don't I need gpg-keys then? Perhaps I misunderstood the concept of multi-key-v3, is the keys actually gpg-keys? Of course I want a secure system, but I also would like to avoid kB's of random ascii data for the case if they disappear, and only have my memorised password left (and the encrypted partition). > >>I use the latest, loop-AES-v3.0a (README of November 27 2004 ), but only >>swap-encryption reports multi-key-v3, losetup -a reports 'AES256' only >>for drives created with >> >> losetup -e AES256 -itercountk=300 .... > So does the encrypted swap in fact use 65 random/"unknown" gpg-keys? > > That loop device is not in multi-key mode. The -C option (itercountk= mount > option) has no effect in multi-key mode. > > >>- so no multi-key-v3. Am I sitting on a timebomp (as Jari puts it) > > > No. > > The timebomb can explode only if someone uses version 3 multi-key file with > losetup/mount from loop-AES-v1.X or loop-AES-v2.X, or if someone uses > version 2 multi-key file with losetup/mount from loop-AES-v1.X. > > In other words, all is fine is you use latest losetup/mount. > > >>I didn't build (with) gpg because I want to have a change of recreating >>my data in case of loss of gpg-key. Could that be why 'make tests' >>fails? For the same reason I don't use password seed; it is also >>difficult to figure out how to do it, from reading the README. > > > Please post exact error message of 'make tests' failure. > > >>Is the security level of my setup (AES256, no gpg, no seed, >>itercountk=300) to weak to bother? > > > Too weak. Avoid that kind of setup. > I suppose I can set a seed with 'losetup .. -S we23fef ...' or something? As the machine I want to encrypt is switched on and off every day, I will store gpg-keys and seed on hard disk or floppy (and put a copy 'somewhere safe').That equals security level 2) from your readme. The seed, being available to the attacker, is only good to force the attacter to discard his precomputed, nonseeded, dictionary list?? > >>Could you explain how the watermark attack work? > > > Watermarked files use special bit patterns that happen to trigger identical > ciphertexts. The number of consecutive identical ciphertexts can be > controlled and is used encode watermark. > Venkat gave some good explaining links, thanks. I understand that some file (all zeroes for example) will give identical encrypted blocks on the disk. Consequently, our all-zero file must give different blocks upon encryption(?) But doesn't this give easier corruption; for example, zip-files gets easily destroyed because byte N depends of bytes 0 to N-1, and if byte N gets altered, N to Nlast are wrong. I found that 'hdparm -W 0 /dev/hdx' is necessary to switch off the write-cache (http://lwn.net/Articles/67223/). Perhaps you should add this to your README. Another thing I struggled with a while back, is the confusion around the cryptoloop/loop-aes that kernel 2.6.x contains. I thought your loop-AES equaled the kernel option, and supposed doing it 'your way' was getting obsolete after kernel 2.6.x integrated encryption in the kernel. I never got the 2.4.x-cryptoloop kernel patch to work, so I did it your way; it seems now that this is the superior method security wise. Regards, Henning Petersen 'make tests' complain about 'already existing directory', see attached output. --------------010405050307030003090902 Content-Type: text/plain; name="maketests.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="maketests.txt" dd if=/dev/zero of=test-file1 bs=1024 count=33 cp test-file1 test-file3 echo 09876543210987654321 | /sbin/losetup -p 0 -e AES128 /dev/loop7 test-file3 dd if=/dev/zero of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 make test-part2 CT=XOR ITER=0 HF=sha256 GK= MD=d28220a1737763260f6e0109f141814a TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e XOR -H sha256 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e XOR -H sha256 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "d28220a1737763260f6e0109f141814a test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=NONE ITER=0 HF=sha256 GK= MD=0b08ceeb8b609b0885471ba25a23f5a5 TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e NONE -H sha256 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e NONE -H sha256 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "0b08ceeb8b609b0885471ba25a23f5a5 test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES128 ITER=0 HF=sha256 GK= MD=7c1cfd4fdd0d7cc847dd0942a2d48e48 TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES128 -H sha256 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES128 -H sha256 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "7c1cfd4fdd0d7cc847dd0942a2d48e48 test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES192 ITER=0 HF=sha384 GK= MD=51c91bcc04ee2a4ca00310b519b3228c TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES192 -H sha384 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES192 -H sha384 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "51c91bcc04ee2a4ca00310b519b3228c test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES256 ITER=0 HF=sha512 GK= MD=1bf92ee337b653cdb32838047dec00fc TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "1bf92ee337b653cdb32838047dec00fc test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES256 ITER=0 HF=rmd160 GK= MD=c85eb59da18876ae71ebd838675c6ef4 TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H rmd160 -C 0 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H rmd160 -C 0 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "c85eb59da18876ae71ebd838675c6ef4 test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' make test-part2 CT=AES256 ITER=10 HF=sha512 GK= MD=dadad48a6d3d9b9914199626ed7b710c TF=test-file1 PSW=12345678901234567890 make[1]: Entering directory `/usr/src/loop-AES-v3.0a' echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 10 /dev/loop7 test-file1 dd if=test-file3 of=/dev/loop7 bs=1024 count=33 conv=notrunc /sbin/losetup -d /dev/loop7 echo 12345678901234567890 | /sbin/losetup -p 0 -e AES256 -H sha512 -C 10 /dev/loop7 test-file1 dd if=/dev/loop7 of=test-file4 bs=33792 count=1 /sbin/losetup -d /dev/loop7 md5sum test-file1 >test-file2 echo "dadad48a6d3d9b9914199626ed7b710c test-file1" | cmp test-file2 - cmp test-file3 test-file4 make[1]: Leaving directory `/usr/src/loop-AES-v3.0a' mkdir test-dir1 --------------010405050307030003090902-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 18:32:59 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoPt4-0000pq-EK; Tue, 11 Jan 2005 18:32:58 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 18:32:18 +0100 (CET) Received: from [65.19.163.244] (helo=mail0.rayservers.com) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoPrp-0000ic-8I for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 18:31:41 +0100 Received: (qmail 19284 invoked from network); 11 Jan 2005 12:32:37 -0500 Received: from unknown (HELO ?192.168.2.2?) (venkat@rayservers.com@12.31.6.2) by 0 with AES256-SHA encrypted SMTP; 11 Jan 2005 12:32:37 -0500 Message-ID: <41E40D8F.8090005@rayservers.com> Date: Tue, 11 Jan 2005 12:31:59 -0500 From: Venkat Manakkal User-Agent: Mozilla Thunderbird 1.0 (X11/20041224) X-Accept-Language: en-us, en MIME-Version: 1.0 CC: linux-crypto@nl.linux.org Subject: Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3'except for swap References: <41E3C482.5000501@yahoo.dk> <41E3EC56.C402A323@users.sourceforge.net> <41E3FE69.8050305@yahoo.dk> In-Reply-To: <41E3FE69.8050305@yahoo.dk> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: venkat@rayservers.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Petersen wrote: | Jari Ruusu wrote: | |> Petersen wrote: |> |>> http://www.spinics.net/lists/crypto/msg02628.html states that loop-aes |>> 2.0f can't use multi-key encryption without using gpg-key also. |> |> |> |> loop-AES-v3.0a mount and losetup can also read multi-key from file |> descriptor specified with -p command line option. |> | | But don't I need gpg-keys then? Perhaps I misunderstood the concept of | multi-key-v3, is the keys actually gpg-keys? Of course I want a secure | system, but I also would like to avoid kB's of random ascii data for the | case if they disappear, and only have my memorised password left (and | the encrypted partition). See section 7.2 of http://loop-aes.sourceforge.net/loop-AES.README gpg --symmetric does not use a gpg key pair. | |> |>> I use the latest, loop-AES-v3.0a (README of November 27 2004 ), but only |>> swap-encryption reports multi-key-v3, losetup -a reports 'AES256' only |>> for drives created with |>> |>> losetup -e AES256 -itercountk=300 .... |> |> | | So does the encrypted swap in fact use 65 random/"unknown" gpg-keys? Yes. | Venkat gave some good explaining links, thanks. I understand that some | file (all zeroes for example) will give identical encrypted blocks on | the disk. Consequently, our all-zero file must give different blocks | upon encryption(?) But doesn't this give easier corruption; for example, | zip-files gets easily destroyed because byte N depends of bytes 0 to | N-1, and if byte N gets altered, N to Nlast are wrong. | | | I found that 'hdparm -W 0 /dev/hdx' is necessary to switch off the | write-cache (http://lwn.net/Articles/67223/). Perhaps you should add | this to your README. Use a UPS and set up the serial cable. You will be able to fsck a system with encrypted partition so long as you have the keys available. | Another thing I struggled with a while back, is the confusion around the | cryptoloop/loop-aes that kernel 2.6.x contains. I thought your loop-AES | equaled the kernel option, and supposed doing it 'your way' was getting | obsolete after kernel 2.6.x integrated encryption in the kernel. I never | got the 2.4.x-cryptoloop kernel patch to work, so I did it your way; it | seems now that this is the superior method security wise. Yes, cryptoloop is borked. In fact I have not seen anything like loop-AES on any other operating system. When one is paranoid, one has to even take precautions against attacks that involve examining the disk surface with a scanning tunnelling electron microscope and even the the silicon oxide in your RAM. Loop-AES implements key-scrubbing: http://www.spinics.net/lists/crypto/msg02995.html So now you can see how paranoid the thought behind the programming that goes into loop-AES is. Thanks Jari! Cheers! - ---Venkat. - -- - ------------------------------------------------------------------------- Venkat Manakkal Tel:+1-607-546-7300 Fax: 1-607-546-7387 venkat@rayservers.com http://www.rayservers.com/ rayservers@hushmail.com Computers. Installed Secure. Wholesale Prices. PGP/GPG Key: https://www.rayservers.com/keys/0x12430522.asc Get Windows Privacy Tools for free: http://winpt.sf.net/ - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5A2OWdkW/RJDBSIRAnWYAJwP2T2vEdHAyk1Au6W/VXDaFtpGNgCgpDok 3ocC/ET3ihYeDpm1625T+HE= =Ns4F -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 19:05:52 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoQOs-0006L9-Rq; Tue, 11 Jan 2005 19:05:50 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 19:05:18 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoQO1-0005nt-FC for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 19:04:57 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 5A7442B1CE2; Tue, 11 Jan 2005 20:04:40 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31522-09; Tue, 11 Jan 2005 20:04:38 +0200 (EET) Received: from armas (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id D11072A3D9A; Tue, 11 Jan 2005 20:04:37 +0200 (EET) Received: from localhost ([127.0.0.1] helo=users.sourceforge.net) by armas with esmtp (Exim) id 1CoQNh-000170-00; Tue, 11 Jan 2005 20:04:37 +0200 Message-ID: <41E41535.4EBCE82C@users.sourceforge.net> Date: Tue, 11 Jan 2005 20:04:37 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.22aa1r8 i686) X-Accept-Language: en MIME-Version: 1.0 To: Petersen Cc: linux-crypto@nl.linux.org Subject: Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3'exceptfor swap References: <41E3C482.5000501@yahoo.dk> <41E3EC56.C402A323@users.sourceforge.net> <41E3F951.4070705@yahoo.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Petersen wrote: > Jari Ruusu wrote: > > loop-AES-v3.0a mount and losetup can also read multi-key from file > > descriptor specified with -p command line option. > > But don't I need gpg-keys then? Perhaps I misunderstood the concept of > multi-key-v3, is the keys actually gpg-keys? Of course I want a secure > system, but I also would like to avoid kB's of random ascii data for the > case if they disappear, and only have my memorised password left (and > the encrypted partition). Loop encryption keys are stored in gpg encrypted message. All you need to do is to memorize the passphrase that can decrypt the gpg message. losetup/mount/gpg programs do the rest. Any key directly derived from human memorizable passphrase is almost always weak. High quality random keys in gpg encrypted message are much stronger. If you insist on storing the key file on the same partition as encrypted data, then you can write the key file data to beginning of the partition and specify an offset for the loop device. This example uses /dev/hda999 as the partition: Fill partition with junk head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ | losetup -p 0 -e AES128 /dev/loop0 /dev/hda999 dd if=/dev/zero of=/dev/loop0 bs=4k conv=notrunc losetup -d /dev/loop0 Put key file to beginning of partition yes "" | dd of=/dev/hda999 bs=8192 count=1 conv=notrunc head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ | gpg --symmetric -a | dd of=/dev/hda999 conv=notrunc Put this line to /etc/fstab /dev/hda999 /mnt999 ext3 defaults,noauto,loop=/dev/loop0,encryption=AES128,gpgkey=/dev/hda999,offset=8192 0 0 Create new encrypted file system losetup -F -v /dev/loop0 mkfs -t ext3 /dev/loop0 losetup -d /dev/loop0 mkdir /mnt999 And then mount and unmount it mount /mnt999 umount /mnt999 > So does the encrypted swap in fact use 65 random/"unknown" gpg-keys? swapon program creates 65 random keys based on data from /dev/urandom and old encrypted swap data from same partition. swapon program talks direcly to loop driver without gpg doing anything. > I suppose I can set a seed with 'losetup .. -S we23fef ...' or > something? As the machine I want to encrypt is switched on and off every > day, I will store gpg-keys and seed on hard disk or floppy (and put a > copy 'somewhere safe').That equals security level 2) from your readme. You are better off using one of the examples in the README or above example. > The seed, being available to the attacker, is only good to force the > attacter to discard his precomputed, nonseeded, dictionary list?? Yes. The seed prevents *pre*computed dictionary attacks. > I understand that some file (all zeroes for example) will give identical > encrypted blocks on the disk. Nope. But weak IV computation can be exploited so that two different plaintexts will result in same ciphertext. > I found that 'hdparm -W 0 /dev/hdx' is necessary to switch off the > write-cache (http://lwn.net/Articles/67223/). Perhaps you should add > this to your README. It depends whether the box gets its power from UPS or not. Write caching is ok in the UPS powered case. It is exactly same issue on unencrypted case. > Another thing I struggled with a while back, is the confusion around the > cryptoloop/loop-aes that kernel 2.6.x contains. I thought your loop-AES > equaled the kernel option, and supposed doing it 'your way' was getting > obsolete after kernel 2.6.x integrated encryption in the kernel. I never > got the 2.4.x-cryptoloop kernel patch to work, so I did it your way; it > seems now that this is the superior method security wise. Mainline cryptoloop is the one that is obsolete. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 19:26:23 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoQik-00083B-Fm; Tue, 11 Jan 2005 19:26:22 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 19:25:52 +0100 (CET) Received: from pop.gmx.de ([213.165.64.20] helo=mail.gmx.net) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1CoQi6-00082P-J6 for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 19:25:42 +0100 Received: (qmail invoked by alias); 11 Jan 2005 18:25:31 -0000 Received: from dial-195-14-233-149.netcologne.de (EHLO gustav.local) (195.14.233.149) by mail.gmx.net (mp011) with SMTP; 11 Jan 2005 19:25:31 +0100 X-Authenticated: #4240698 From: Jan =?iso-8859-1?q?L=FChr?= To: linux-crypto@nl.linux.org Subject: Re: Setting up loop-aes: Using util-linux != 2.12i Date: Tue, 11 Jan 2005 19:25:06 +0100 User-Agent: KMail/1.7.1 References: <200501110955.30879.jluehr@gmx.net> <41E3EC08.23D8D04F@users.sourceforge.net> In-Reply-To: <41E3EC08.23D8D04F@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200501111925.07120.jluehr@gmx.net> X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=AWL,FORGED_RCVD_HELO autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jluehr@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Greetings, Am Dienstag, 11. Januar 2005 16:08 schrieben Sie: > Jan L=FChr wrote: > > I'm still trying to set up util-linux 3.0a. The included patch seems to > > require util-linux 2.12i, but 2.12p seems to be the latest release. Thus > > I can either use 2.12 (without any letter) or 2.12p (both are useable > > with my distribution (debian), but not 2.12i as easy as the others.) > > util-linux-2.12p patch is here: > > http://loop-aes.sourceforge.net/updates/util-linux-2.12p.diff.bz2 > http://loop-aes.sourceforge.net/updates/util-linux-2.12p.diff.bz2.sign Thanks, I'll try that. Btw. Dropping a note in the README might be useful. Keep smiling, Thank you very much yanosz - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 11 22:23:05 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CoTTj-0005uP-Ep; Tue, 11 Jan 2005 22:23:03 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 11 Jan 2005 22:22:15 +0100 (CET) Received: from pop.gmx.net ([213.165.64.20] helo=mail.gmx.net) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1CoTSl-0005tW-UT for linux-crypto@nl.linux.org; Tue, 11 Jan 2005 22:22:03 +0100 Received: (qmail invoked by alias); 11 Jan 2005 21:21:52 -0000 Received: from dial-194-8-205-103.netcologne.de (EHLO gustav.local) (194.8.205.103) by mail.gmx.net (mp014) with SMTP; 11 Jan 2005 22:21:52 +0100 X-Authenticated: #4240698 From: Jan =?iso-8859-1?q?L=FChr?= To: linux-crypto@nl.linux.org Subject: Re: Setting up loop-aes: Using util-linux != 2.12i Date: Tue, 11 Jan 2005 22:21:53 +0100 User-Agent: KMail/1.7.1 References: <200501110955.30879.jluehr@gmx.net> <20050111143437.GA19623@nautile.roam.hinterhof.net> In-Reply-To: <20050111143437.GA19623@nautile.roam.hinterhof.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200501112221.53709.jluehr@gmx.net> X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jluehr@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Greetings, Am Dienstag, 11. Januar 2005 15:34 schrieb Max Vozeler: > Hi yanosz, > > Jan L=FChr wrote: > > I'm still trying to set up util-linux 3.0a. The included patch seems to > > require util-linux 2.12i, but 2.12p seems to be the latest release. > > You can find an updated patch on http://loop-aes.sf.net/updates/ > > > (Well, there is a patched version of util-linux in debian already, but = it > > supports only loop-aes 2.X) > > I know :^) > > A new version based on v3.0a and 2.12p is pending upload to unstable. > If you don't want to patch yourself or wait longer, you can find the > new package version here: http://debian.hinterhof.net/unstable/ > > Sarge is probably still going to include loop-AES 2.X. The update to > v3.0a would need a newer version of util-linux to make it into testing > first, and this is unlikely to happen before the release. Yeah, yeah, base freeze - I know. (Freezing the base-system, and waiting=20 months for security support which is still not established or will be=20 established in a foreseeable period is quite foolish) Is there a blocker for not patching 3.0a into sarge's util-linux? (use=20 base-components from sid in will raise the amount of work quite a lot) Keep smiling yanosz - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jan 12 11:46:00 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Cog0e-0004wv-Cn; Wed, 12 Jan 2005 11:45:52 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 12 Jan 2005 11:44:54 +0100 (CET) Received: from smtp110.mail.sc5.yahoo.com ([66.163.170.8]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1CofzI-0004us-BI for linux-crypto@nl.linux.org; Wed, 12 Jan 2005 11:44:28 +0100 Received: from unknown (HELO yahoo.dk) (castrolkonto2@192.38.9.236 with plain) by smtp110.mail.sc5.yahoo.com with SMTP; 12 Jan 2005 10:44:25 -0000 Message-ID: <41E500DA.3090108@yahoo.dk> Date: Wed, 12 Jan 2005 11:50:02 +0100 From: Petersen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040421 X-Accept-Language: da, en-us, en MIME-Version: 1.0 To: Jari Ruusu , linux-crypto@nl.linux.org Subject: Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3'exceptfor swap References: <41E3C482.5000501@yahoo.dk> <41E3EC56.C402A323@users.sourceforge.net> <41E3F951.4070705@yahoo.dk> <41E41535.4EBCE82C@users.sourceforge.net> In-Reply-To: <41E41535.4EBCE82C@users.sourceforge.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: castrolkonto2@yahoo.dk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Petersen wrote: > >>Jari Ruusu wrote: >> >>>loop-AES-v3.0a mount and losetup can also read multi-key from file >>>descriptor specified with -p command line option. >> >>But don't I need gpg-keys then? Perhaps I misunderstood the concept of >>multi-key-v3, is the keys actually gpg-keys? Of course I want a secure >>system, but I also would like to avoid kB's of random ascii data for the >>case if they disappear, and only have my memorised password left (and >>the encrypted partition). > > > Loop encryption keys are stored in gpg encrypted message. All you need to do > is to memorize the passphrase that can decrypt the gpg message. > losetup/mount/gpg programs do the rest. > > Any key directly derived from human memorizable passphrase is almost always > weak. High quality random keys in gpg encrypted message are much stronger. > Ok, so no gpg-key=no access(?) I am afraid I'll lose the gpg-keys, the human element is often the biggest threat. What about data corruption like zip-files suffers? "But doesn't this give easier corruption; for example, zip-files gets easily destroyed because byte N depends of bytes 0 to N-1, and if byte N gets altered, N to Nlast are wrong." - - I don't always treat my server nicely, sometimes it is shut down on the power switch. Can my encrypted disk (ext3 on top of device backed loop) survive such treatment no worse than a regular ext3? I'll play more with loop-AES before moving data permanently to the encrypted disk, I'll also try your watermark examples. I want to use encryption mainly because my data is no-one elses business. If someone send me an illegal mp3-file, I also want to be guarded against the copyright-police, which is pretty aggressive in Danmark. > If you insist on storing the key file on the same partition as encrypted > data, then you can write the key file data to beginning of the partition and > specify an offset for the loop device. This example uses /dev/hda999 as the > partition: > > Fill partition with junk > > head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ > | losetup -p 0 -e AES128 /dev/loop0 /dev/hda999 > dd if=/dev/zero of=/dev/loop0 bs=4k conv=notrunc > losetup -d /dev/loop0 > > Put key file to beginning of partition > > yes "" | dd of=/dev/hda999 bs=8192 count=1 conv=notrunc > head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ > | gpg --symmetric -a | dd of=/dev/hda999 conv=notrunc > > Put this line to /etc/fstab > > /dev/hda999 /mnt999 ext3 defaults,noauto,loop=/dev/loop0,encryption=AES128,gpgkey=/dev/hda999,offset=8192 0 0 > > Create new encrypted file system > > losetup -F -v /dev/loop0 > mkfs -t ext3 /dev/loop0 > losetup -d /dev/loop0 > mkdir /mnt999 > > And then mount and unmount it > > mount /mnt999 > umount /mnt999 > > >>So does the encrypted swap in fact use 65 random/"unknown" gpg-keys? > > > swapon program creates 65 random keys based on data from /dev/urandom and > old encrypted swap data from same partition. swapon program talks direcly to > loop driver without gpg doing anything. > > >>I suppose I can set a seed with 'losetup .. -S we23fef ...' or >>something? As the machine I want to encrypt is switched on and off every >>day, I will store gpg-keys and seed on hard disk or floppy (and put a >>copy 'somewhere safe').That equals security level 2) from your readme. > > > You are better off using one of the examples in the README or above example. > > >>The seed, being available to the attacker, is only good to force the >>attacter to discard his precomputed, nonseeded, dictionary list?? > > > Yes. The seed prevents *pre*computed dictionary attacks. > > >>I understand that some file (all zeroes for example) will give identical >>encrypted blocks on the disk. > > > Nope. But weak IV computation can be exploited so that two different > plaintexts will result in same ciphertext. > > >>I found that 'hdparm -W 0 /dev/hdx' is necessary to switch off the >>write-cache (http://lwn.net/Articles/67223/). Perhaps you should add >>this to your README. > > > It depends whether the box gets its power from UPS or not. Write caching is > ok in the UPS powered case. It is exactly same issue on unencrypted case. > > >>Another thing I struggled with a while back, is the confusion around the >>cryptoloop/loop-aes that kernel 2.6.x contains. I thought your loop-AES >>equaled the kernel option, and supposed doing it 'your way' was getting >>obsolete after kernel 2.6.x integrated encryption in the kernel. I never >>got the 2.4.x-cryptoloop kernel patch to work, so I did it your way; it >>seems now that this is the superior method security wise. > > > Mainline cryptoloop is the one that is obsolete. > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jan 12 16:26:07 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CokNq-00007j-7W; Wed, 12 Jan 2005 16:26:06 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 12 Jan 2005 16:25:26 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CokN1-000067-OR for linux-crypto@nl.linux.org; Wed, 12 Jan 2005 16:25:15 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id B9D3E293F0E; Wed, 12 Jan 2005 17:24:55 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13636-04; Wed, 12 Jan 2005 17:24:49 +0200 (EET) Received: from armas (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 9E7C62A3919; Wed, 12 Jan 2005 17:24:49 +0200 (EET) Received: from localhost ([127.0.0.1] helo=users.sourceforge.net) by armas with esmtp (Exim) id 1CokMb-0001fD-00; Wed, 12 Jan 2005 17:24:49 +0200 Message-ID: <41E54141.17DAACC2@users.sourceforge.net> Date: Wed, 12 Jan 2005 17:24:49 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.22aa1r8 i686) X-Accept-Language: en MIME-Version: 1.0 To: Petersen Cc: linux-crypto@nl.linux.org Subject: Re: encrypting with loop-AES-v3.0a and no gpg-key doesn't give 'multi-key-v3'exceptfor swap References: <41E3C482.5000501@yahoo.dk> <41E3EC56.C402A323@users.sourceforge.net> <41E3F951.4070705@yahoo.dk> <41E41535.4EBCE82C@users.sourceforge.net> <41E500DA.3090108@yahoo.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Petersen wrote: > Ok, so no gpg-key=no access(?) I am afraid I'll lose the gpg-keys, the > human element is often the biggest threat. You won't lose the gpg encrypted key file if you put it to beginning of the partition where your encrypted data is. > What about data corruption like zip-files suffers? If ciphertext is corrupted, plaintext data is also corrupted. However, all plaintext corruption stays within the same 512 byte sector because all 512 byte sectors are decrypted independently of other sectors. > I don't always treat my server nicely, sometimes it is shut down on the > power switch. Can my encrypted disk (ext3 on top of device backed loop) > survive such treatment no worse than a regular ext3? Encrypted ext3 survival is not any worse than unencrypted ext3. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jan 13 01:00:41 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CosPl-0001mG-Bz; Thu, 13 Jan 2005 01:00:37 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 13 Jan 2005 00:59:47 +0100 (CET) Received: from [83.137.99.112] (helo=mx01.hinterhof.net) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CosOk-0001lk-5K for linux-crypto@nl.linux.org; Thu, 13 Jan 2005 00:59:34 +0100 Received: from localhost (localhost [127.0.0.1]) by mx01.hinterhof.net (Postfix) with ESMTP id 520B610D8B for ; Thu, 13 Jan 2005 01:00:50 +0100 (CET) Received: from nautile.roam.hinterhof.net (pD9E76AFC.dip.t-dialin.net [217.231.106.252]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "nautile.roam.hinterhof.net", Issuer "hinterhofCA" (verified OK)) by mx01.hinterhof.net (Postfix) with ESMTP id 5F207109DD for ; Thu, 13 Jan 2005 01:00:48 +0100 (CET) Received: by nautile.roam.hinterhof.net (Postfix, from userid 1000) id AD9054F8A9; Thu, 13 Jan 2005 00:59:01 +0100 (CET) Date: Thu, 13 Jan 2005 00:59:01 +0100 From: Max Vozeler To: linux-crypto@nl.linux.org Subject: Re: Setting up loop-aes: Using util-linux != 2.12i Message-ID: <20050112235901.GA20158@nautile.roam.hinterhof.net> Mail-Followup-To: linux-crypto@nl.linux.org References: <200501110955.30879.jluehr@gmx.net> <20050111143437.GA19623@nautile.roam.hinterhof.net> <200501112221.53709.jluehr@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200501112221.53709.jluehr@gmx.net> User-Agent: Mutt/1.5.6+20040907i Content-Transfer-Encoding: quoted-printable Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: max@hinterhof.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi yanosz, Jan L=FChr wrote: > Am Dienstag, 11. Januar 2005 15:34 schrieb Max Vozeler: > > Sarge is probably still going to include loop-AES 2.X. The update to > > v3.0a would need a newer version of util-linux to make it into testin= g > > first, and this is unlikely to happen before the release. >=20 > Yeah, yeah, base freeze - I know. (Freezing the base-system, and waitin= g=20 > months for security support which is still not established or will be=20 > established in a foreseeable period is quite foolish) There _are_ people looking after security updates in testing, even though the security support is not yet official. Cf. recent mails to debian-release by Joey Hess. What is still not established are auto- builders for testing-security, AIUI. > Is there a blocker for not patching 3.0a into sarge's util-linux?=20 Yes, mainly that I don't have time to do the backport, and to give the resulting tools thorough testing. Considering that 2.X is very fine in itself, I'd also say it's not worth the effort and the risk of adding new bugs in the process. > (use base-components from sid in will raise the amount of work quite a > lot) Not sure I understand what you mean here. We are getting quite off-topic for linux-crypto with this, let's continue in direct mail if you like. Regards, Max --=20 308E81E7B97963BCA0E6ED889D5BD511B7CDA2DC - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 16 03:45:55 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Cq0QL-0001Nl-SD; Sun, 16 Jan 2005 03:45:53 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 16 Jan 2005 03:44:57 +0100 (CET) Received: from ns1.g-housing.de ([62.75.136.201] helo=mail.g-house.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Cq0P7-0001N5-Gz for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 03:44:37 +0100 Received: from g1714.g.pppool.de ([80.185.23.20] helo=sheep.housecafe.de) by mail.g-house.de with esmtp (TLS-1.0:RSA_ARCFOUR_SHA:16) (Exim 4.34) id 1Cq0Oy-00071D-Jh for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 03:44:28 +0100 Received: from prinz.housecafe.de ([192.168.10.11]) by sheep.housecafe.de with esmtp (Exim 4.34) id 1Cq0Ow-0003RJ-1c for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 03:44:26 +0100 Message-ID: <41E9D50C.4080302@g-house.de> Date: Sun, 16 Jan 2005 03:44:28 +0100 From: Christian Kujau User-Agent: Mozilla Thunderbird 0.9 (X11/20041124) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re-encrypting using multi-key, again X-Enigmail-Version: 0.89.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: evil@g-house.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello list, apologies for abusing linux-crypto with loop-aes-only-related problems, but it's my crpyto-solution of choice ;-) now that multi-key-v3 is the preferred key-mode with loop-aes, i wanted to "switch" from multi-key-v2 to multi-key-v3 using a linux-2.6 kernel. reading http://www.spinics.net/lists/crypto/msg02814.html made me use aespipe but i felt like making some changes to the syntax, because i had no single-key setup and no "seed.txt". what i did was: $ dd if=test.img bs=64k | aespipe -d -e aes128 -K ~/keys/sda8.gpg \ | aespipe -e aes128 -K ~/keys/sda8-v3.gpg -w120 \ | dd of=test.img bs=64k conv=notrunc $ losetup -e aes128 -K ~/keys/sda8-v3.gpg /dev/loop0 test.img but after this, i could not mount test.img (loop0) anymore - all data seems to be gone (luckily i really did this on the test.img first, not with real, valuable data). (full log see below) i wonder - - how i misused aespipe - - if this is the way to go, to change the cipher/passphrase/keyfile without reformatting the fs (i assume the answer is "yes") - - how to figure out the right time to wait (aespipe -w) on large filesystems without testing first thank you for your ideas. i could imagine this is somehow a FAQ and adding the (right) answers to loop-AES.README (Example 7) would be fine. maybe we'll have multi-key-v4 anytime soon and people have to switch again. Christian. - ---------- some cmd snippets ---------- root@sheep:~# losetup -e aes128 -K ~/keys/sda8.gpg /dev/loop0 test.img root@sheep:~# losetup -a /dev/loop0: [0805]:16819615 (test.img) encryption=AES128 multi-key-v3 root@sheep:~# mount -t ext2 /dev/loop0 /mnt/cdrom/ [success] root@sheep:~# umount /mnt/cdrom/ root@sheep:~# losetup -d /dev/loop0 root@sheep:~# root@sheep:~# dd if=test.img bs=64k | aespipe -d -e aes128 -K \ ~/keys/sda8.gpg | aespipe -e aes128 -K ~/keys/sda8-v3.gpg\ -w120 | dd of=test.img bs=64k conv=notrunc Password: Password: 800+0 records in 800+0 records out 52428800 bytes transferred in 134.029051 seconds (391175 bytes/sec) 111+5214 records in 111+5214 records out 52428800 bytes transferred in 134.027787 seconds (391179 bytes/sec) root@sheep:~# ls -lah test.img - -rw-r--r-- 1 root root 50M Jan 16 03:14 test.img [size as before] root@sheep:~# losetup -e aes128 -K ~/keys/sda8-v3.gpg /dev/loop0 test.img Password: root@sheep:~# mount -t ext2 /dev/loop0 /mnt/cdrom/ mount: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so [ NOTE: sda8-v3.key was generated as in Ex.2 in loop-AES.README, sda8.key was generated following the loop-AES.README that came with loop-aes-v2.x once. ] - -- BOFH excuse #82: Yeah, yo mama dresses you funny and you need a mouse to delete files. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6dUL+A7rjkF8z0wRAotIAJ4lcPRjRIY211SeJ6GTWwelUs3JEwCeNOfP qO1b1ESOTAhRH0Z5rE2IfO8= =HXpG -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 16 12:48:23 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Cq8tJ-0002hn-Iw; Sun, 16 Jan 2005 12:48:21 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 16 Jan 2005 12:47:45 +0100 (CET) Received: from web42106.mail.yahoo.com ([66.218.93.199]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1Cq8sZ-0002h0-HL for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 12:47:35 +0100 Received: (qmail 54891 invoked by uid 60001); 16 Jan 2005 11:46:49 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=RhjPRpVq6kBvfKdb0s6pcR0t2/wkXgVK4iIMLR4/ydvzxwHeQr1BuBQgevdMH0fjSVUxGUB/NjTV6cCUxIF2jtD1UGMq4xGlL0ufHSOBOf1efbCaIZ6TamY8lc9bVGlZL+tDx9/QkL9g62iVAg+Cd/tBTapdUKydHL2tLQBlVKM= ; Message-ID: <20050116114649.54889.qmail@web42106.mail.yahoo.com> Received: from [65.92.100.4] by web42106.mail.yahoo.com via HTTP; Sun, 16 Jan 2005 03:46:49 PST Date: Sun, 16 Jan 2005 03:46:49 -0800 (PST) From: David Martin Subject: alternative to aespipe that allows long (CFB) chains To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-541010142-1105876009=:54329" Received-SPF: X-Spam-Status: No, score=0.8 required=5.0 tests=FROM_ENDS_IN_NUMS,HTML_10_20, HTML_MESSAGE autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: davidmartin330@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --0-541010142-1105876009=:54329 Content-Type: text/plain; charset=us-ascii I want a single key and one long CFB chain pipeable encryption. I can use GPG but it is very slow compared to aespipe - 14Mb/s vs 2Mb/s about. My reasoning is security. Random access is not necessary in my application. aespipe allows only 512 bytes before it starts again with one of the same 64 keys (max). While I trust that Jari has the best implementation for on the fly disk encryption, any such programs IV usage seems likely to much less studied than long messages with single keys or many short messages with "random" IV's . --------------------------------- Do you Yahoo!? Meet the all-new My Yahoo! – Try it today! --0-541010142-1105876009=:54329 Content-Type: text/html; charset=us-ascii
I want a single key and one long CFB chain pipeable encryption. I can use GPG but it is very slow compared to aespipe - 14Mb/s vs 2Mb/s about.
 
 
My reasoning is security. Random access is not necessary in my application. aespipe allows only 512 bytes before it starts again with one of the same 64 keys (max). While I trust that Jari has the best implementation for on the fly disk encryption, any such programs IV usage seems likely to much less studied than long messages with single keys or many short messages with "random" IV's .
 

Do you Yahoo!?
Meet the all-new My Yahoo! – Try it today! --0-541010142-1105876009=:54329-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 16 12:53:38 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Cq8yP-000307-IM; Sun, 16 Jan 2005 12:53:37 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 16 Jan 2005 12:53:11 +0100 (CET) Received: from web42105.mail.yahoo.com ([66.218.93.198]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1Cq8xo-0002zN-12 for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 12:53:00 +0100 Received: (qmail 75534 invoked by uid 60001); 16 Jan 2005 11:52:43 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=Bs+Rsd1EC7TzavK46j51hWOO9QmnH7SBNg9zr1P54nHdsvGkMAun6h8grBbUuCBgTLCw5gX4cbb/hmQ/7/RCyc0bLep3tKHfmTtzcJWX3ZzeStJFPk6WbjdUMjvBmiQhW2MK5FO49o0lLpRnw90hA4hrvDD0UnBSJZtIH/zG8og= ; Message-ID: <20050116115243.75532.qmail@web42105.mail.yahoo.com> Received: from [65.92.100.4] by web42105.mail.yahoo.com via HTTP; Sun, 16 Jan 2005 03:52:43 PST Date: Sun, 16 Jan 2005 03:52:43 -0800 (PST) From: David Martin Subject: Re: alternative to aespipe that allows long (CFB) chains To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1068994595-1105876363=:75353" Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.7 required=5.0 tests=AWL,FROM_ENDS_IN_NUMS, HTML_30_40,HTML_MESSAGE autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: davidmartin330@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --0-1068994595-1105876363=:75353 Content-Type: text/plain; charset=us-ascii Also, GPG changes the file size even if compression is off. I need the file size to remain the same. David Martin wrote:I want a single key and one long CFB chain pipeable encryption. I can use GPG but it is very slow compared to aespipe - 14Mb/s vs 2Mb/s about. My reasoning is security. Random access is not necessary in my application. aespipe allows only 512 bytes before it starts again with one of the same 64 keys (max). While I trust that Jari has the best implementation for on the fly disk encryption, any such programs IV usage seems likely to much less studied than long messages with single keys or many short messages with "random" IV's . --------------------------------- Do you Yahoo!? Meet the all-new My Yahoo! – Try it today! --------------------------------- Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. --0-1068994595-1105876363=:75353 Content-Type: text/html; charset=us-ascii
Also, GPG changes the file size even if compression is off. I need the file size to remain the same.

David Martin <davidmartin330@yahoo.com> wrote:
I want a single key and one long CFB chain pipeable encryption. I can use GPG but it is very slow compared to aespipe - 14Mb/s vs 2Mb/s about.
 
 
My reasoning is security. Random access is not necessary in my application. aespipe allows only 512 bytes before it starts again with one of the same 64 keys (max). While I trust that Jari has the best implementation for on the fly disk encryption, any such programs IV usage seems likely to much less studied than long messages with single keys or many short messages with "random" IV's .
 

Do you Yahoo!?
Meet the all-new My Yahoo! – Try it today!

Do you Yahoo!?
Yahoo! Mail - Easier than ever with enhanced search. Learn more. --0-1068994595-1105876363=:75353-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 16 14:05:13 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqA5f-00032S-T9; Sun, 16 Jan 2005 14:05:11 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 16 Jan 2005 14:04:35 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqA4b-0001yO-6Z for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 14:04:05 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id D9FB12A3B37; Sun, 16 Jan 2005 15:03:55 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30883-06; Sun, 16 Jan 2005 15:03:54 +0200 (EET) Received: from armas (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 5C9C02AEA21; Sun, 16 Jan 2005 15:01:57 +0200 (EET) Received: from localhost ([127.0.0.1] helo=users.sourceforge.net) by armas with esmtp (Exim) id 1CqA2X-0001GJ-00; Sun, 16 Jan 2005 15:01:57 +0200 Message-ID: <41EA65C4.53DEA211@users.sourceforge.net> Date: Sun, 16 Jan 2005 15:01:56 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.22aa1r8 i686) X-Accept-Language: en MIME-Version: 1.0 To: Christian Kujau Cc: linux-crypto@nl.linux.org Subject: Re: Re-encrypting using multi-key, again References: <41E9D50C.4080302@g-house.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Christian Kujau wrote: > reading http://www.spinics.net/lists/crypto/msg02814.html made me use > aespipe but i felt like making some changes to the syntax, because i had > no single-key setup and no "seed.txt". what i did was: > > $ dd if=test.img bs=64k | aespipe -d -e aes128 -K ~/keys/sda8.gpg \ > | aespipe -e aes128 -K ~/keys/sda8-v3.gpg -w120 \ > | dd of=test.img bs=64k conv=notrunc What aespipe version did you use? v3 on-disk format encrypting aespipe must be version v2.3a or later. As of this writing, there is no later version. > - - how i misused aespipe Your "dd | aespipe -d | aespipe | dd" pipe looks ok. > - - if this is the way to go, to change the cipher/passphrase/keyfile > without reformatting the fs (i assume the answer is "yes") Passphrase can be changed by re-encrypting the key file, or by changing gpg private key passphrase (public key crypto case). Cipher type or cipher key length or key file content change requires re-encryption of the file system data. > - - how to figure out the right time to wait (aespipe -w) on large > filesystems without testing first The wait is there only to prevent two aespipe programs asking two passphrases simultaneously. If you can type first passphrase in 30 seconds, then -w30 is enough. > maybe we'll have multi-key-v4 anytime soon and people have to switch > again. No such v4 plans yet. > root@sheep:~# losetup -e aes128 -K ~/keys/sda8.gpg /dev/loop0 test.img > root@sheep:~# losetup -a > /dev/loop0: [0805]:16819615 (test.img) encryption=AES128 multi-key-v3 ^^^ But ~/keys/sda8.gpg is already in v3 format. Typo? > [ NOTE: sda8-v3.key was generated as in Ex.2 in loop-AES.README, sda8.key > was generated following the loop-AES.README that came with loop-aes-v2.x > once. ] Above "losetup -a" output says otherwise. Can you provide output of following commands: gpg --decrypt <~/keys/sda8.gpg | wc --lines gpg --decrypt <~/keys/sda8-v3.gpg | wc --lines First command should output "64" and second command should output "65". -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 16 19:33:04 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqFCw-0006k1-5F; Sun, 16 Jan 2005 19:33:02 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 16 Jan 2005 19:32:13 +0100 (CET) Received: from ns1.g-housing.de ([62.75.136.201] helo=mail.g-house.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqFBk-0006eB-HK for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 19:31:48 +0100 Received: from g0eed.g.pppool.de ([80.185.14.237] helo=sheep.housecafe.de) by mail.g-house.de with esmtp (TLS-1.0:RSA_ARCFOUR_SHA:16) (Exim 4.34) id 1CqFBF-0005IS-K5 for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 19:31:18 +0100 Received: from prinz.housecafe.de ([192.168.10.11]) by sheep.housecafe.de with esmtp (Exim 4.34) id 1CqFBP-0003TV-2R for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 19:31:27 +0100 Message-ID: <41EAB302.9030503@g-house.de> Date: Sun, 16 Jan 2005 19:31:30 +0100 From: Christian Kujau User-Agent: Mozilla Thunderbird 0.9 (X11/20041124) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Re-encrypting using multi-key, again References: <41E9D50C.4080302@g-house.de> <41EA65C4.53DEA211@users.sourceforge.net> In-Reply-To: <41EA65C4.53DEA211@users.sourceforge.net> X-Enigmail-Version: 0.89.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.1 required=5.0 tests=AWL,FORGED_RCVD_HELO autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: evil@g-house.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jari Ruusu schrieb: > > What aespipe version did you use? > > v3 on-disk format encrypting aespipe must be version v2.3a or later. As of > this writing, there is no later version. oh, i have aespipe v2.2d - sorry i missed that. i'll upgrade and see what it gives. >>- - how i misused aespipe > Your "dd | aespipe -d | aespipe | dd" pipe looks ok. ok. >>- - if this is the way to go, to change the cipher/passphrase/keyfile >> without reformatting the fs (i assume the answer is "yes") > > Passphrase can be changed by re-encrypting the key file, or by changing gpg > private key passphrase (public key crypto case). yes, indeed. > Cipher type or cipher key length or key file content change requires > re-encryption of the file system data. ...which could be accomplished by "dd | aespipe -d | aespipe | dd", right? >>- - how to figure out the right time to wait (aespipe -w) on large >> filesystems without testing first > > The wait is there only to prevent two aespipe programs asking two > passphrases simultaneously. If you can type first passphrase in 30 seconds, > then -w30 is enough. ah, got it. >>maybe we'll have multi-key-v4 anytime soon and people have to switch >>again. > > No such v4 plans yet. > >>root@sheep:~# losetup -e aes128 -K ~/keys/sda8.gpg /dev/loop0 test.img >>root@sheep:~# losetup -a >>/dev/loop0: [0805]:16819615 (test.img) encryption=AES128 multi-key-v3 > > ^^^ > But ~/keys/sda8.gpg is already in v3 format. Typo? no typo. i've generated sda8.gpg as described in loop-AES.README when multi-key-v2 was "state-of-the-art" - however, i don't know the syntax anymore. when decrypting manually, gpg says "CAST5 encrypted data" and "WARNING: message was not integrity protected", the plaintext consists of 3904 bytes (whoops, too much info for an open mailinglist? *gg*) > Above "losetup -a" output says otherwise. indeed. > Can you provide output of following commands: > > gpg --decrypt <~/keys/sda8.gpg | wc --lines > gpg --decrypt <~/keys/sda8-v3.gpg | wc --lines > > First command should output "64" and second command should output "65". yes, it really does. the thing is, i'ved used losetup (from loop-aes-utils 2.12p) to encrypt a new "test.img" - thus multi-key-v3 seems to be available for sda8.gpg too. but i've got real partitions here too, all showing up with multi-key-v2. i can't just mkfs on it then. i'll try with a current aespipe again. thanks for your input, i really appreciate your work. Christian. - ---- strange tests ------ root@sheep:~# losetup -e aes128 -K ~/keys/sda8.gpg /dev/loop6 /dev/sda8 Password: root@sheep:~# losetup -a | grep loop6 /dev/loop6: [0805]:380 (/dev/sda8) encryption=AES128 multi-key-v2 root@sheep:~# root@sheep:~# root@sheep:~# losetup -e aes128 -K ~/keys/sda8.gpg /dev/loop0 test.img Password: root@sheep:~# losetup -a | grep loop0 /dev/loop0: [0805]:16819615 (test.img) encryption=AES128 multi-key-v3 root@sheep:~# (no typo, really) - -- BOFH excuse #391: We already sent around a notice about that. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6rMC+A7rjkF8z0wRAiZnAKCyMuMCTnJUepO29UwgWiEGj9j7VACfbBA8 2/7tPjTMX82ZhgndIHpaRSc= =tbnj -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 16 22:59:18 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqIQW-0003hk-7G; Sun, 16 Jan 2005 22:59:16 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 16 Jan 2005 22:58:41 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqIPh-0003gy-1z for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 22:58:25 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 356FC2A3D9A; Sun, 16 Jan 2005 23:58:24 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16279-08; Sun, 16 Jan 2005 23:58:22 +0200 (EET) Received: from armas (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 603C8280A3C; Sun, 16 Jan 2005 23:58:22 +0200 (EET) Received: from localhost ([127.0.0.1] helo=users.sourceforge.net) by armas with esmtp (Exim) id 1CqIPd-0001n7-00; Sun, 16 Jan 2005 23:58:21 +0200 Message-ID: <41EAE37D.670F1320@users.sourceforge.net> Date: Sun, 16 Jan 2005 23:58:21 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.22aa1r8 i686) X-Accept-Language: en MIME-Version: 1.0 To: Christian Kujau Cc: linux-crypto@nl.linux.org Subject: Re: Re-encrypting using multi-key, again References: <41E9D50C.4080302@g-house.de> <41EA65C4.53DEA211@users.sourceforge.net> <41EAB302.9030503@g-house.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Christian Kujau wrote: > oh, i have aespipe v2.2d - sorry i missed that. i'll upgrade and see what > it gives. aespipe-v2.3a should fix that error. > > Cipher type or cipher key length or key file content change requires > > re-encryption of the file system data. > > ...which could be accomplished by "dd | aespipe -d | aespipe | dd", right? Yes. > root@sheep:~# losetup -e aes128 -K ~/keys/sda8.gpg /dev/loop6 /dev/sda8 > Password: > root@sheep:~# losetup -a | grep loop6 > /dev/loop6: [0805]:380 (/dev/sda8) encryption=AES128 multi-key-v2 > root@sheep:~# > root@sheep:~# > root@sheep:~# losetup -e aes128 -K ~/keys/sda8.gpg /dev/loop0 test.img > Password: > root@sheep:~# losetup -a | grep loop0 > /dev/loop0: [0805]:16819615 (test.img) encryption=AES128 multi-key-v3 > root@sheep:~# This was a bug in loop code. My fault. Fixed in loop-AES-v3.0b -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 16 22:59:21 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqIQW-0003hW-7G; Sun, 16 Jan 2005 22:59:16 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 16 Jan 2005 22:58:34 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqIPc-0003gZ-UW for linux-crypto@nl.linux.org; Sun, 16 Jan 2005 22:58:21 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 5C29C2D2E12; Sun, 16 Jan 2005 23:58:10 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16265-10; Sun, 16 Jan 2005 23:58:08 +0200 (EET) Received: from armas (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 73D3C2A3D9A; Sun, 16 Jan 2005 23:58:08 +0200 (EET) Received: from localhost ([127.0.0.1] helo=users.sourceforge.net) by armas with esmtp (Exim) id 1CqIPP-0001n5-00; Sun, 16 Jan 2005 23:58:07 +0200 Message-ID: <41EAE36F.35354DDF@users.sourceforge.net> Date: Sun, 16 Jan 2005 23:58:07 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.22aa1r8 i686) X-Accept-Language: en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Cc: linux-kernel@vger.kernel.org Subject: Announce loop-AES-v3.0b file/swap crypto package Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto loop-AES changes since previous release: - Fixed externally compiled module version multi-key-v3 ioctl incompatibility with boxes running 64 bit kernel and 32 bit userland. Kernel patch versions were not affected (2.4 and 2.6 kernels). - Fixed bug that made v3 on-disk format always use file backed code path on some 2.6 kernels that did not have LO_FLAGS_DO_BMAP defined. No data loss, but file backed code path is not journaled file system safe. Same bug also had cosmetic side effect of "losetup -a" status query always displaying file backed v2 on-disk format as v3 on-disk format. bzip2 compressed tarball is here: http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.0b.tar.bz2 md5sum b295ff982cd4503603b38fdc54e604cc http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.0b.tar.bz2.sign -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jan 17 01:20:07 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqKcf-0006TP-PD; Mon, 17 Jan 2005 01:19:57 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 17 Jan 2005 01:19:20 +0100 (CET) Received: from ns1.g-housing.de ([62.75.136.201] helo=mail.g-house.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1CqKbq-0006Sj-0E for linux-crypto@nl.linux.org; Mon, 17 Jan 2005 01:19:06 +0100 Received: from g071b.g.pppool.de ([80.185.7.27] helo=sheep.housecafe.de) by mail.g-house.de with esmtp (TLS-1.0:RSA_ARCFOUR_SHA:16) (Exim 4.34) id 1CqKbO-0007b0-AP; Mon, 17 Jan 2005 01:18:38 +0100 Received: from prinz.housecafe.de ([192.168.10.11]) by sheep.housecafe.de with esmtp (Exim 4.34) id 1CqKbe-0007QY-B3; Mon, 17 Jan 2005 01:18:54 +0100 Message-ID: <41EB046D.9010707@g-house.de> Date: Mon, 17 Jan 2005 01:18:53 +0100 From: Christian User-Agent: Mozilla Thunderbird 1.0 (Windows/20050111) X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org CC: Jari Ruusu Subject: Re: Re-encrypting using multi-key, again References: <41E9D50C.4080302@g-house.de> <41EA65C4.53DEA211@users.sourceforge.net> <41EAB302.9030503@g-house.de> <41EAE37D.670F1320@users.sourceforge.net> In-Reply-To: <41EAE37D.670F1320@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: evil@g-house.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Christian Kujau wrote: > >>oh, i have aespipe v2.2d - sorry i missed that. i'll upgrade and see what >>it gives. > > aespipe-v2.3a should fix that error. yes indeed, aespipe-v2.3a fixed it! re-encrypting with the *new* key is working now. > This was a bug in loop code. My fault. > > Fixed in loop-AES-v3.0b ...and it's even out and ready for download - awesome support for a sunday even