From linux-crypto-bounce@nl.linux.org Thu Dec 01 17:40:31 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EhrTv-00074F-5N; Thu, 01 Dec 2005 17:40:27 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 01 Dec 2005 17:40:13 +0100 (CET) Received: from www1.hagenhosting.com ([63.97.115.201]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1EhrTV-00072n-4D for linux-crypto@nl.linux.org; Thu, 01 Dec 2005 17:40:01 +0100 Received: (qmail 31875 invoked by uid 89); 1 Dec 2005 16:39:59 -0000 Date: 1 Dec 2005 16:39:59 -0000 Message-ID: <20051201163959.31874.qmail@www1.hagenhosting.com> From: "Anon" To: Christian CC: linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? X-Mailer: NeoMail 2.00 X-IPAddress: 66.77.213.185 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Received-SPF: X-Spam-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: loop-aes@tarottoni.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto > Anon wrote: > > Could I then use ReiserFS on top of a file backed loop device? > > the loop-AES.README also states: > > 1. Loop device primer > [...] > File backed loops may deadlock under some kernel + file system > combinations. > So, if you can choose between device backed and file backed, choose > device backed even if it means that you have to re-partition your > disks. I *am* planning on using a device-backed loop. > so, file backed loops SHOULD be avoided, no matter if encrypted or not, > with journaling fs on it or without. yes, it's possible and you SHOULD > try it to see if it works for you. but in "most cases" file backed loops > are behaving better. I assume you really meant device-backed loops in the last sentance above. My interest in using a file-backed loop is so that I can have a loop-AES device-backed loop containing a loop-AES file-backed loop, for two (or more) layers of encryption. I have the impression from the loop-AES.README file a non-journalling file system can be used in a file-backed loop. It is my understanding from the ReiserFS documentation that using the "nolog" option during mounting would satisfy the non-journalling criteria, as this option disables journalling. Anon - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Dec 01 18:59:50 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Ehsii-0001OM-In; Thu, 01 Dec 2005 18:59:48 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 01 Dec 2005 18:59:18 +0100 (CET) Received: from ns2.g-housing.de ([81.169.133.75] helo=mail.g-house.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Ehsi5-0001Ns-Ad for linux-crypto@nl.linux.org; Thu, 01 Dec 2005 18:59:09 +0100 Received: from g1ead.g.pppool.de ([80.185.30.173] helo=mail.housecafe.de) by mail.g-house.de with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1Ehsi2-0007X1-NU for linux-crypto@nl.linux.org; Thu, 01 Dec 2005 18:59:06 +0100 Received: from prinz64.housecafe.de ([192.168.10.11] helo=[127.0.0.1]) by mail.housecafe.de with esmtp (Exim 4.54) id 1Ehshu-0000as-QJ for linux-crypto@nl.linux.org; Thu, 01 Dec 2005 18:58:58 +0100 Message-ID: <438F39C3.30707@g-house.de> Date: Thu, 01 Dec 2005 18:58:27 +0100 From: Christian User-Agent: Thunderbird 1.6a1 (Windows/20051117) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? References: <20051201163959.31874.qmail@www1.hagenhosting.com> In-Reply-To: <20051201163959.31874.qmail@www1.hagenhosting.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 0548-1, 01.12.2005), Outbound message X-Antivirus-Status: Clean Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: evil@g-house.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Anon wrote: > I *am* planning on using a device-backed loop. good ;) >> try it to see if it works for you. but in "most cases" file backed loops >> are behaving better. > I assume you really meant device-backed loops in the last sentance above. yes, of course. sorry. > My interest in using a file-backed loop is so that I can have a loop-AES device-backed loop > containing a loop-AES file-backed loop, for two (or more) layers of encryption. hm. i'd rather go with a higher bitsize (e.g. aes-256) or try a combination of device-backed loop-aes and dm-crypt or something. Christian. -- BOFH excuse #334: 50% of the manual is in .pdf readme files - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Dec 01 19:51:27 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EhrJW-0006Pv-Rn; Thu, 01 Dec 2005 17:29:42 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 01 Dec 2005 17:28:58 +0100 (CET) Received: from www1.hagenhosting.com ([63.97.115.201]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1EhrIe-0006Me-9Z for linux-crypto@nl.linux.org; Thu, 01 Dec 2005 17:28:48 +0100 Received: (qmail 26458 invoked by uid 89); 1 Dec 2005 16:28:09 -0000 Date: 1 Dec 2005 16:28:09 -0000 Message-ID: <20051201162809.26457.qmail@www1.hagenhosting.com> From: "Anon" To: linux-crypto@nl.linux.org Subject: File-backed loop stress testing X-Mailer: NeoMail 2.00 X-IPAddress: 66.77.213.185 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=AWL,BAYES_05 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: loop-aes@tarottoni.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello All, What is a good way to stress test a loop-AES file-backed loop to see if I can make it fail? Since Jari advises against using file-backed loops, I would like to test how much risk is involved in using the file-backed loop. Thanks! Anon - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Dec 01 20:24:39 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Ehu2m-0002r8-4b; Thu, 01 Dec 2005 20:24:36 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 01 Dec 2005 20:24:16 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Ehu2H-0002p7-3U for linux-crypto@nl.linux.org; Thu, 01 Dec 2005 20:24:05 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 5ACCF335BA2; Thu, 1 Dec 2005 21:24:00 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08779-02; Thu, 1 Dec 2005 21:23:53 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id CD2CC335B96; Thu, 1 Dec 2005 21:21:07 +0200 (EET) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id 8E71567AE8; Thu, 1 Dec 2005 21:21:07 +0200 (EET) Message-ID: <438F4D23.D26EBCFF@users.sourceforge.net> Date: Thu, 01 Dec 2005 21:21:07 +0200 From: Jari Ruusu To: Anon Cc: linux-crypto@nl.linux.org Subject: Re: File-backed loop stress testing References: <20051201162809.26457.qmail@www1.hagenhosting.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Anon wrote: > What is a good way to stress test a loop-AES file-backed loop to see if I > can make it fail? Try lots of writing to the file backed loop file system: dd if=/dev/zero of=/mountpoint/foo bs=1024k If that doesn't trigger it, then start some fatware programs (openoffice + mozilla) that eat lots of RAM, and then try again. Deadlocks may happen when kernel is running out of free RAM, and kernel memory allocation routines attempts to flush dirty RAM pages to backing store. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Dec 01 22:05:32 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EhvcO-0000Ab-GL; Thu, 01 Dec 2005 22:05:28 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 01 Dec 2005 22:04:50 +0100 (CET) Received: from dsw2k3.info ([195.71.86.227]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EhvbG-0007jU-CP for linux-crypto@nl.linux.org; Thu, 01 Dec 2005 22:04:18 +0100 Received: from localhost (localhost [127.0.0.1]) by dsw2k3.info (Postfix) with ESMTP id 5FB9E62A47; Thu, 1 Dec 2005 22:04:17 +0100 (CET) Received: from dsw2k3.info ([127.0.0.1]) by localhost (clit [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17883-06; Thu, 1 Dec 2005 22:04:15 +0100 (CET) Received: from [192.168.100.3] (p548B40AC.dip0.t-ipconnect.de [84.139.64.172]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by dsw2k3.info (Postfix) with ESMTP id 4CBF762A34; Thu, 1 Dec 2005 22:04:14 +0100 (CET) Message-ID: <438F654D.5090600@citd.de> Date: Thu, 01 Dec 2005 22:04:13 +0100 From: Matthias Schniedermeyer User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 Mnenhy/0.7 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Anon Cc: Christian , linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? References: <20051201163959.31874.qmail@www1.hagenhosting.com> In-Reply-To: <20051201163959.31874.qmail@www1.hagenhosting.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: matthias@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Anon wrote: >>Anon wrote: >> >>>Could I then use ReiserFS on top of a file backed loop device? >> >> >>the loop-AES.README also states: >> >> 1. Loop device primer >> [...] >> File backed loops may deadlock under some kernel + file system >> combinations. >> So, if you can choose between device backed and file backed, choose >> device backed even if it means that you have to re-partition your >> disks. > > I *am* planning on using a device-backed loop. > > >>so, file backed loops SHOULD be avoided, no matter if encrypted or not, >>with journaling fs on it or without. yes, it's possible and you SHOULD >>try it to see if it works for you. but in "most cases" file backed loops >>are behaving better. > > I assume you really meant device-backed loops in the last sentance above. > > My interest in using a file-backed loop is so that I can have a loop-AES device-backed loop > containing a loop-AES file-backed loop, for two (or more) layers of encryption. > > I have the impression from the loop-AES.README file a non-journalling file system can be used in a > file-backed loop. It is my understanding from the ReiserFS documentation that using the "nolog" > option during mounting would satisfy the non-journalling criteria, as this option disables > journalling. For that scenario you only 'need' a filesystem for the last layer. You pack an encryption layer onto the partion/device. "losetup" it and losetup the next layer directly onto the newly created /dev/loop device. That way you only stack block-devices and pack a filesystem on the last one. For a (say) 4 layer encryption you would stack; HDD -> Partition -> Loop 1 -> Loop 2 -> Loop 3 -> Loop 4 -> Filesystem e.g. sdb -> sdb1 -> loop0 -> loop1 -> loop2 -> loop3 -> If you want you can also pack the encryption keys before each layer using the "offset"-options to leave the needed space for the keys and shrink the block-device of each layer by a little bit. That way you had to actually break each encryption layer to even get the needed keys for the next. (Of course the key-sets are also encrypted with by gpg or whatever else layer you may think of) Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Dec 02 14:59:01 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiBRC-000318-P2; Fri, 02 Dec 2005 14:58:58 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 02 Dec 2005 14:58:26 +0100 (CET) Received: from www1.hagenhosting.com ([63.97.115.201]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1EiBQV-000307-CT for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 14:58:15 +0100 Received: (qmail 11235 invoked by uid 89); 2 Dec 2005 13:58:10 -0000 Date: 2 Dec 2005 13:58:10 -0000 Message-ID: <20051202135810.11234.qmail@www1.hagenhosting.com> From: "Anon" To: Jari Ruusu CC: linux-crypto@nl.linux.org Subject: Re: File-backed loop stress testing X-Mailer: NeoMail 2.00 X-IPAddress: 66.77.213.185 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: loop-aes@tarottoni.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto > Anon wrote: > > What is a good way to stress test a loop-AES file-backed loop to see if I > > can make it fail? > > Try lots of writing to the file backed loop file system: > > dd if=/dev/zero of=/mountpoint/foo bs=1024k > > If that doesn't trigger it, then start some fatware programs (openoffice + > mozilla) that eat lots of RAM, and then try again. > > Deadlocks may happen when kernel is running out of free RAM, and kernel > memory allocation routines attempts to flush dirty RAM pages to backing > store. > > -- > Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD Excellent! Thank you for the suggestion! :) Anon - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Dec 02 15:45:06 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiC9i-0004fj-T1; Fri, 02 Dec 2005 15:44:58 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 02 Dec 2005 15:44:48 +0100 (CET) Received: from dsw2k3.info ([195.71.86.227]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiC96-0004cV-JI for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 15:44:20 +0100 Received: from localhost (localhost [127.0.0.1]) by dsw2k3.info (Postfix) with ESMTP id 7D7FB62A66; Fri, 2 Dec 2005 15:44:16 +0100 (CET) Received: from dsw2k3.info ([127.0.0.1]) by localhost (clit [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12273-06; Fri, 2 Dec 2005 15:44:15 +0100 (CET) Received: from [192.168.4.17] (i577B8EBC.versanet.de [87.123.142.188]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by dsw2k3.info (Postfix) with ESMTP id 5A3D762A47; Fri, 2 Dec 2005 15:44:13 +0100 (CET) Message-ID: <43905DBB.1080506@citd.de> Date: Fri, 02 Dec 2005 15:44:11 +0100 From: Matthias Schniedermeyer User-Agent: Mozilla Thunderbird 1.0.7 (X11/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Anon Cc: linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? References: <20051202140448.13607.qmail@www1.hagenhosting.com> In-Reply-To: <20051202140448.13607.qmail@www1.hagenhosting.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Anon wrote: >>Anon wrote: >> >>>>Anon wrote: >>>> >>>> >>>>>Could I then use ReiserFS on top of a file backed loop device? >>>> >>>> >>>>the loop-AES.README also states: >>>> >>>> 1. Loop device primer >>>> [...] >>>> File backed loops may deadlock under some kernel + file system >>>> combinations. >>>> So, if you can choose between device backed and file backed, choose >>>> device backed even if it means that you have to re-partition your >>>> disks. >>> >>> >>>I *am* planning on using a device-backed loop. >>> >>> >>> >>>>so, file backed loops SHOULD be avoided, no matter if encrypted or not, >>>>with journaling fs on it or without. yes, it's possible and you SHOULD >>>>try it to see if it works for you. but in "most cases" file backed loops >>>>are behaving better. >>> >>> >>>I assume you really meant device-backed loops in the last sentance above. >>> >>>My interest in using a file-backed loop is so that I can have a loop-AES device-backed loop >>>containing a loop-AES file-backed loop, for two (or more) layers of encryption. >>> >>>I have the impression from the loop-AES.README file a non-journalling file system can be used > > in a > >>>file-backed loop. It is my understanding from the ReiserFS documentation that using the > > "nolog" > >>>option during mounting would satisfy the non-journalling criteria, as this option disables >>>journalling. >> >> >>For that scenario you only 'need' a filesystem for the last layer. >> >>You pack an encryption layer onto the partion/device. >>"losetup" it and losetup the next layer directly onto the newly created >>/dev/loop device. >> >>That way you only stack block-devices and pack a filesystem on the last one. >> >>For a (say) 4 layer encryption you would stack; >> >>HDD -> Partition >>-> Loop 1 -> Loop 2 -> Loop 3 -> Loop 4 >>-> Filesystem >> >>e.g. >>sdb -> sdb1 -> loop0 -> loop1 -> loop2 -> loop3 -> >> >>If you want you can also pack the encryption keys before each layer >>using the "offset"-options to leave the needed space for the keys and >>shrink the block-device of each layer by a little bit. >> >>That way you had to actually break each encryption layer to even get the >>needed keys for the next. (Of course the key-sets are also encrypted >>with by gpg or whatever else layer you may think of) > > Thank you for the suggestion. I just read a similar suggestion for Jari, though I need a more > detailed example to actually implement the suggestion (as in an example fstab and command line > that properly sets up the stack of loops). I never stacked loops before, and do not yet seem to > understand how I would stack loops. > > While your suggestion with the keys residing in each layer may be convenient, I think it > needlessly reduces the security to Level 2 as stated in the loop-AES.README. It would be just as > convenient and easy to store the keys external to the encrypted partion/loops. Taken the losetup from the README i've just written this shell-script Example is for 4 layer, but you can be easily changed for more or less. - snip - #!/bin/bash loop=0 # Find next free Loop-device # return loop-device as output-string and (next) nr via return-value function nextFreeLoop() { while true do if [ ! -b "/dev/loop${loop}" ]; then print "No more loop devices /dev/loop${loop}" exit 99 fi # If the loop-device is "free" then break losetup "/dev/loop${loop}" &>/dev/null || break let loop=loop+1 done echo "/dev/loop${loop}" let loop=loop+1 exit $loop } loop0=`nextFreeLoop` loop=$? loop1=`nextFreeLoop` loop=$? loop2=`nextFreeLoop` loop=$? loop3=`nextFreeLoop` loop=$? if [ "$loop" = "99" ]; then print "Not enough free loop-devices" exit 1 fi losetup -e AES128 -K /root/secret1.gpg $loop0 /dev/hda666 || exit 1 losetup -e AES128 -K /root/secret2.gpg $loop1 $loop0 || exit 1 losetup -e AES128 -K /root/secret3.gpg $loop2 $loop1 || exit 1 losetup -e AES128 -K /root/secret4.gpg $loop3 $loop2 || exit 1 echo "Setup successfull" echo "Used Loop-devices: $loop0 $loop1 $loop2 $loop3" - snip - After that you can mkfs (First time) and/or mount $loop3. If you have other loop-devices the used loop-devices may not be persistent. But you could also change the script to use fixed-numbers instead. Or you skip the -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Dec 02 15:52:09 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiCGd-00054h-Rw; Fri, 02 Dec 2005 15:52:07 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 02 Dec 2005 15:52:02 +0100 (CET) Received: from www1.hagenhosting.com ([63.97.115.201]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1EiBWs-0005TP-B0 for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 15:04:50 +0100 Received: (qmail 13608 invoked by uid 89); 2 Dec 2005 14:04:48 -0000 Date: 2 Dec 2005 14:04:48 -0000 Message-ID: <20051202140448.13607.qmail@www1.hagenhosting.com> From: "Anon" To: Matthias Schniedermeyer CC: linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? X-Mailer: NeoMail 2.00 X-IPAddress: 66.77.213.185 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: loop-aes@tarottoni.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto > Anon wrote: > >>Anon wrote: > >> > >>>Could I then use ReiserFS on top of a file backed loop device? > >> > >> > >>the loop-AES.README also states: > >> > >> 1. Loop device primer > >> [...] > >> File backed loops may deadlock under some kernel + file system > >> combinations. > >> So, if you can choose between device backed and file backed, choose > >> device backed even if it means that you have to re-partition your > >> disks. > > > > I *am* planning on using a device-backed loop. > > > > > >>so, file backed loops SHOULD be avoided, no matter if encrypted or not, > >>with journaling fs on it or without. yes, it's possible and you SHOULD > >>try it to see if it works for you. but in "most cases" file backed loops > >>are behaving better. > > > > I assume you really meant device-backed loops in the last sentance above. > > > > My interest in using a file-backed loop is so that I can have a loop-AES device-backed loop > > containing a loop-AES file-backed loop, for two (or more) layers of encryption. > > > > I have the impression from the loop-AES.README file a non-journalling file system can be used in a > > file-backed loop. It is my understanding from the ReiserFS documentation that using the "nolog" > > option during mounting would satisfy the non-journalling criteria, as this option disables > > journalling. > > For that scenario you only 'need' a filesystem for the last layer. > > You pack an encryption layer onto the partion/device. > "losetup" it and losetup the next layer directly onto the newly created > /dev/loop device. > > That way you only stack block-devices and pack a filesystem on the last one. > > For a (say) 4 layer encryption you would stack; > > HDD -> Partition > -> Loop 1 -> Loop 2 -> Loop 3 -> Loop 4 > -> Filesystem > > e.g. > sdb -> sdb1 -> loop0 -> loop1 -> loop2 -> loop3 -> > > If you want you can also pack the encryption keys before each layer > using the "offset"-options to leave the needed space for the keys and > shrink the block-device of each layer by a little bit. > > That way you had to actually break each encryption layer to even get the > needed keys for the next. (Of course the key-sets are also encrypted > with by gpg or whatever else layer you may think of) Thank you for the suggestion. I just read a similar suggestion for Jari, though I need a more detailed example to actually implement the suggestion (as in an example fstab and command line that properly sets up the stack of loops). I never stacked loops before, and do not yet seem to understand how I would stack loops. While your suggestion with the keys residing in each layer may be convenient, I think it needlessly reduces the security to Level 2 as stated in the loop-AES.README. It would be just as convenient and easy to store the keys external to the encrypted partion/loops. Anon - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Dec 02 16:40:03 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiD0x-0006Vt-F1; Fri, 02 Dec 2005 16:39:59 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 02 Dec 2005 16:39:34 +0100 (CET) Received: from www1.hagenhosting.com ([63.97.115.201]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1EiD0I-0006VC-KU for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 16:39:18 +0100 Received: (qmail 16788 invoked by uid 89); 2 Dec 2005 15:39:16 -0000 Date: 2 Dec 2005 15:39:16 -0000 Message-ID: <20051202153916.16787.qmail@www1.hagenhosting.com> From: "Anon" To: Matthias Schniedermeyer CC: linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? X-Mailer: NeoMail 2.00 X-IPAddress: 66.77.213.185 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: loop-aes@tarottoni.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto > > Thank you for the suggestion. I just read a similar suggestion for Jari, though I need a more > > detailed example to actually implement the suggestion (as in an example fstab and command line > > that properly sets up the stack of loops). I never stacked loops before, and do not yet seem to > > understand how I would stack loops. > > > > While your suggestion with the keys residing in each layer may be convenient, I think it > > needlessly reduces the security to Level 2 as stated in the loop-AES.README. It would be just as > > convenient and easy to store the keys external to the encrypted partion/loops. > > Taken the losetup from the README i've just written this shell-script > Example is for 4 layer, but you can be easily changed for more or less. > > - snip - > #!/bin/bash > > loop=0 > # Find next free Loop-device > # return loop-device as output-string and (next) nr via return-value > function nextFreeLoop() > { > while true > do > if [ ! -b "/dev/loop${loop}" ]; then > print "No more loop devices /dev/loop${loop}" > exit 99 > fi > # If the loop-device is "free" then break > losetup "/dev/loop${loop}" &>/dev/null || break > let loop=loop+1 > done > echo "/dev/loop${loop}" > let loop=loop+1 > exit $loop > } > > loop0=`nextFreeLoop` > loop=$? > loop1=`nextFreeLoop` > loop=$? > loop2=`nextFreeLoop` > loop=$? > loop3=`nextFreeLoop` > loop=$? > > if [ "$loop" = "99" ]; then > print "Not enough free loop-devices" > exit 1 > fi > > losetup -e AES128 -K /root/secret1.gpg $loop0 /dev/hda666 || exit 1 > losetup -e AES128 -K /root/secret2.gpg $loop1 $loop0 || exit 1 > losetup -e AES128 -K /root/secret3.gpg $loop2 $loop1 || exit 1 > losetup -e AES128 -K /root/secret4.gpg $loop3 $loop2 || exit 1 > > echo "Setup successfull" > echo "Used Loop-devices: $loop0 $loop1 $loop2 $loop3" > - snip - > > After that you can > mkfs (First time) and/or mount $loop3. > > If you have other loop-devices the used loop-devices may not be persistent. > > But you could also change the script to use fixed-numbers instead. Thank you for the script. I wish I knew bash so I could understand the script better. While I do very much appreciate your effort, I hoped to get something *much* more simple and direct to help me understand the process of stacking just *two* loops, so I can understand how it works. What I *really* need is an example of stacking two loops, shown as the needed fstab entries and then the command line commands to set up the stack of loops. Anon - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Dec 02 16:55:19 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiDFl-0007TM-QZ; Fri, 02 Dec 2005 16:55:17 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 02 Dec 2005 16:55:07 +0100 (CET) Received: from ms-2.rz.rwth-aachen.de ([134.130.3.131] helo=ms-dienst.rz.rwth-aachen.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiDFJ-0007QY-DG for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 16:54:49 +0100 Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IQV00IPZO77GJ@ms-dienst.rz.rwth-aachen.de> for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 16:54:44 +0100 (MET) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Fri, 02 Dec 2005 16:54:43 +0100 (MET) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by relay.rwth-aachen.de (8.13.3/8.13.3/1) with ESMTP id jB2FsgIc022733 for ; Fri, 02 Dec 2005 16:54:42 +0100 (MET) Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id C2E1B5B7D1 for ; Fri, 02 Dec 2005 16:54:42 +0100 (CET) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08334-03 for ; Fri, 02 Dec 2005 16:54:42 +0100 (CET) Received: from tatooine.rebelbase.local (pc-69-158.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 4A5075B77A for ; Fri, 02 Dec 2005 16:54:42 +0100 (CET) Received: from tatooine.rebelbase.local (localhost [127.0.0.1]) by tatooine.rebelbase.local (Postfix) with ESMTP id 3A2C127C0D2 for ; Fri, 02 Dec 2005 16:54:41 +0100 (CET) Received: (from chef@localhost) by tatooine.rebelbase.local (8.13.1/8.12.10/Submit) id jB2FseZO025345 for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 16:54:40 +0100 Date: Fri, 02 Dec 2005 16:54:40 +0100 From: markus reichelt Subject: Re: loop-AES with ReiserFS for file-backed loop? In-reply-to: <20051202153916.16787.qmail@www1.hagenhosting.com> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20051202155440.GA24982@dantooine> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; boundary=VS++wcV0S1rZb1Fb; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: mutt-ng 1.5.9i (Linux) X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://bitfalle.org/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <20051202153916.16787.qmail@www1.hagenhosting.com> X-Authentication-warning: tatooine.rebelbase.local: chef set sender to ml@bitfalle.org using -f Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@bitfalle.org Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Anon wrote: > What I *really* need is an example of stacking two loops, shown as > the needed fstab entries and then the command line commands to set > up the stack of loops. I guess you really need experience with it :-) How hard can it be? Follow the example in the README. After that is successfully set up, follow it again and adapt it accordingly (just replace /dev/hda666 with the already set up /dev/loop#, use next free /dev/loop# of course) --=20 left blank, right bald --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD4DBQFDkG5ALMyTO8Kj/uQRAu2zAJ9+27mUFYuxe6IV8oUcxj5aAV9AFACWMGzd 6JEwjnCyc1AOyTiGDfAIsg== =PJsf -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Dec 02 17:48:06 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiE4p-0000PR-B0; Fri, 02 Dec 2005 17:48:03 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 02 Dec 2005 17:47:18 +0100 (CET) Received: from www1.hagenhosting.com ([63.97.115.201]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1EiE3x-0000OA-KL for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 17:47:09 +0100 Received: (qmail 13696 invoked by uid 89); 2 Dec 2005 16:46:59 -0000 Date: 2 Dec 2005 16:46:59 -0000 Message-ID: <20051202164659.13695.qmail@www1.hagenhosting.com> From: "Anon" To: linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? X-Mailer: NeoMail 2.00 X-IPAddress: 66.77.214.92 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: loop-aes@tarottoni.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Markus Reichelt wrote: > I guess you really need experience with it :-) How hard can it be? I am not stupid by any means or measure, and it can be difficult for a person who does not have *all* the necessary information. Any process can be difficult to understand with important information missing. I think it is important to realize we all start from the beginning, without any prior knowldge on any subject of study, including encrypted filesystems. Nobody is born with how to use loop-AES, or Linux, or even how to tie their shoes, encoded into their genes. I did carefully RTFM several times, I did very carefully consider all the examples in loop-AES.README, and I do understand how to use the "regular" loop device. Still, I never used a *stack* of loop devices, and I still do not seem to understand how to stack the loops in the context of using two encrypted loops under loop-AES. I invite you to fill in all the details if you can. Anon - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Dec 02 17:55:14 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiEBl-0000vp-2D; Fri, 02 Dec 2005 17:55:13 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 02 Dec 2005 17:55:07 +0100 (CET) Received: from dsw2k3.info ([195.71.86.227]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiEBP-0000uV-Jr for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 17:54:51 +0100 Received: from localhost (localhost [127.0.0.1]) by dsw2k3.info (Postfix) with ESMTP id 3CCB562A66; Fri, 2 Dec 2005 17:54:49 +0100 (CET) Received: from dsw2k3.info ([127.0.0.1]) by localhost (clit [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29777-05; Fri, 2 Dec 2005 17:54:47 +0100 (CET) Received: from [192.168.100.3] (p548B41E0.dip0.t-ipconnect.de [84.139.65.224]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by dsw2k3.info (Postfix) with ESMTP id 0AA2562A47; Fri, 2 Dec 2005 17:54:45 +0100 (CET) Message-ID: <43907C53.9040003@citd.de> Date: Fri, 02 Dec 2005 17:54:43 +0100 From: Matthias Schniedermeyer User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 Mnenhy/0.7 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Anon Cc: linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? References: <20051202164659.13695.qmail@www1.hagenhosting.com> In-Reply-To: <20051202164659.13695.qmail@www1.hagenhosting.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: matthias@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Anon wrote: > Markus Reichelt wrote: > >>I guess you really need experience with it :-) How hard can it be? > > I am not stupid by any means or measure, and it can be difficult for a person who does not have > *all* the necessary information. Any process can be difficult to understand with important > information missing. I think it is important to realize we all start from the beginning, without > any prior knowldge on any subject of study, including encrypted filesystems. Nobody is born with > how to use loop-AES, or Linux, or even how to tie their shoes, encoded into their genes. > > I did carefully RTFM several times, I did very carefully consider all the examples in > loop-AES.README, and I do understand how to use the "regular" loop device. Still, I never used a > *stack* of loop devices, and I still do not seem to understand how to stack the loops in the > context of using two encrypted loops under loop-AES. I invite you to fill in all the details if > you can. losetup -e AES128 -K /root/secret1.gpg /dev/loop0 /dev/hda666 losetup -e AES128 -K /root/secret2.gpg /dev/loop1 /dev/loop0 mount /dev/loop1 /mnt Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Dec 03 00:01:16 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiJtt-0004C8-SE; Sat, 03 Dec 2005 00:01:09 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 03 Dec 2005 00:00:40 +0100 (CET) Received: from ms-2.rz.rwth-aachen.de ([134.130.3.131] helo=ms-dienst.rz.rwth-aachen.de) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EiJsw-00049R-KQ for linux-crypto@nl.linux.org; Sat, 03 Dec 2005 00:00:10 +0100 Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IQW002NI7W65N@ms-dienst.rz.rwth-aachen.de> for linux-crypto@nl.linux.org; Sat, 03 Dec 2005 00:00:07 +0100 (MET) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Sat, 03 Dec 2005 00:00:03 +0100 (MET) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by relay.rwth-aachen.de (8.13.3/8.13.3/1) with ESMTP id jB2N025c002903 for ; Sat, 03 Dec 2005 00:00:02 +0100 (MET) Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 6D6565B7D1 for ; Sat, 03 Dec 2005 00:00:02 +0100 (CET) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05623-07 for ; Sat, 03 Dec 2005 00:00:01 +0100 (CET) Received: from tatooine.rebelbase.local (pc-69-158.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 2B8C45B77A for ; Sat, 03 Dec 2005 00:00:01 +0100 (CET) Received: from tatooine.rebelbase.local (localhost [127.0.0.1]) by tatooine.rebelbase.local (Postfix) with ESMTP id 0941B27C0D2 for ; Fri, 02 Dec 2005 23:59:58 +0100 (CET) Received: (from chef@localhost) by tatooine.rebelbase.local (8.13.1/8.12.10/Submit) id jB2MxvIp027237 for linux-crypto@nl.linux.org; Fri, 02 Dec 2005 23:59:57 +0100 Date: Fri, 02 Dec 2005 23:59:57 +0100 From: markus reichelt Subject: Re: loop-AES with ReiserFS for file-backed loop? In-reply-to: <20051202164659.13695.qmail@www1.hagenhosting.com> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20051202225957.GB24982@dantooine> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; boundary=LyciRD1jyfeSSjG0; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: mutt-ng 1.5.9i (Linux) X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://bitfalle.org/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <20051202164659.13695.qmail@www1.hagenhosting.com> X-Authentication-warning: tatooine.rebelbase.local: chef set sender to ml@bitfalle.org using -f Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@bitfalle.org Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --LyciRD1jyfeSSjG0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Anon wrote: > Markus Reichelt wrote: =20 > > I guess you really need experience with it :-) How hard can it be?=20 > I am not stupid by any means or measure, and it can be difficult > *for a person who does not have all* the necessary information.=20 > *Any process can be difficult to understand with important > information missing. I think it is important to realize we all > start from the beginning, without any prior knowldge on any subject > of study, including encrypted filesystems. Nobody is born with how > to use loop-AES, or Linux, or even how to tie their shoes, encoded > into their genes. I stick with what I wrote. Sooner or later you _will_ need the experience, like we all do. What I meant, in detail, is that it's not done with setup, one needs to know about possible "emergency situations" as well. What do you do if something goes wrong? Filesystem needs checkup / won't mount? Things like that need to be tested, better sooner than later. To cope with such a situation one needs to understand the whole process first. Asking a mailing list is not always possible; at the very least it delays system operations. So, better have some experience / documented it yourself (e.g. have written some usable [understandable] scripts). > I did carefully RTFM several times, I did very carefully consider > all the examples in loop-AES.README, and I do understand how to use > the "regular" loop device. Still, I never used a *stack* of loop > devices, and I still do not seem to understand how to stack the > loops in the context of using two encrypted loops under loop-AES.=20 > I invite you to fill in all the details if you can. I myself try to play with such things first, get them to work on my own. If it doesn't work, there's always the mailing list ('s archives). What I said doesn't contradict what you wrote, it's just a different approach. Don't feel insulted, I surely didn't mean it. After all, experience never hurts; one never can know too much :-) --=20 left blank, right bald --LyciRD1jyfeSSjG0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFDkNHtLMyTO8Kj/uQRAvDWAJ9rYARPZKbXNEcB9/udvVLU86V1ZACeLiow /aqG8YkeFyRU/8RsHsiimgE= =uT0f -----END PGP SIGNATURE----- --LyciRD1jyfeSSjG0-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Dec 03 19:48:49 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EicRD-0004GO-Tr; Sat, 03 Dec 2005 19:48:47 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 03 Dec 2005 19:47:58 +0100 (CET) Received: from www1.hagenhosting.com ([63.97.115.201]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1EicQF-0004Fi-BB for linux-crypto@nl.linux.org; Sat, 03 Dec 2005 19:47:47 +0100 Received: (qmail 25667 invoked by uid 89); 3 Dec 2005 18:47:37 -0000 Date: 3 Dec 2005 18:47:37 -0000 Message-ID: <20051203184737.25666.qmail@www1.hagenhosting.com> From: "Anon" To: Matthias Schniedermeyer CC: linux-crypto@nl.linux.org Subject: Re: loop-AES with ReiserFS for file-backed loop? X-Mailer: NeoMail 2.00 X-IPAddress: 66.77.214.92 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: loop-aes@tarottoni.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto > Anon wrote: > > Markus Reichelt wrote: > > > >>I guess you really need experience with it :-) How hard can it be? > > > > I am not stupid by any means or measure, and it can be difficult for a person who does not have > > *all* the necessary information. Any process can be difficult to understand with important > > information missing. I think it is important to realize we all start from the beginning, without > > any prior knowldge on any subject of study, including encrypted filesystems. Nobody is born with > > how to use loop-AES, or Linux, or even how to tie their shoes, encoded into their genes. > > > > I did carefully RTFM several times, I did very carefully consider all the examples in > > loop-AES.README, and I do understand how to use the "regular" loop device. Still, I never used a > > *stack* of loop devices, and I still do not seem to understand how to stack the loops in the > > context of using two encrypted loops under loop-AES. I invite you to fill in all the details if > > you can. > > losetup -e AES128 -K /root/secret1.gpg /dev/loop0 /dev/hda666 > losetup -e AES128 -K /root/secret2.gpg /dev/loop1 /dev/loop0 > > mount /dev/loop1 /mnt THANK YOU VERY MUCH!!! :) This is what I need, and something I can understand! :) Now I can get that "experience" I need. ;) THANK YOU!, Anon - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Dec 10 13:22:55 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1El3ka-0003Q7-Rm; Sat, 10 Dec 2005 13:22:52 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 10 Dec 2005 13:21:54 +0100 (CET) Received: from mail.gmx.de ([213.165.64.21] helo=mail.gmx.net) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1El3jS-00034I-QK for linux-crypto@nl.linux.org; Sat, 10 Dec 2005 13:21:42 +0100 Received: (qmail 2853 invoked by uid 0); 10 Dec 2005 12:19:51 -0000 Received: from 84.175.79.247 by www42.gmx.net with HTTP; Sat, 10 Dec 2005 13:19:51 +0100 (MET) Date: Sat, 10 Dec 2005 13:19:51 +0100 (MET) From: Peter_22@gmx.de To: linux-crypto@nl.linux.org MIME-Version: 1.0 References: <20051203184737.25666.qmail@www1.hagenhosting.com> Subject: Bootable USB-Hardware for root encryption X-Priority: 3 (Normal) X-Authenticated: #5663700 Message-ID: <27396.1134217191@www42.gmx.net> X-Mailer: WWW-Mail 1.6 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Received-SPF: X-Spam-Status: No, score=-1.0 required=5.0 tests=AWL,BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi! For those interested in encrypting root / entire harddisk: Sandisk TransFlash Cards (thumbnailsize) in combination with a generic USB SD-cardreader are bootable. The cardreader I used for testing looks like an USB memory-stick and has only one slot for SD cards. So the 32MB TransFlash needs its SD adapter card. As a whole, this combo boots like from USB memory stick. You just have to keep the tiny Transflash card in your pocket to keep thieves off your data. Moreover, data on Transflash cards can safely be erased with a lighter. Quick & entirely. SanDisk´s Transflash site: http://sandisk.com/Products/Catalog(1117)-SanDisk_microSDTransFlash_Cards.aspx Regards, Peter -- Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko! Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Dec 10 23:33:39 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ElDHc-0005gB-UL; Sat, 10 Dec 2005 23:33:36 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 10 Dec 2005 23:33:07 +0100 (CET) Received: from mail.gmx.net ([213.165.64.21]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1ElDGy-0005I9-6H for linux-crypto@nl.linux.org; Sat, 10 Dec 2005 23:32:56 +0100 Received: (qmail invoked by alias); 10 Dec 2005 22:31:05 -0000 Received: from dslb-084-063-035-095.pools.arcor-ip.net (EHLO localhost) [84.63.35.95] by mail.gmx.net (mp030) with SMTP; 10 Dec 2005 23:31:05 +0100 X-Authenticated: #4240698 From: Jan Luehr To: linux-crypto@nl.linux.org Subject: Re: [OT] Interference by multiple encryption. Date: Sat, 10 Dec 2005 23:31:03 +0100 User-Agent: KMail/1.7.2 References: <20051117090405.8347.qmail@web54009.mail.yahoo.com> <20051120200542.GA5718@dantooine> <4380E3EC.8060103@g-house.de> In-Reply-To: <4380E3EC.8060103@g-house.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200512102331.04220.jluehr@gmx.net> X-Y-GMX-Trusted: 0 Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jluehr@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello, Am Sonntag, 20. November 2005 22:00 schrieb Christian Kujau: > markus reichelt schrieb: > > i faintly remember that one of these two algos, twofish or blowfish, > > is not to be used for large amounts of data, like 200 GB or so. i > > don't recall the speficics, only remember that there was some kind of > > catch to it. any info on this would be greatly appreciated. > > i think it was a general issue with block-ciphers, as detailed here: > > http://www.cryptolabs.org/aes/WeisLucksAESattacksDS1202.html Thus is there / will there be a loop-twofish for Linux / Unix? Keep smiling yanosz - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Dec 11 02:35:10 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ElG7H-0001lq-U1; Sun, 11 Dec 2005 02:35:07 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 11 Dec 2005 02:34:41 +0100 (CET) Received: from revere.aoc.nrao.edu ([146.88.1.15]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ElG6U-0001ex-G1 for linux-crypto@nl.linux.org; Sun, 11 Dec 2005 02:34:18 +0100 Received: from cly.aoc.nrao.edu (cly.aoc.nrao.edu [146.88.3.188]) by revere.aoc.nrao.edu (8.13.1/8.13.1/cv-ws-8.12) with ESMTP id jBB1Y8e5011227; Sat, 10 Dec 2005 18:34:08 -0700 Received: from [10.0.1.3] (dsl-209-155-89-94.sdc.org [209.155.89.94]) (authenticated bits=0) by cly.aoc.nrao.edu (8.13.1/8.13.1) with ESMTP id jBB1Y4NE016016 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Sat, 10 Dec 2005 18:34:07 -0700 In-Reply-To: <200512102331.04220.jluehr@gmx.net> References: <20051117090405.8347.qmail@web54009.mail.yahoo.com> <20051120200542.GA5718@dantooine> <4380E3EC.8060103@g-house.de> <200512102331.04220.jluehr@gmx.net> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-30--808652444; protocol="application/pkcs7-signature" Message-Id: Cc: linux-crypto@nl.linux.org From: Boyd Waters Subject: Re: [OT] Interference by multiple encryption. Date: Sat, 10 Dec 2005 18:34:13 -0700 To: Jan Luehr X-Mailer: Apple Mail (2.746.2) X-MailScanner-Information: Please contact postmaster@aoc.nrao.edu for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-101.44, required 5, autolearn=disabled, ALL_TRUSTED -1.44, USER_IN_WHITELIST -100.00) X-MailScanner-From: bwaters@nrao.edu Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bwaters@nrao.edu Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --Apple-Mail-30--808652444 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On Dec 10, 2005, at 3:31 PM, Jan Luehr wrote: > Hello, > > Am Sonntag, 20. November 2005 22:00 schrieb Christian Kujau: >> markus reichelt schrieb: >>> i faintly remember that one of these two algos, twofish or blowfish, >>> is not to be used for large amounts of data, like 200 GB or so. i >>> don't recall the speficics, only remember that there was some >>> kind of >>> catch to it. any info on this would be greatly appreciated. >> >> i think it was a general issue with block-ciphers, as detailed here: >> >> http://www.cryptolabs.org/aes/WeisLucksAESattacksDS1202.html > > Thus is there / will there be a loop-twofish for Linux / Unix? I used a loop-twofish for a long time. The concern about encrypting hundreds of gigabytes WITH THE SAME KEY is real. Right now, loop-aes can use up to 65 keys on the data. The largest disks I own are 400 GB, which should have about the same risk -- when they are completely full -- of encrypting 6 GB of data with the same key. I am not much concerned. What is far more difficult is getting the overall crypto-system implementation correct. That is where the debates occur. I choose to use loop-aes these days. ~ boyd Boyd Waters Socorro, New Mexico --Apple-Mail-30--808652444 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGFDCCAs0w ggI2oAMCAQICAw/xvTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIElzc3VpbmcgQ0EwHhcNMDUxMTI5MjI1NjIwWhcNMDYxMTI5MjI1NjIwWjBCMR8wHQYDVQQD ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhBid2F0ZXJzQG5yYW8uZWR1 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLzyMs7hT0kZ4/7b8/DuVwJqBN3Vqbzb 5A7EiBHEbkzIg74ybHh+yLJkO0pXduDSUg/siFpOv9S639A//akORNiLoKGCxCObpppms2wNg1OV SRA8bwWJkkkZTHo9+JLkoxpKxcvT/kZlGY8WAXkwyVcvY2DHlIUBUjNFhY73RZIr4jeKzztrAQWX T/7wQVxagKESj+IYb625xQN+k0yCx+HoIi741vXZ09woEnpHXKG2zXE6NWprPVEw6FzaN8QFzp4F uZY1MsDoBg6QvkLpPDlVt4Hms69i8PGP2nlO/+9TzLd2qMZwgD2tF8i5t/lP0VZfcWiG0fluBcid 02D5eQIDAQABoy0wKzAbBgNVHREEFDASgRBid2F0ZXJzQG5yYW8uZWR1MAwGA1UdEwEB/wQCMAAw DQYJKoZIhvcNAQEEBQADgYEAJvBHtNrGWESYoZIYgKMvQOCNwYj8YpeK81CzZZ8E3jreQLXg/4sr q3qfBFTv4WPh0pqy3t92uMpNCq58Yqp5G6t7fVhNpS5YA9VPXAZHBkjaH29qcXimBBgkmx4XP6c/ 62lzXT80fHo0bizNEyqpKeN/nn7hL2jLC2r06phkjFgwggM/MIICqKADAgECAgENMA0GCSqGSIb3 DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlD YXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0 aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg Q0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3 MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENv bnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f 6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYk KhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGj gZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRo YXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0R BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM 0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZ Nd4ksdMdRv9dX2VPMYIC5zCCAuMCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls IElzc3VpbmcgQ0ECAw/xvTAJBgUrDgMCGgUAoIIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0wNTEyMTEwMTM0MTRaMCMGCSqGSIb3DQEJBDEWBBSIR0KsJCYVJ4er /0I4Vq8+c6/k3zB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3 dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQQIDD/G9MHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw/xvTANBgkqhkiG9w0BAQEFAASCAQCiSf2YdBlBRy2T B/rt48ACH5g+64xMWAVO8idmRpVJu6nt/Qw/jmMNDYI9Pt5lltp3XuNAs46TSOOD6kFl0ckNL+4c z9z5z6LBqUBL42Opl3P5fbgvpv2OaCUBQ6Qu0bXjoKTDvEglQYQrE+YsA775Y3xEgfnWDUqpgkaK z9fKWNgqmhQLTAFNNt9EGLlWojXZtIQRR3hxhlPlOPH9rLilS76igJHAgTk6ETkBbtCOXhXPRgUM 5XAnbhhQrcKZ6LSkys4swTWAJP1DNOerafy5Nh6gJKaCJmKt+qA922Gk5CuBt3yNZ4OX6XEk8SB/ c2B9SAzQcEQHPQFWWblRphOEAAAAAAAA --Apple-Mail-30--808652444-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Dec 11 12:03:32 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ElOzI-0004u8-50; Sun, 11 Dec 2005 12:03:28 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 11 Dec 2005 12:03:00 +0100 (CET) Received: from mail.gmx.de ([213.165.64.21] helo=mail.gmx.net) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1ElOyV-0004Vo-C9 for linux-crypto@nl.linux.org; Sun, 11 Dec 2005 12:02:39 +0100 Received: (qmail invoked by alias); 11 Dec 2005 11:00:44 -0000 Received: from dslb-084-063-035-095.pools.arcor-ip.net (EHLO localhost) [84.63.35.95] by mail.gmx.net (mp022) with SMTP; 11 Dec 2005 12:00:44 +0100 X-Authenticated: #4240698 From: Jan Luehr To: linux-crypto@nl.linux.org Subject: Re: [OT] Interference by multiple encryption. Date: Sun, 11 Dec 2005 12:00:43 +0100 User-Agent: KMail/1.7.2 References: <20051117090405.8347.qmail@web54009.mail.yahoo.com> <200512102331.04220.jluehr@gmx.net> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200512111200.44281.jluehr@gmx.net> X-Y-GMX-Trusted: 0 Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jluehr@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello, Am Sonntag, 11. Dezember 2005 02:34 schrieb Boyd Waters: > On Dec 10, 2005, at 3:31 PM, Jan Luehr wrote: > > Am Sonntag, 20. November 2005 22:00 schrieb Christian Kujau: > >> markus reichelt schrieb: > >>> i faintly remember that one of these two algos, twofish or blowfish, > >>> is not to be used for large amounts of data, like 200 GB or so. i > >>> don't recall the speficics, only remember that there was some > >>> kind of [..] > > Thus is there / will there be a loop-twofish for Linux / Unix? > > I used a loop-twofish for a long time. > > The concern about encrypting hundreds of gigabytes WITH THE SAME KEY > is real. > > Right now, loop-aes can use up to 65 keys on the data. The largest > disks I own are 400 GB, which should have about the same risk -- when > they are completely full -- of encrypting 6 GB of data with the same > key. But is there some loop-aes like implemenation using twofish (with multiple key support, nice userland-tools, and so on)? Keep smiling yanosz - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Dec 11 12:32:02 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ElPQu-0000nn-GZ; Sun, 11 Dec 2005 12:32:00 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 11 Dec 2005 12:31:50 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ElPQZ-0000Xz-Rh for linux-crypto@nl.linux.org; Sun, 11 Dec 2005 12:31:39 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 6D30535597C; Sun, 11 Dec 2005 13:31:26 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20388-03; Sun, 11 Dec 2005 13:31:25 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 5F7233558D7; Sun, 11 Dec 2005 13:31:25 +0200 (EET) Received: from users.sourceforge.net (localhost [127.0.0.1]) by a64.adsl.tnnet.fi (Postfix) with ESMTP id A8CFD67AE8; Sun, 11 Dec 2005 13:31:24 +0200 (EET) Message-ID: <439C0E0C.49421F8C@users.sourceforge.net> Date: Sun, 11 Dec 2005 13:31:24 +0200 From: Jari Ruusu To: Jan Luehr Cc: linux-crypto@nl.linux.org Subject: Re: [OT] Interference by multiple encryption. References: <20051117090405.8347.qmail@web54009.mail.yahoo.com> <200512102331.04220.jluehr@gmx.net> <200512111200.44281.jluehr@gmx.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jan Luehr wrote: > But is there some loop-aes like implemenation using twofish (with multiple key > support, nice userland-tools, and so on)? http://loop-aes.sourceforge.net/ciphers.README http://loop-aes.sourceforge.net/ciphers-latest.tar.bz2 http://loop-aes.sourceforge.net/ciphers-latest.tar.bz2.sign -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Dec 11 12:57:24 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1ElPpS-0006WU-P4; Sun, 11 Dec 2005 12:57:22 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 11 Dec 2005 12:57:11 +0100 (CET) Received: from mail.gmx.de ([213.165.64.21] helo=mail.gmx.net) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1ElPp7-0006R5-Qe for linux-crypto@nl.linux.org; Sun, 11 Dec 2005 12:57:01 +0100 Received: (qmail invoked by alias); 11 Dec 2005 11:54:51 -0000 Received: from dslb-084-063-035-095.pools.arcor-ip.net (EHLO localhost) [84.63.35.95] by mail.gmx.net (mp022) with SMTP; 11 Dec 2005 12:54:51 +0100 X-Authenticated: #4240698 From: Jan Luehr To: linux-crypto@nl.linux.org Subject: Re: [OT] Interference by multiple encryption. Date: Sun, 11 Dec 2005 12:54:51 +0100 User-Agent: KMail/1.7.2 References: <20051117090405.8347.qmail@web54009.mail.yahoo.com> <200512111200.44281.jluehr@gmx.net> <439C0E0C.49421F8C@users.sourceforge.net> In-Reply-To: <439C0E0C.49421F8C@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200512111254.51526.jluehr@gmx.net> X-Y-GMX-Trusted: 0 Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jluehr@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello, > Jan Luehr wrote: > > But is there some loop-aes like implemenation using twofish (with > > multiple key support, nice userland-tools, and so on)? > > http://loop-aes.sourceforge.net/ciphers.README > http://loop-aes.sourceforge.net/ciphers-latest.tar.bz2 > http://loop-aes.sourceforge.net/ciphers-latest.tar.bz2.sign oops, just some simple rtfm - sorry about that. Perhaps, it is unlikely, that loop-aes contains other ciphers than aes - however, shame on me and big thanks to you for writing great programs. Keep smiling yanosz Am Sonntag, 11. Dezember 2005 12:31 schrieb Jari Ruusu: - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Dec 18 14:14:51 2005 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1EnyFq-0005Lw-PC; Sun, 18 Dec 2005 14:07:10 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 18 Dec 2005 14:06:30 +0100 (CET) Received: from ns2015.ovh.net ([213.186.34.148]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1EnyDX-0001fJ-Hp for linux-crypto@nl.linux.org; Sun, 18 Dec 2005 14:04:47 +0100 Received: (qmail 31325 invoked by uid 503); 18 Dec 2005 12:43:33 -0000 Received: from unknown (HELO ?192.168.0.40?) (82.225.193.31) by ns2015.ovh.net with SMTP; 18 Dec 2005 12:43:33 -0000 Message-ID: <43A55E67.6080804@idrinatep.com> Date: Sun, 18 Dec 2005 14:04:39 +0100 From: idrina TEP User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051017) X-Accept-Language: fr, en MIME-Version: 1.0 To: idrina TEP Subject: Pourquoi devient-on vivant ? Content-Type: multipart/alternative; boundary="------------050607060403040007070001" Received-SPF: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,HTML_50_60, HTML_MESSAGE,HTML_TITLE_EMPTY autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: contact@idrinatep.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto This is a multi-part message in MIME format. --------------050607060403040007070001 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Combats dans l'invisible - L'arrachement www.idrinatep.com Pourquoi devient-on vivant ? Pourquoi disparaît-on ? A quoi tout cela sert-il ? Les événements de notre vie ne sont-ils pas que la partie visible d'un gigantesque iceberg ? Qu'y a-t-il derrière tout cela ? Vient un jour où la Réponse aux "Pourquoi" et aux "Comment" des choses devient si importante pour l'être que son attention se détourne de l'extérieur pour se reporter sur une réflexion méditative. Le cycle "Combats dans l'invisible" retrace l'aventure intérieure d'un être ordinaire qui a enfin compris qu'il doit être, pour lui-même, un merveilleux sujet d'étude. Il rentre alors dans son royaume intérieur pour en prendre peu à peu possession, entreprenant ainsi une épopée privée, secrète, cachée, qui le conduira au-delà de tout ce qu'il pensait possible. Il devient, pour lui-même, un Roi Nomade, puis un Roi Couronné, enfin une sphère radiante. Ce cheminement, présenté sous la forme d'un conte, est particulièrement vivant et accessible : le lecteur progresse, en compagnie du héros, jusqu'au centre de son propre être, là où se trouvent toutes les réponses à ses questions. Le Roi Nomade : Tome I - L'arrachement Cliquez ici pour lire des extraits du Tome I Tome II - Les bûchers du sacrifice (à paraître) Cliquez ici pour lire des extraits du Tome II Tome III - La bénédiction de la Sagesse (à paraître) Cliquez ici pour lire des extraits du Tome III *Vous pouvez commander ces ouvrages en 48H chrono sur le site www.idrinatep.com * Bien à vous, idrina TEP Editions Source RH --------------050607060403040007070001 Content-Type: multipart/related; boundary="------------020509090907060609050406" --------------020509090907060609050406 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
Combats dans l'invisible - L'arrachement
Pourquoi devient-on vivant ?
Pourquoi disparaît-on ?
A quoi tout cela sert-il ?
Les événements de notre vie ne sont-ils pas que la partie visible d'un gigantesque iceberg ?
Qu'y a-t-il derrière tout cela ?

Vient un jour où la Réponse aux "Pourquoi" et aux "Comment" des choses devient si importante pour l'être que son attention se détourne de l'extérieur pour se reporter sur une réflexion méditative.

Le cycle "Combats dans l'invisible" retrace l'aventure intérieure d'un être ordinaire qui a enfin compris qu'il doit être, pour lui-même, un merveilleux sujet d'étude.

Il rentre alors dans son royaume intérieur pour en prendre peu à peu possession, entreprenant ainsi une épopée privée, secrète, cachée, qui le conduira au-delà de tout ce qu'il pensait possible.

Il devient, pour lui-même, un Roi Nomade, puis un Roi Couronné, enfin une sphère radiante.

Ce cheminement, présenté sous la forme d'un conte, est particulièrement vivant et accessible : le lecteur progresse, en compagnie du héros, jusqu'au centre de son propre être, là où se trouvent toutes les réponses à ses questions.

Le Roi Nomade :
Tome I - L'arrachement
Cliquez ici pour lire des extraits du Tome I

Tome II - Les bûchers du sacrifice (à paraître)
Cliquez ici pour lire des extraits du Tome II

Tome III - La bénédiction de la Sagesse (à paraître)
Cliquez ici pour lire des extraits du Tome III

Vous pouvez commander ces ouvrages en 48H chrono sur le site www.idrinatep.com

Bien à vous,
idrina TEP
Editions Source RH

--------------020509090907060609050406 Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: R0lGODlhVAB4APcAAMR2W9KmmcouGXYmGaNJOZg1JokcDaolErUoFsR8Ya0nFNAxG+hCKNk0 HKtWRWsVCOpNNuE2HsEsGIIpHIobEZItHulJLetTOZAeD9R4W6s0I+bRy5oiEMY7KM4wGsSK fLVcQrVXOteDZuQ4H1IXEIQbDcZVN5YhEL4rGIwrHuhAJ9UyHJQgD6clEnEXCbMjE7c4JHYY CrpkSaoND7wqF8yajdayqcpqTLRjUpwjEYIaDMMsGaBDMrt5a6MkEug6Id41HXgYCsGDdI4f DtRAK9w0HNJnSLgqFroqF6U3H4YcDLAoFLpGKr9yV9Ssod48JpUfEr5sUX8aDKtSPq1FKn4a DMiBZ5IfD7IoFaIkEqAkErp1ZM6ilmgaEHoZDKwmE9QyG72BdMiRhOM2Hn0ZDJghEM6LcdeU e8WNgLwjFKIkEehAJs2eketYPOg6INibg58jEbZqWelMLYwdDccuGcZML8swGrI0HIgbDZYd Dp8iEsBPMpYuIJgfEJImGty7suBDLclfQZ0dD9IxHI0gFbdvYIscDeY4H8EoFpkqG3waDOg8 JbVyYdczHIsdEbMoFug7JMqWiulFKn8zJ2ckGp4xIKQwHL8yHaMiEcIlFJUhFLAvHJw9Lqxi U50jEccsGZofD4wlGc9wU7lsWY0aD7JmVpwlE8CGeo8gEeCYfcQqF7BOMpQUDJcnGocaDJIh FZchFIMVENgyG6QfEMiViKIqF8kqF44ZC5UkF5YmE6shEZklFKAfELMfEZwgEIEbDMeNfowv IKMdEI4cEMMrGLsoFrcmFIMZDJ4sGKVOPpkhEHMcD6clE0MUD+g+JulEKeg/JulIK+g/J4AZ DOlHKuc3IOg5IH8ZDOg5H+g8JsYuGsUuGY8eDpghE5gjE40eDoQYD4sbDNQ3IN/EvbBfTMgj FKstG8mIcOxmTKUlE+CljK1dTLFfT+g3H9AvGp0nFLFoWIg3LLMrF6AmFL9+b8xZOso3IMY0 HsiZjOKdg8UtGZAaCpEZE8B6aN4zG34bDSH5BAAAAAAALAAAAABUAHgAAAj/AOMNmECwoMGD CBMqXMjQ4MAJAwdInEixosRJE2Jo3BgjiMcgXkKKHOmFjMmTJq+pXFmlCsqTJEV+5KjRRQwX OHE+2MmzJ8+BND/GFPkSZcujSJO2LGoy5kyONnPm9OkTqEahIEkyVZpUitevXJG+dBqEplSd VHda9Ti05EuuX6WonEZXB927ePF6PYqSZFmzZ9MOZOslK1Eyikwq9TqXLlgpOhTpkFJFh2XL ikJWiSHFC1i+TWX+3Ri46gTCI40i/XrN8VfLv6R0+beMRIkus/91dtWlGYnfJHwfo3tt79LQ hUffLK12Qsy3Rxm79qrj16/LJYD7Bk6i97JbJJY1/+sCvITlr9OKgxYNVepP54dPRpfb+qv1 65cvuwreu/v44OPtE95/JOhgXn6TSeHYcWSE5FF7aA0UHxnzKTgNZNVZh2AJHHK4DHldLPOh iOQtg8cy/4D4jysdcojgZBdS5pIXmT1Y01QSukXhfPVBpmF+LbaIBx7hDGlAkUQWWQIeSoTj pBJQKhHkgZd5deFS7N3owkCqVSGdV/cBOWWUZJZp5plmBpmfgjI26CBpW06g2HwxZohdkGhC acCefPbp559otljllTMmVxNBc35pp2V4ovnno5BGmqaL5xHq5l8E8Ugdfox26GikfM4h6qik liopmR1WSlloMRCkg5dsLv9qoKdmglrqrbjmOsejUaZq2ZVuZmolhjocY+wxs0aJhyuuKGGA kU7uOaohhug66jdzfINtrtXuyueQvVKp4FITpCBXjNaBA46B6ioBzjEGgGMABeBQ4Igr9lKQ LylDDEPBMPwCjAopwwwxBwYEozLMMAovTIrCpHAzBCmkOFJxvva6sqe6lMpVBUGxWldCMqd0 wkkYPQTjQDKEdEIAPELwQMg6yXTygRAO0EPOMJwIIQQBGPBQCi4r8zEFAR9McQsBPLRCjgNT kOPHFDgUwAcODvAgBM0E0LMFJw6EUkEPYRRwTMcppICuDuDwwEUyBODTSQ9ocOEEJxuEwcUp +BT/8Ac+BDhRCC1ocDIMOWysEwAPPWzAiRh/JPMBF/1wws8WoxSwBTCnbODAKQHEsQ4XYtRw Ss8fBIDPKTVUwIMNnfARrg5pg2lXLIwwEgsn+ExQABdc2HCKE8Pb8EEnTjjBAxoEEBD6Kzic wo/XbNhQiBBOsPFBKQGQA0U/hUDBhxhoBOBEJIXUIEb6OHBRygdo/GEDPVzwwcM4QhSgca+1 azicA1yIByecQIDR0eID46AbG0rhBHyUrxDM40MybFAAdqDBbfRwQurQwI4/3G0dTmhFP+hR iUQAAxhboMcGAkdANvDAATaIBBpq0IMAcIEHUwgAASpgCD5BKW0/KsEv/0KxBXzAwwGEe1ky GEGAUpyCFvAohP1KUTUHRGILsCAAG4CxjnVMoRVbaAInptCPONQAB1AAAeUqgQOsVQIYlRjF KOKIgxqMAgfsqAEwHAAMMZRCDMDgASlExacKpAA/QUpBKEoQilA44pGOIAQh/OAHQqACFRh4 hSZzkYhXsEATiWgFFE4wSk3gwhuwAGUiuuENbyQiEbtgJSuhsAtYsBIWrUhEKnERSlOGshWt eAUqhrAtAxiyUyWIkiuGRKQ9UYtU3IgmBqZ5hWpegQUsuCY2WXACFvThBKQsQxlOIM5ymvOc 4wQnKb3ZTWxa8woYiOY3uHFMWkWpT9fS1hCGwP8NalZzmwBVp0DLqQwOGPSgCE2oQpUhToG2 053wHAIfUpAsMuFTVPrk5zQx8E6ActOh4lQoQnNA0pKSlAMmFSlD0/nQbF5hohwq00Wz9Y19 9pOj1vRoH/IwSnL2QRlA5QAoDJoDlJrUE0gVBFKXylRPmLSoB2WoOrcJ02TeM1QYrelNcXrN XGAzD1c4gTeSsIud9gEZpkgrKN4hVJT64q2eeCscBJGEefhCD3DIq17h0FSnQvWgLK1ECqyq J6zSlJ83/Sc2m5CLfVRiF6wAQQIAcIIk9GEVlUhCAJARBV8k4R1aSEItLKEH0dLVCrVIghbg oIXWuta1el1qSQF7AsH/WtSw+kysYrGZABZQ4RwJYAU5JgsCAERBBklIgjqacNwERAEA5zCD GaggAytI9gwgMAMABKGG7no3C+DNwmvzKluoCpZJhZXWYXWrzW0mAApNSAAI8iADACQgAZUA gBWSQIXn1uAclkjAdKMQggQ0QbpJAIB2QYAJHzj4wRD2gRrCC1u+OrUSFbiqenPrz/Z+tQlN CEETVsGKVSQhBAUGQQiSGwJLAGAV1gUBFUKwivqG2AovTgAVZpGOHvvYxz7o8YO/21q+JiHD 6b2WTbkaUHDmgQN5KMMuhAoKUOTBE4K4qx544QtBCMIHwhAGJmaBCWEwYxZmRvMBvsCMFrj5 /81tjjMzmPFjB3dXvBpAMm6XnNNtqlOcBeWAMki6VD1owdDhVYMPGvzjNr/50QeItKQnfYBH z3nO6XhwFvLsLKxyGKdNJudIObDUvCI6C4p2cKbTMedHt4DSsI41rOHMDB9w2tPz1G2oTxBV lJba0FoAb6pX7WpZf+HYyP6CApatgGQnm9JuvvWGEQtqP4OzDActag6QytrWClvVPW71q9dM 7mQz+9zoTve5jy3pPONao7v9qKgR+utgo/rB4X4zpZGt7iX4+98AD/i/0X0AGFTA0xqttryx TVRSc/vU+Ga1viXNb3QL/N9YyLjGN46FiyvA4BvWqsI/ynCUOtwTh/8O9rB94OhxR7riy764 xh9B85rb/OY01/gSPn5wJQ+BmqHO9snhAHEfi5vixz53wGdecwQ4/elQjzrUaw7yrMK7vX+m N7e9rWiju3nSSY/50m0udacf4exoT/vZpV71bCXcw9fOdqm5HmQfQPrlyhY7xskedbX7HQmA R4Lfz25wq/dzt3En6rY9QXSVB1niLl+z0jGOBZr3/e+Bp4HmN895zQf+CB2oQFYTa+15E5rx iO465JE++SVk3PJQV3vmO695FNj+9iigfegxenVrM7yoD7f34x3Ner2//hGxTzvgO4/75jsf 9zTYvT6Bjs2sG5Xx3s6Cqon/hTXnHeCVR37/8o+wfM4/HwUSSL/6189+6c9T4Yn3Nfa1kGqW fx3vel/CC14gfrOfvfy113zsl347UIAGeIAGKH3wVnq/F3z3xmptRnHMhnEvwARMYAz+R35I YH64x34IuAP6EIIiOIIhqIDUR3KKN3/gtX3MIIHGhwUvcAZv4H8ASAMdqH4HSILasIN00IM+ 6IMCEHoS83McVX2Jt3is9YCr533GR3PGsAd7YAz/hwTFEIC2t34GOILa8IMC0IVe+IVdSAQV IHKKdYTb1ngPSHxMqAB7J37793+bd4MEWIAiuIU9CIZdaAd6uId7KIYSc3i+R1Rbt4I99nUV R3n9N4VxeIU4CILb/6AN+nCHX8iHHlCJlniJHkAEfECGRshrgoiG2zduuqALa9aGT2cMxgB4 VWiDjCgBxEAMqqAPnxCJdDCJeoiJlbgAuriLC5CJm/hzZWh6g9h1rXYAugADe3AHezCKvfAC vYAAxuCMdWACvZAGxZAG2IgImYAI2ogI2tABnyCJeWgHmMiLujgI6JiOg6CJNVWERtiAKBds j3d/s8AEAHAHTHADgXADNyAKe5ABdSAKN5AKN1AHIhAIGSACIlAHGWAEoiACRpAP9/AJ40iO lsiL6QgGGgkGK9CRHcmOgGiEctdt2gd53acL9jgDMGAFZpABJiAKgXAGZwCFoiAK6qCQRv/Q kKmQCglpBCIgCuUgALd4kbuIjhvpkR7ZCErZCIDABwsokvKXhKp2fwpwjGZgAkwgAvrIBC+Z AQgZCCZQDzlZD2RpAmNpBHWQk/YgAJeIkYPAkUm5lErZAHTJlE4ZkkeogkHGfXmnAPLwBTD4 AtCYimmwgcWACGlwCaqACKqgCkFpB7YQme7Qi7l4jm8JlyuwlHS5mXRZBJ7ZlIenTXmZhMQ4 bn3pb7CHdhvIiuhHDHRIi11YiRZZlJcZl5zZAJ6Zm0Cwm6CJl6KGhPIYZPf3fa6XiORnhXO4 DbAplBbpAUWpkR2pmZuZm0Wwm9bJm3wQkh8liJ5gaKX5chOYcU//B4esOYchWIvjWJkLUJuZ 2QicqZvXCQQRMJ9jMAag6Y7c1ICkuZemKXaVR4PIKQGvKYnNaZlwOZfTWZ3XOZ/0WZ8jMAKS kJ34KYx5VZLc559YMJ7HyYo4eJ5eWKDr+ZbR6Z6d6ZnWyaD1OQYPOgKHUA3VEKG+2YB4ZaEt KHlsWJwAyqEEKIsESpS1iaC4qaC7iaIr2qIuig3WYA0WIKGiOW9I5W38CZ5s+J9mt5o6CoLh +KHqKaLtWaILSp9FWg1Jag0/UKaQsKQxalBPSn/C+WrESaXkyYgDmoc+eqAJeqJgyqItiqRu UKY/AAmAuqTA+I6+JpUQKKWoKX4aWJ50/7iFdFqZXEqiQYqnKvqgh2ANSOqngAqoi5ANEOCU 7hh3ZyiPh2qjOIoAcYp+AuqhQlmn0emlJ+qgLJqkfWqmm7oIi+AMzvCpg4qCo1qSw7lzpwqH tyegIOioQ3mOHAmkQpqne2oNtXqruKqrusqr3NCk2ParUUqcirqhcsqqs7medjqpQxoBldqi 0GqrnEqt7GqtTfqJpOpmYTesx/mtjtqqzimuywqr8nmuYhqtnJqr7Eqt0PCp0kSoo9p1/elv cLqa3xqJzFmZ0Emi8GmulvqvfyqtziCwBAsNBbuJ/YSw2Kdow3mj/xmnOwqx+KqsHTmdsXqx ZJqxkDCtA+sMHv/rsdIAARVwsL46shIXaWLXrRtor7UYrlzqskNaqdWQqTLLsex6s9IQtSqg s+93TaLanfT3swcQcw0bgMaqsrMZqZ35siyKDQA7szV7s9AQtdKgAlO7s4B4taylBj8bnoo6 tFcIghB7iyxLsQpqsSOwtDEbsJ36tDjLtm77tnPQq7+JtdoXgVvLsMhHrOhHh+gZtvs6tvIZ AZZqtrbqtLoKtW2buIlLtdEkmtnqs202rydbr5XroUabuX9rsej6ubqaDR27tlJLugyguPOE umqKaOlgiCZbpbWXskWbi0dLrrQrprbrtIcbtWuQuAxQvQygs9kSsvlZqFkbgcqGmsb/+62X m6+D0LKa27zpuq4DG72kqwLWW73Y245W64mq66Yxd7c6CrvKC5fny7mB67nqm7u7S73vC7+i J7/Vp6Zz+7PfuwT4m7f6oA2Pup7ma6L9WrZkSriGO8BuW8DWq7MGkL3AmwNza3+SB76oirer KsGtqouym7Qs6ry3usEc7L7u68Eg7HYYUH2pK4/ee6OKeryrmrzOKaLuacEW67wZC7q62743 7MHVewE9h8CNG68n7MDhu6NETMEUC8Mt2qcBHLpsCw3U+8RQLMXOIipFCE5qasUNPLlHIMQg SKcunJnn+6AyDKjru7btC8UejMYhXFOiqcDgxWpXDMfHe6yx/1nEHHm+KnoI2GCrezy6BOzH 1fsMz3ABKZDGVJytSTi8QAu+Z5fIc8yWjNzFF5zH0NvElWzJmJzJmywtv7ud2+bDQMuGcDy0 Q7zIC/DC81m2krzBfWzJDPDKsJxMgXytCVzLj2u/WDzKNrjL5FjHRwzDqizMvOvKxnzMnba4 a+zJwHrCGYqqiby3+drIuDmkswrGaBu6rNzBZvy+2ywJkqDJv6AnIry9JJy1zjzOcRzNIJi8 4roCY0u7GdzOYkzJ8VzA80zPmmwgnPxzy4xyWWDI3+vP5SzQ5Uui1pzBq6zQxGzM9DzSmjwN VhXCcdvGzRy5J6vLAd3CG53O8jmrZv+aq7hrs9LAxx3sxw1Nz9RwARMwDRCdzFbryVognKX4 zC5tzlws05x7qRlLw9nswSI90tRADdEA1NiRxinNzBaNyykM0Ewd09WZxGAMvQq90Nb7yiMt CVeN1UDtJUOdz6JG0SwnzmH9ugKNzmWtotVw1h0L0jxd1W8dDVktJ3KNzN68zKxld682pWbH ii89zXzdry26xDe9th6701Dc01dt2IetCIndaYKcn17dgkBMzlfI1JX91JGsxwQ7wIONyW39 2YZNDW3gHBQCGYqtvbxGwo97wpPr0hJM2Xbc1zLMsTjbygzN1j6N1aBtAbkNEmTA26StzL+N cnT72K6X16v/2sKtHbgeHdtT3dy0/dygDdq53RFeUAVCrdgSzcYUDcpf0N31+t3TTNYzndzk zdxrfd5uDd2GbQEE3gYDoBGawdt7UtrZfdQt+L2TK9Z0kN92rM5iitA47d+XDOABHt0ELt0H juDVPdcHk8Dzzd0ZSn6rXYtFfNwzPbgCu9ycLc/O3eEeXuADgBPsTQbvncbx7WvBrWwprssQ W4n6zbnV8KfKTcmzbdUCHg0fjuM6zt5y3c1rTGrBZshgHceVW9we8JbVzLnjLcYaXuM2PuAf LgcG/gBTHgQjDt87nN3BDdlcjt/OCQZhPgIeHeO729kAbttoTuByoOYDsBNTXhLW/x3CQ2C1 WF7RLQDhqi0BRd7LBF3WgesGCH2zM/7fz2DV6R3lg07oPKHjIOHeBrLgcY5tKGfR9m2DO2AL sbmeYT4G7UCmNEvGm77hnY7egW4BoS7qo34V7Q0ZXM3oOcDP35vCKFALE7AJdOAOHgAGb4mb YyAOlaABMPAEHaCrsm3eu/7koB7qaz7qNkHlc73oLKDqR83dk4sIFUAJBDEAlpACExAMfDAA GnAPDxEMk4C7m53rfw7ugv7r407uIp7oJf7bcODoyX4EKOAHAwDvlBDxGDYBlGAJ9lAJBRAM HcAH3O7fHC7wAy/uhe4Th04G16AD3WzsDh65yIcE8oAMKPtgDhKwCZewAJdwD5cgDvL5BOIA CU9A5gtd4yL/64Ne8D1x6KZe7NyE5aDMhuSsCjtAke7gDoMgC0XgD/uN6TGO61R93oAe7gRf 8lRB6sOu8iHMUeR07BXt8qo99WxJ6Q3Qr2Ou01/v6Tdu9EdP9mVvE6U+13GO5XYXucou6RP+ 5ZUOBGNwqTObq3bf3HgP5Wmu90jf9wheGYod58rgCQyvACnu6voQ93g+9xHA+IX773fv0zfu 65Q/CRZhEQeRNhVQAXzAB5Vw+xqQ+9gOA7zfAb7v+0QQ/EQACMQvCR8OAcif/Ml/ARBwAc7/ /M7fBhfQBtRf/dbfBugQEAA7 --------------020509090907060609050406-- --------------050607060403040007070001-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/