From linux-crypto-bounce@nl.linux.org Thu Feb 01 13:34:13 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HCb8g-0005IP-L3; Thu, 01 Feb 2007 13:34:06 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 01 Feb 2007 13:33:10 +0100 (CET) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HCb7H-00053H-5m for linux-crypto@nl.linux.org; Thu, 01 Feb 2007 13:32:39 +0100 Received: (qmail 18648 invoked by uid 0); 1 Feb 2007 12:30:45 -0000 Received: from 141.99.254.253 by www031.gmx.net with HTTP; Thu, 01 Feb 2007 13:30:45 +0100 (CET) Cc: linux-crypto@nl.linux.org Content-Type: text/plain; charset="iso-8859-1" Date: Thu, 01 Feb 2007 13:30:45 +0100 From: Peter_22@gmx.de In-Reply-To: <45C0F4DF.C146A6B7@users.sourceforge.net> Message-ID: <20070201123045.266600@gmx.net> MIME-Version: 1.0 References: <45AF397C.8040002@aragon.es> <45AFBF92.E6EAF17B@users.sourceforge.net> <45AFC335.4070104@aragon.es> <45B0FE23.B611FE4D@users.sourceforge.net> <20070122121349.104230@gmx.net> <45B4F1F1.196ECD11@users.sourceforge.net> <20070124111413.20290@gmx.net> <20070131114153.247300@gmx.net> <45C0F4DF.C146A6B7@users.sourceforge.net> Subject: Re: SuSE 10.2 and LOADNATIONALKEYB=1 To: Jari Ruusu X-Authenticated: #5663700 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 Content-Transfer-Encoding: 8bit Received-SPF: X-Spam-Status: No, score=-0.1 required=5.0 tests=AWL,BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Do you mean unable to knoppix mount loop-AES encrypted partitions using > key > file created under openSuSE? Yes, exactly. The problem occurs when passphrase contains special characters. > Boot CD-ROM mounts normally? Right? Using a boot CD-ROM works with no problems if the us-keymap is used. Chars like y, z should be left out. Special characters may not be found or assigned to a different key. > All parties involved, openSuSE X/console, knoppix, and key map in /boot > partition or boot-to-encrypted-root CD-ROM, must agree on how passphrase > characters are encoded. Otherwise it is not going to work. Yes, I understand this and because of that I asked again. I fear the CDs prepared under openSuSE 10.2 will no longer be decryptable with other/upcoming versions of Linux distros. Such a disaster happend to me some years ago when PGPdisk changed something in its keymapping. Fortunately, the next version, 6 months later, solved the issue. > What happens if you apply included build-initrd.sh patch, set > UTF8KEYBMODE=1 > in config, and create new boot CD using that new build-initrd.sh script? I didnīt know this patch and will try it. Iīm glad you answered to my questions at all. In case you know further measures please let me know. > I see exactly same dumpkeys output from both X and console, even though > console keyboard seems to be in ASCII mode and X keyboard in scancode > mode. Ok, I just thought it might be a good idea to post the dumped keymaps. I scrolled through these files but it didnīt reveal a conclusion to my mind. So you would say both X-window/console keymaps are equal? Iīm going to report what UTF8KEYBMODE=1 does to the build-initrd.sh. With your guidance Iīll certainly find a solution. Kind regards, Peter -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail?ac=OM.GX.GX003K11713T4783a - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Feb 05 07:59:27 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HDxox-0000cR-Lp; Mon, 05 Feb 2007 07:59:23 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 05 Feb 2007 07:58:44 +0100 (CET) Received: from [124.43.228.76] (helo=DAVID.Local) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HDxo5-0000Vz-GK for linux-crypto@nl.linux.org; Mon, 05 Feb 2007 07:58:29 +0100 Message-ID: <0ac42675da06e6f41aa2b8d6c443fe79@david> From: "SALES TEAM" To: Subject: Nokia 7710 Date: Mon, 5 Feb 2007 11:29:28 +0600 X-Priority: 3 X-Mailer: My Smtp Mailer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=NextMime00A_000_7820734D" Received-SPF: X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=1.8 required=5.0 tests=ALL_TRUSTED,BAYES_95, HTML_80_90,HTML_FONT_BIG,HTML_MESSAGE autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: dona@sltnet.lk Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto This is a multi-part message in MIME format. ------=NextMime00A_000_7820734D Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Nokia 7710 complete with full packing 100% guaranteed originals 92 phones are available for immediate delivery from Singapore=2E Minimum order quantity 10 phones Door to door delivery Price US $ 395=2E00 Contact us immediately for details JDS =20 ------=NextMime00A_000_7820734D Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Nokia 7710 = complete with full packing

100% guaranteed o= riginals

92 phones are ava= ilable for immediate delivery from Singapore=2E=

Minimum order qua= ntity 10 phones

Door to door deli= very Price US $ 395=2E00

Contact us immediately for details

JDS

 

------=NextMime00A_000_7820734D-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Feb 06 15:50:03 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HERdw-0001LS-0b; Tue, 06 Feb 2007 15:50:00 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 06 Feb 2007 15:48:49 +0100 (CET) Received: from [124.43.220.180] (helo=DAVID.Local) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HERcc-0001Is-6R for linux-crypto@nl.linux.org; Tue, 06 Feb 2007 15:48:38 +0100 Message-ID: From: "Sales Team" To: Subject: Nokia 93i Date: Tue, 6 Feb 2007 19:52:49 +0600 X-Priority: 3 X-Mailer: My Smtp Mailer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=NextMime00A_000_39510968D" Received-SPF: X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=4.4 required=5.0 tests=ALL_TRUSTED,BAYES_80, HTML_FONT_BIG,HTML_IMAGE_ONLY_08,HTML_MESSAGE autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: salesmaker@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto This is a multi-part message in MIME format. ------=NextMime00A_000_39510968D Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Nokia 93i Brand New with 12 monts=20 worldwide warranty Bets Price for deliveru door to door US $ 285=2E00 Minimum qty: 20 phones contact us for details JD Singapore ------=NextMime00A_000_39510968D Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

 

Nokia 93i Brand New with 12 monts

worldwide warranty

3D"E:\My

Bets Price for deliveru door to door US $ 28= 5=2E00

Minimum qty: 20 phones

contact us for details

JD Singapore

------=NextMime00A_000_39510968D-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Feb 06 16:17:28 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HES4U-0008SW-Ko; Tue, 06 Feb 2007 16:17:26 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 06 Feb 2007 16:17:10 +0100 (CET) Received: from [124.43.220.180] (helo=DAVID.Local) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HES42-0008Q0-5x for linux-crypto@nl.linux.org; Tue, 06 Feb 2007 16:16:58 +0100 Message-ID: From: "Sales Team" To: Subject: Nokia 93i Date: Tue, 6 Feb 2007 19:53:02 +0600 X-Priority: 3 X-Mailer: My Smtp Mailer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=NextMime00A_000_39524281D" Received-SPF: X-Spam-Status: No, score=4.4 required=5.0 tests=ALL_TRUSTED,BAYES_80, HTML_FONT_BIG,HTML_IMAGE_ONLY_08,HTML_MESSAGE autolearn=no version=3.0.1 X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: salesmaker@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto This is a multi-part message in MIME format. ------=NextMime00A_000_39524281D Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Nokia 93i Brand New with 12 monts=20 worldwide warranty Bets Price for deliveru door to door US $ 285=2E00 Minimum qty: 20 phones contact us for details JD Singapore ------=NextMime00A_000_39524281D Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

 

Nokia 93i Brand New with 12 monts

worldwide warranty

3D"E:\My

Bets Price for deliveru door to door US $ 28= 5=2E00

Minimum qty: 20 phones

contact us for details

JD Singapore

------=NextMime00A_000_39524281D-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 07 16:20:08 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEoab-0001kh-Gp; Wed, 07 Feb 2007 16:20:05 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 07 Feb 2007 16:19:20 +0100 (CET) Received: from mta-2.ms.rz.rwth-aachen.de ([134.130.7.73]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEoZg-0001kN-3Q for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 16:19:08 +0100 Received: from circe ([134.130.3.36]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JD300KCAMJRUS90@mta-2.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 16:19:03 +0100 (CET) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Wed, 07 Feb 2007 16:19:03 +0100 (MET) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l17FJ223031623; Wed, 07 Feb 2007 16:19:02 +0100 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 169735B938; Wed, 07 Feb 2007 16:19:03 +0100 (CET) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06001-06; Wed, 07 Feb 2007 16:19:02 +0100 (CET) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id B4AE85B913; Wed, 07 Feb 2007 16:19:02 +0100 (CET) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id A28171A6175; Wed, 07 Feb 2007 16:18:44 +0100 (CET) Date: Wed, 07 Feb 2007 16:18:44 +0100 From: markus reichelt Subject: ecryptfs To: linux-crypto@nl.linux.org Cc: slackware@mailman.lug.org.uk Mail-followup-to: linux-crypto@nl.linux.org, slackware@mailman.lug.org.uk Message-id: <20070207151844.GE3662@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=aT9PWwzfKXlsBJM1 Content-disposition: inline X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --aT9PWwzfKXlsBJM1 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I'm looking for users who tinkered with ecryptfs and want to share their experience (pitfalls, tuning, scalability, install probs, etc). I'm about to test it on ext3/plain partitions and ext3/loop-aes ones, so why not join forces... --=20 left blank, right bald --aT9PWwzfKXlsBJM1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFye3ULMyTO8Kj/uQRAmTZAJ9Oquo3boEuwDvrGEFfGRu6sjgRcQCggpmP dU/v1v/GqSzHV/w/iJGCrUY= =L/VL -----END PGP SIGNATURE----- --aT9PWwzfKXlsBJM1-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 07 17:28:34 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEpeq-0000SL-Az; Wed, 07 Feb 2007 17:28:32 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 07 Feb 2007 17:28:10 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEpeL-0000S3-7O for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 17:28:01 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id 2CF5A2BDC2 for ; Wed, 7 Feb 2007 16:58:21 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 16606-04-6 for ; Wed, 7 Feb 2007 16:58:14 +0100 (CET) Received: from [10.2.3.28] (unknown [62.225.4.20]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 5F6642BDC1 for ; Wed, 7 Feb 2007 16:58:14 +0100 (CET) Message-ID: <45C9F715.5030006@citd.de> Date: Wed, 07 Feb 2007 16:58:13 +0100 From: Matthias Schniedermeyer User-Agent: Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: README losetup/mount-Parameter "offset" needs another note Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi I wanted to use a whole HDD for loop-encryption. To prevent some types of accidents i still wanted to put a Partition-Table on the HDD with a single whole-disk-spanning partition. So i set the offset to 512 with "/dev/sd" as the backing-store. But Performace fell to a crawl (relativly speaking) realative to a non-offseted loop. So i increased the offset by 512 for a few times in the hope that the phaenomenom is "curable". And with an offset of 4096 performance was the same as without an offset. As i have a IA32-System it appears to me that the offset has to be page-aligned, in case performance matters. So i suggest to put a note about that in the README. -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 07 18:51:07 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEqwj-0007wR-9T; Wed, 07 Feb 2007 18:51:05 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 07 Feb 2007 18:50:39 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEqw9-0007vt-9K for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 18:50:29 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 5760C17B495; Wed, 7 Feb 2007 19:50:21 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OZQnE9BEesV8; Wed, 7 Feb 2007 19:50:15 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id D499517B48F; Wed, 7 Feb 2007 19:50:15 +0200 (EET) Message-ID: <45CA1156.A1625246@users.sourceforge.net> Date: Wed, 07 Feb 2007 19:50:14 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Schniedermeyer wrote: > So i set the offset to 512 with "/dev/sd" as the backing-store. But > Performace fell to a crawl (relativly speaking) realative to a > non-offseted loop. > > So i increased the offset by 512 for a few times in the hope that the > phaenomenom is "curable". And with an offset of 4096 performance was the > same as without an offset. > > As i have a IA32-System it appears to me that the offset has to be > page-aligned, in case performance matters. So i suggest to put a note > about that in the README. What kernel version are you using? What loop implementation are you using? Mainline loop driver uses page cache for both file backed and device backed setups. Loop-AES version of loop driver uses page cache only for file backed setups. Your description sounds like you are using mainline loop. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 07 19:11:10 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HErG8-0004P9-U0; Wed, 07 Feb 2007 19:11:08 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 07 Feb 2007 19:10:52 +0100 (CET) Received: from nz-out-0506.google.com ([64.233.162.231]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HErFk-0004Ln-A8 for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 19:10:44 +0100 Received: by nz-out-0506.google.com with SMTP id x3so331101nzd for ; Wed, 07 Feb 2007 10:09:20 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ckzNAOWV5/xTJI2kmWknrLvlA0u9t6NIqtZ3FCdM64z8jdn/wdW73llqXNbLJ8kF00w9urhcLemk6vVP4TRywaXr3IYxIqrwDbzcqS9F619rs9V5Tm71mc8qYMWvgooRhDvdBaeg1fF0Dv1eMi38/dwVKze6ICnQk7BJyje1V78= Received: by 10.114.200.2 with SMTP id x2mr1106825waf.1170871331699; Wed, 07 Feb 2007 10:02:11 -0800 (PST) Received: by 10.114.81.13 with HTTP; Wed, 7 Feb 2007 10:02:11 -0800 (PST) Message-ID: Date: Wed, 7 Feb 2007 19:02:11 +0100 From: "Antonio Di Salvo" To: linux-crypto Subject: Secure overwrite of the ram memory MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: disalvo.antonio@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi, I'm looking for an app that can wipe the contents of my ram. I already know smem from THC, but it "only" runs on the unused memory of the host machine, while I need to overwrite the whole thing (more or less). Is it that there is any standalone software, like memtest86, that can do what I ask? If not, can I use memtest86 to do the job? Thanks in advance, Antonio PS: sorry for my English ;-P - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 07 19:47:34 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HErpM-00065h-3m; Wed, 07 Feb 2007 19:47:32 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 07 Feb 2007 19:47:14 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEroo-00065M-NU for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 19:46:58 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id 786AA2BDC4; Wed, 7 Feb 2007 19:46:50 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 14441-01; Wed, 7 Feb 2007 19:46:36 +0100 (CET) Received: from [192.168.100.3] (p548B30FB.dip0.t-ipconnect.de [84.139.48.251]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 8ED2E2BDC1; Wed, 7 Feb 2007 19:46:36 +0100 (CET) Message-ID: <45CA1E83.4020105@citd.de> Date: Wed, 07 Feb 2007 19:46:27 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> In-Reply-To: <45CA1156.A1625246@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Matthias Schniedermeyer wrote: >> So i set the offset to 512 with "/dev/sd" as the backing-store. But >> Performace fell to a crawl (relativly speaking) realative to a >> non-offseted loop. >> >> So i increased the offset by 512 for a few times in the hope that the >> phaenomenom is "curable". And with an offset of 4096 performance was the >> same as without an offset. >> >> As i have a IA32-System it appears to me that the offset has to be >> page-aligned, in case performance matters. So i suggest to put a note >> about that in the README. > > What kernel version are you using? 2.6.19, vanilla, self-compiled (But later this day it will be 2.6.20) > What loop implementation are you using? loop-aes 3.1e (I'm a loop-aes user for 3-4 years) > Mainline loop driver uses page cache for both file backed and device backed > setups. Loop-AES version of loop driver uses page cache only for file backed > setups. Your description sounds like you are using mainline loop. I case numbers matter. CORE2 Duo E6700, 2GB DDR2-800 RAM (Or about the fastest "not extreme" system currently available) "RAW" AES128-v3 throughput this system can reach is about 100MB/s (using a single thread of aespipe) - snip - time (dd if=/dev/zero bs=20480 count=52428 | aespipe -e aes128 -p3 3< <( gpg < key.gpg ) > /dev/null) 52428+0 records in 52428+0 records out 1073725440 bytes (1.1 GB) copied, 10.9219 seconds, 98.3 MB/s real 0m10.924s user 0m7.977s sys 0m0.657s - snip - (Currently my system is working, numbers are a little bit better with 0 load) HDD is a 500GB Seagate/PATA, connected to a onboard jmicron PATA-Controller(apears to be a PCIe device) and driven by the matching libata driver. The HDD delivers a linear throughput of about 70-73MB/s, which doesn't decrease much when i put a aes128-v3-loop over it, and which uses about 1/2 of the available CPU-ressources gpg < key.gpg | losetup -e aes128 -p 0 /dev/loop4 /dev/sdb The same loop, with the "not good" offsets of 512-3584, decreases the throughput to a craw of 5-20MB/s (don't have exact numbers anymore and currently my system is working, so i can't retest) With an offset of 4096 everything is good(tm) again. gpg < key.gpg | losetup -e aes128 -p 0 -o 4096 /dev/loop4 /dev/sdb Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 07 22:03:08 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEtwW-0002zS-Qe; Wed, 07 Feb 2007 22:03:04 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 07 Feb 2007 22:02:29 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEtvm-0002z5-Ax for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 22:02:18 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id AD44E17B495; Wed, 7 Feb 2007 23:02:12 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BVxPuL23llGv; Wed, 7 Feb 2007 23:02:07 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 2895E17B494; Wed, 7 Feb 2007 23:02:07 +0200 (EET) Message-ID: <45CA3E4E.DC1DE094@users.sourceforge.net> Date: Wed, 07 Feb 2007 23:02:06 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> <45CA1E83.4020105@citd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Schniedermeyer wrote: > HDD is a 500GB Seagate/PATA, connected to a onboard jmicron > PATA-Controller(apears to be a PCIe device) and driven by the matching > libata driver. The HDD delivers a linear throughput of about 70-73MB/s, > which doesn't decrease much when i put a aes128-v3-loop over it, and > which uses about 1/2 of the available CPU-ressources > > gpg < key.gpg | losetup -e aes128 -p 0 /dev/loop4 /dev/sdb > > The same loop, with the "not good" offsets of 512-3584, decreases the > throughput to a craw of 5-20MB/s (don't have exact numbers anymore and > currently my system is working, so i can't retest) > > With an offset of 4096 everything is good(tm) again. > gpg < key.gpg | losetup -e aes128 -p 0 -o 4096 /dev/loop4 /dev/sdb Did you test it through a file system or direct to loop device? Direct to loop device test has disadvantage of possibly un-optimal default soft block size. If loop device size is not multiple of page size, then smaller than page size soft block size default is set at losetup time. This may affect performance when loop device is read/written directly. File system mount of course sets better soft block size and bangs the device using more optimally sized reguests. Using offset=512 shrinks loop device size. What does "blockdev --getsize /dev/loop4" command output now (using 4096 byte offset)? -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 07 23:07:46 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEux4-0002uk-Eo; Wed, 07 Feb 2007 23:07:42 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 07 Feb 2007 23:07:17 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEuvr-0001HX-8G for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 23:06:27 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id DD7B22BDBA; Wed, 7 Feb 2007 23:06:17 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 10909-03-3; Wed, 7 Feb 2007 23:05:58 +0100 (CET) Received: from [192.168.100.3] (p548B30FB.dip0.t-ipconnect.de [84.139.48.251]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 934932BDB8; Wed, 7 Feb 2007 23:05:57 +0100 (CET) Message-ID: <45CA4D44.6040000@citd.de> Date: Wed, 07 Feb 2007 23:05:56 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> <45CA1E83.4020105@citd.de> <45CA3E4E.DC1DE094@users.sourceforge.net> In-Reply-To: <45CA3E4E.DC1DE094@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Matthias Schniedermeyer wrote: >> HDD is a 500GB Seagate/PATA, connected to a onboard jmicron >> PATA-Controller(apears to be a PCIe device) and driven by the matching >> libata driver. The HDD delivers a linear throughput of about 70-73MB/s, >> which doesn't decrease much when i put a aes128-v3-loop over it, and >> which uses about 1/2 of the available CPU-ressources >> >> gpg < key.gpg | losetup -e aes128 -p 0 /dev/loop4 /dev/sdb >> >> The same loop, with the "not good" offsets of 512-3584, decreases the >> throughput to a craw of 5-20MB/s (don't have exact numbers anymore and >> currently my system is working, so i can't retest) >> >> With an offset of 4096 everything is good(tm) again. >> gpg < key.gpg | losetup -e aes128 -p 0 -o 4096 /dev/loop4 /dev/sdb > > Did you test it through a file system or direct to loop device? I discovered the slow performance while "initializing" the loop with dd if=/dev/zero of=/dev/loop (Currently i'm not sure if i also used a bs=, maybe not) So direct to loop it is. I haven't tested putting a filesystem on the loop, at that point i just wanted a completely zeroed loop (so i had a seemingly "random" backing-store). So it appears that only a note about "direct" use of loop may be suboptimal for offseted loops. E.g. when you "zero" over the loop (which is definetly IO or CPU-bould) instead of "randomizing" over the loop or directly to the backing store. (Random-performance wasn't great AFAIR, so i settled with zeroing over the loop. Which i think is "good enough", given that a) it's v3 (65th key alone should prevent "detecting" zero blocks when next to no knowledge exists about the plain-text) and b) i use a different key for each loop (see below)) > Direct to loop device test has disadvantage of possibly un-optimal default > soft block size. If loop device size is not multiple of page size, then > smaller than page size soft block size default is set at losetup time. This > may affect performance when loop device is read/written directly. File > system mount of course sets better soft block size and bangs the device > using more optimally sized reguests. Using offset=512 shrinks loop device > size. What does "blockdev --getsize /dev/loop4" command output now (using > 4096 byte offset)? I think the total capacity is quite irrelevant for this case, it's the expected HDD size minus 8 Blocks? blockdev --getsize /dev/loop2 976773160 vs. blockdev --getsize /dev/sdb 976773168 (Loop-No. changed because 1) i just used 4 and b) i automount just about everything.(*)) So guess we can settle the case and i will just have to live with 143,50 KB (or .00000127 percent of total capacity) of "lost" space due to assuming a poorly performing "direct to loop" would also lead to a poorly performing "filesystem over loop". *: I put the "name" of the HDD at 0x1b8 of the MBR, which is documented as "could be used for a 4 byte 'ID'" (Another reason why i wanted to spare the MBR, so i could place a marker somewhere in it) Naming schema i use is xm and 2 digits. Placing the marker works like this: echo "xm01" | dd bs=1 count=4 seek=440 conv=notrunc of=/dev/sd Then i wrote a little shell script that extract the marked and outputs a udev-complying string: - snip - if [ "$1" != "" ]; then label=`dd if="$1" bs=1 count=4 skip=440 status=noxfer 2>/dev/null` echo "$label" | grep ^xm &>/dev/null && echo "ID_XM=$label" fi - snip - With a matching udev-rule: - snip - # Check for xm-disc KERNEL=="sd*[!0-9]", \ IMPORT{program}="/usr/local/bin/my/xm_id.sh $tempnode" ENV{ID_XM}=="xm[0-9][0-9]", \ SYMLINK+="disk/by-xm/$ENV{ID_XM}" - snip - Which means a symlink like "xm01" is registered for each HDD where a marker is found into the directory "/dev/disk/by-xm/", which points to the /dev/sd-device it gets when it is connected. (In my case mostly USB2.0, but i will move to (e)SATA in the future. Now that hotplugging SATA actually works and (e)SATA has way better performance) And, at last, with an also matching automount-entry (1 line!): xm01 -fstype=xfs,noatime,encryption=aes128,offset=4096,gpgkey=xm01.gpg :/dev/disk/by-xm/xm01 I have all the "magic" in place it needs to automount the encrypted HDDs despite them being encrypted. Before encryption i i just used LABELd or UUIDed filesystems, but encryption prevents that, especially when you use different keys for different loops. (My current statistics are: 41 HDDs with a 10,5 TiB total capacity and 9 TiB used. Currently being converted from unencrypted to encrypted, which will probably take as long as sometime next month, averaging somewhere over a day per HDD.) Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 07 23:59:29 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEvlA-0006eF-GS; Wed, 07 Feb 2007 23:59:28 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 07 Feb 2007 23:59:12 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEvke-0006dZ-E6 for linux-crypto@nl.linux.org; Wed, 07 Feb 2007 23:58:56 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 9421117B495; Thu, 8 Feb 2007 00:58:54 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C4uq8bbUmKn6; Thu, 8 Feb 2007 00:58:49 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 1865317B494; Thu, 8 Feb 2007 00:58:49 +0200 (EET) Message-ID: <45CA59A8.9677D9C@users.sourceforge.net> Date: Thu, 08 Feb 2007 00:58:48 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> <45CA1E83.4020105@citd.de> <45CA3E4E.DC1DE094@users.sourceforge.net> <45CA4D44.6040000@citd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Schniedermeyer wrote: > I discovered the slow performance while "initializing" the loop with > dd if=/dev/zero of=/dev/loop > (Currently i'm not sure if i also used a bs=, maybe not) When block device is accessed directly, kernel splits I/O to soft block size chunks. 'dd bs=' is just for user space dd program, and does not affect what slitting happens in kernel. > I think the total capacity is quite irrelevant for this case, it's the > expected HDD size minus 8 Blocks? > blockdev --getsize /dev/loop2 > 976773160 (976773160 * 512) % 4096 == 0 > blockdev --getsize /dev/sdb > 976773168 (976773168 * 512) % 4096 == 0 Both device sizes are integer multiples of 4096 bytes. When you shrink the the device size by non-4096 byte amount, that is no longer true. 976773160 and 976773168 sector size devices can be fully accessed using 4096 soft block size. It is the default smaller soft block size that causes the slowdown. > performing "direct to loop" would also lead to a poorly performing > "filesystem over loop". Nope. If you test it using a file system, then file system mount of course sets better soft block size and bangs the device using more optimally sized reguests. # losetup -e AES128 -K gpgkey3.asc /dev/loop0 /dev/hdd9 Password: # blockdev --getbsz /dev/loop0 512 (partition backed inherits 512 byte soft block size) # mount -t ext2 /dev/loop0 /mnt # blockdev --getbsz /dev/loop0 4096 (but mount sets it to 4096 bytes, as it should) # umount /mnt # losetup -d /dev/loop0 # mount -t ext2 /dev/hdd9 /mnt \ > -o loop=/dev/loop2,encryption=AES128,gpgkey=gpgkey3.asc Password: # blockdev --getbsz /dev/loop2 4096 (4096 byte soft block size after mount, ok here too) -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 08 01:08:34 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEwq0-0008LD-Ri; Thu, 08 Feb 2007 01:08:32 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 08 Feb 2007 01:08:06 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HEwpM-0008Ks-8f for linux-crypto@nl.linux.org; Thu, 08 Feb 2007 01:07:52 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 1BC8717B49A; Thu, 8 Feb 2007 02:07:51 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKKc5BcRnhUk; Thu, 8 Feb 2007 02:07:45 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 7B35617B467; Thu, 8 Feb 2007 02:07:45 +0200 (EET) Message-ID: <45CA69D0.4B8F99D9@users.sourceforge.net> Date: Thu, 08 Feb 2007 02:07:44 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> <45CA1E83.4020105@citd.de> <45CA3E4E.DC1DE094@users.sourceforge.net> <45CA4D44.6040000@citd.de> <45CA59A8.9677D9C@users.sourceforge.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Both device sizes are integer multiples of 4096 bytes. When you shrink the > the device size by non-4096 byte amount, that is no longer true. 976773160 > and 976773168 sector size devices can be fully accessed using 4096 soft > block size. It is the default smaller soft block size that causes the > slowdown. Just to clarify this: Default soft block size is set to such value that full device can be accessed using X amount of such soft block size chunks. File system mount knows that it won't access any less-than-block-size leftovers at the end of the device, so it can set to more sane value. In following examples, /dev/hdd2, /dev/loop3 and /dev/loop6 sizes are interger multiple of 4096 bytes, and as such, can be fully accessed using 4096 byte soft block size. /dev/hdd9, /dev/loop4 and /dev/loop5 are not, and are accessed using 512 byte soft block size. Prior to mount, that is. Meaning that any mkfs, fsck, and other direct access will not perform as fast and efficiently as for /dev/hdd2, /dev/loop3 and /dev/loop6. After mount, /dev/hdd2 and /dev/hdd9 should perform identically, as should /dev/loop3, /dev/loop4, /dev/loop5 and /dev/loop6. # blockdev --getsize /dev/hdd2 102816 (device size is integer multiple of 4096 bytes) # losetup -e AES128 -K loop-AES/gpgkey3.asc /dev/loop3 /dev/hdd2 Password: # blockdev --getbsz /dev/loop3 4096 (default soft block size is 4096 bytes) # losetup -e AES128 -K loop-AES/gpgkey3.asc -o 512 /dev/loop5 /dev/hdd2 Password: # blockdev --getbsz /dev/loop5 512 (default soft block size is *LESS THAN* 4096 bytes) # blockdev --getsize /dev/hdd9 102753 (device size is *NOT* integer multiple of 4096 bytes) # losetup -e AES128 -K loop-AES/gpgkey3.asc /dev/loop4 /dev/hdd9 Password: # blockdev --getbsz /dev/loop4 512 (default soft block size is *LESS THAN* 4096 bytes) # losetup -e AES128 -K loop-AES/gpgkey3.asc -o 512 /dev/loop6 /dev/hdd9 Password: # blockdev --getbsz /dev/loop6 4096 (default soft block size is 4096 bytes) -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 08 05:01:44 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HF0Tc-0000E6-K8; Thu, 08 Feb 2007 05:01:40 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 08 Feb 2007 05:01:09 +0100 (CET) Received: from outpost.zedz.net ([194.109.206.210] ident=foobar) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HF0T0-0000Do-Uw for linux-crypto@nl.linux.org; Thu, 08 Feb 2007 05:01:02 +0100 Received: by outpost.zedz.net (Postfix, from userid 1009) id 1AE5C4E6E6; Thu, 8 Feb 2007 02:00:07 +0100 (CET) From: Nomen Nescio Comments: This message did not originate from the Sender address above. It was remailed automatically by anonymizing remailer software. Please report problems or inappropriate use to the remailer administrator at . To: linux-crypto@nl.linux.org Subject: Re: Secure overwrite of the ram memory In-Reply-To: References: Message-ID: Date: Thu, 8 Feb 2007 02:00:07 +0100 (CET) Received-SPF: X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_40 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: nobody@dizum.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto > I'm looking for an app that can wipe the contents of my ram. That's called the off switch. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 08 11:04:13 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HF68N-00085N-U6; Thu, 08 Feb 2007 11:04:07 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 08 Feb 2007 11:03:35 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HF67W-00084a-5N for linux-crypto@nl.linux.org; Thu, 08 Feb 2007 11:03:14 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id C80172BDBF; Thu, 8 Feb 2007 11:03:02 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 28336-03-5; Thu, 8 Feb 2007 11:02:48 +0100 (CET) Received: from [192.168.4.17] (i59F55F78.versanet.de [89.245.95.120]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 26B012BDBE; Thu, 8 Feb 2007 11:02:48 +0100 (CET) Message-ID: <45CAF544.2000308@citd.de> Date: Thu, 08 Feb 2007 11:02:44 +0100 From: Matthias Schniedermeyer User-Agent: Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> <45CA1E83.4020105@citd.de> <45CA3E4E.DC1DE094@users.sourceforge.net> <45CA4D44.6040000@citd.de> <45CA59A8.9677D9C@users.sourceforge.net> <45CA69D0.4B8F99D9@users.sourceforge.net> In-Reply-To: <45CA69D0.4B8F99D9@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Jari Ruusu wrote: >> Both device sizes are integer multiples of 4096 bytes. When you shrink the >> the device size by non-4096 byte amount, that is no longer true. 976773160 >> and 976773168 sector size devices can be fully accessed using 4096 soft >> block size. It is the default smaller soft block size that causes the >> slowdown. > > Just to clarify this: Default soft block size is set to such value that full > device can be accessed using X amount of such soft block size chunks. File > system mount knows that it won't access any less-than-block-size leftovers > at the end of the device, so it can set to more sane value. > > In following examples, /dev/hdd2, /dev/loop3 and /dev/loop6 sizes are > interger multiple of 4096 bytes, and as such, can be fully accessed using > 4096 byte soft block size. /dev/hdd9, /dev/loop4 and /dev/loop5 are not, and > are accessed using 512 byte soft block size. Prior to mount, that is. > Meaning that any mkfs, fsck, and other direct access will not perform as > fast and efficiently as for /dev/hdd2, /dev/loop3 and /dev/loop6. After > mount, /dev/hdd2 and /dev/hdd9 should perform identically, as should > /dev/loop3, /dev/loop4, /dev/loop5 and /dev/loop6. > > # blockdev --getsize /dev/hdd2 > 102816 > > (device size is integer multiple of 4096 bytes) > > # losetup -e AES128 -K loop-AES/gpgkey3.asc /dev/loop3 /dev/hdd2 > Password: > # blockdev --getbsz /dev/loop3 > 4096 > > (default soft block size is 4096 bytes) > > # losetup -e AES128 -K loop-AES/gpgkey3.asc -o 512 /dev/loop5 /dev/hdd2 > Password: > # blockdev --getbsz /dev/loop5 > 512 > > (default soft block size is *LESS THAN* 4096 bytes) > > # blockdev --getsize /dev/hdd9 > 102753 > > (device size is *NOT* integer multiple of 4096 bytes) > > # losetup -e AES128 -K loop-AES/gpgkey3.asc /dev/loop4 /dev/hdd9 > Password: > # blockdev --getbsz /dev/loop4 > 512 > > (default soft block size is *LESS THAN* 4096 bytes) > > # losetup -e AES128 -K loop-AES/gpgkey3.asc -o 512 /dev/loop6 /dev/hdd9 > Password: > # blockdev --getbsz /dev/loop6 > 4096 > > (default soft block size is 4096 bytes) Thanks for the explanation. So i will through in a little Perl-Script, that makes sure that the "raw" loop (before it has a filesystem) has a soft-block-size of 4096, so that i won't have performance-problems when i work directly with a/the loop. (I can life with the few KB of lost space, i still have a great gain of several MB(*) because i don't have the partition-alignment "problem") But i still think that a little "note" about that is appropriate for the README, so that other won't fall into the same tarpit as i. :-) It's good that YOU know all that, but others don't know that. Especially as this topic isn't on the radar of, i'd guess, 99% of people. *: For the 200GB drives that i currently convert i have a net gain in capacity of about 100MB. One part "partition alignment" and one part "Smaller log-size of the recreated XFS filesystem". If i didn't misscalculate the total loss of capacity is about 5MB due to various overheads, mostly the filesystem itself. I think i can live with that. :-) -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 08 13:52:08 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HF8ku-00004S-2i; Thu, 08 Feb 2007 13:52:04 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 08 Feb 2007 13:51:37 +0100 (CET) Received: from wp050.webpack.hosteurope.de ([80.237.132.57]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HF8kJ-000043-1V for linux-crypto@nl.linux.org; Thu, 08 Feb 2007 13:51:27 +0100 Received: from dslb-084-056-038-082.pools.arcor-ip.net ([84.56.38.82] helo=greenwood); authenticated by wp050.webpack.hosteurope.de running ExIM using esmtpsa (TLSv1:DES-CBC3-SHA:168) id 1HF8kG-00071a-Up; Thu, 08 Feb 2007 13:51:25 +0100 Date: Thu, 8 Feb 2007 13:51:26 +0100 From: Uwe Hermann To: Nomen Nescio Cc: linux-crypto@nl.linux.org Subject: Re: Secure overwrite of the ram memory Message-ID: <20070208125126.GB11458@greenwood> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="A6N2fC+uXW/VQSAv" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.13 (2006-08-11) X-bounce-key: webpack.hosteurope.de;uwe@hermann-uwe.de;1170939087;f347d6de; Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: uwe@hermann-uwe.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --A6N2fC+uXW/VQSAv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 08, 2007 at 02:00:07AM +0100, Nomen Nescio wrote: > > I'm looking for an app that can wipe the contents of my ram.=20 >=20 > That's called the off switch. Not quite. It's possible to get meaningful data out of RAM chips _after_ you power your computer off. Granted, you probably need pricey special equipment, but it's possible. I read a paper where such experiments were conducted a while ago, but I can't find an URL to it right now... Uwe. --=20 http://www.hermann-uwe.de | http://www.holsham-traders.de http://www.crazy-hacks.org | http://www.unmaintained-free-software.org --A6N2fC+uXW/VQSAv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFyxzOXdVoV3jWIbQRAvqHAJ98dbd1ZsGAXvsO9+csRvo6uahw8wCgpPzV i2dYwp+34m7wyNPJXNwzUXs= =vOSZ -----END PGP SIGNATURE----- --A6N2fC+uXW/VQSAv-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Feb 12 14:42:28 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGbRq-00021H-GE; Mon, 12 Feb 2007 14:42:26 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 12 Feb 2007 14:41:28 +0100 (CET) Received: from atlmtaow02.cingularme.com ([66.102.165.7]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGbQl-00020r-GR for linux-crypto@nl.linux.org; Mon, 12 Feb 2007 14:41:19 +0100 Received: from cingularme.com ([10.46.66.13]) by atlmtaow02.cingularme.com (InterMail vM.6.01.04.00 201-2131-118-20041027) with SMTP id <20070212110730.YJUA2321.atlmtaow02.cingularme.com@cingularme.com> for ; Mon, 12 Feb 2007 06:07:30 -0500 From: 8055094081@cingularme.com To: linux-crypto@nl.linux.org Subject: FW: X-OPWV-Extra-Message-Type: MO Message-Id: <20070212110730.YJUA2321.atlmtaow02.cingularme.com@cingularme.com> Date: Mon, 12 Feb 2007 06:07:30 -0500 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_50, FROM_STARTS_WITH_NUMS,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: 8055094081@cingularme.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto viewmymessage.com using Msg ID a1c0ibvi2 Password toil9last -- =============================================== Brought to you by, Cingular Wireless Messaging http://www.CingularMe.COM/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Feb 12 18:43:48 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGfDO-0006lO-C7; Mon, 12 Feb 2007 18:43:46 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 12 Feb 2007 18:43:15 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGfCe-0006jS-IF for linux-crypto@nl.linux.org; Mon, 12 Feb 2007 18:43:00 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 4E80517B47D; Mon, 12 Feb 2007 19:42:44 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ggYstv9boGP; Mon, 12 Feb 2007 19:42:38 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 9008D17B479; Mon, 12 Feb 2007 19:42:38 +0200 (EET) Message-ID: <45D0A70D.AA8486B0@users.sourceforge.net> Date: Mon, 12 Feb 2007 19:42:37 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> <45CA1E83.4020105@citd.de> <45CA3E4E.DC1DE094@users.sourceforge.net> <45CA4D44.6040000@citd.de> <45CA59A8.9677D9C@users.sourceforge.net> <45CA69D0.4B8F99D9@users.sourceforge.net> <45CAF544.2000308@citd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=AWL,BAYES_50 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Schniedermeyer wrote: > But i still think that a little "note" about that is appropriate for the > README, so that other won't fall into the same tarpit as i. :-) Following text will be in next version of loop-AES README "Performance tuning" section: Soft block size of loop device has negative effect on efficiency and performance if that soft block size is too small. On recent kernels, default soft block size is set to such value that full device can be accessed using X amount of such soft block size chunks. If device size is integer multiple of processor page size, then default soft block size will also be processor page size. Some older kernels inherit default soft block size from backing device. Mounting a file system on top of loop device sets loop device's soft block size to same as block size of that mounted file system, so none of this soft block size optimization affects mounted file system performance. But too small soft block size may affect unmounted loop device performance. Unmounting a file system may set loop device's soft block size back to default value (this depends on kernel version). Since unmounted loop device is not usually used for anything other than occasional fsck, this reduced efficiency and performance is not necessarily a problem. However, if you insist on getting maximum performance from fsck and other direct to loop device usage, then (1) you can use backing disk partition whose size is integer multiple of 4096 bytes, or (2) you can limit size of loop device to integer multiple of 4096 bytes, or (3) you can set loop device's soft block size manually to 4096 bytes. Option (3) doesn't work on all kernels because many kernels seem to revert to default soft block size when device is not mounted and no process is holding open file descriptor on it. This command shows size of device in 512 byte units: blockdev --getsize /dev/loop0 This command shows soft block size of device in byte units: blockdev --getbsz /dev/loop0 This command sets soft block size of device: blockdev --setbsz 4096 /dev/loop0 In this example, backing device size is 20012106240 bytes (39086145 * 512). Loop device size is rounded down to integer multiple of 4096 bytes, 20012105728 bytes: blockdev --getsize /dev/hda666 39086145 losetup -e AES128 -K foo.gpg -s 20012105728 /dev/loop0 /dev/hda666 ^^^^^^^^^^^^^^ You can also add sizelimit=20012105728 mount option /etc/fstab file. Mount won't benefit much from it because file system mount sets soft block size to desired value anyway, but "losetup -F /dev/loop0" reads and uses that option from /etc/fstab file. losetup -s and sizelimit mount option do not work with 2.2 and older kernels. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Feb 12 22:13:14 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGiU2-0006Gh-EU; Mon, 12 Feb 2007 22:13:10 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 12 Feb 2007 22:12:30 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGiTE-0006GR-95 for linux-crypto@nl.linux.org; Mon, 12 Feb 2007 22:12:20 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id CC40F2BDB9; Mon, 12 Feb 2007 22:12:09 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 30486-01-2; Mon, 12 Feb 2007 22:12:00 +0100 (CET) Received: from [192.168.100.3] (p548B316C.dip0.t-ipconnect.de [84.139.49.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 530902BDB8; Mon, 12 Feb 2007 22:12:00 +0100 (CET) Message-ID: <45D0D81E.2090301@citd.de> Date: Mon, 12 Feb 2007 22:11:58 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: README losetup/mount-Parameter "offset" needs another note References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> <45CA1E83.4020105@citd.de> <45CA3E4E.DC1DE094@users.sourceforge.net> <45CA4D44.6040000@citd.de> <45CA59A8.9677D9C@users.sourceforge.net> <45CA69D0.4B8F99D9@users.sourceforge.net> <45CAF544.2000308@citd.de> <45D0A70D.AA8486B0@users.sourceforge.net> In-Reply-To: <45D0A70D.AA8486B0@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Matthias Schniedermeyer wrote: >> But i still think that a little "note" about that is appropriate for the >> README, so that other won't fall into the same tarpit as i. :-) > > Following text will be in next version of loop-AES README "Performance > tuning" section: > [deleted] Great. I now know why i fell into this tar pit and you MAY have saved others from falling into the same. :-) Btw. "Performance tuning". You already changed the last paragraph of the (current) chapter? Current 2.6 kernels contain another IO-scheduler and made it default in 2.6.18: CFQ. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Feb 13 01:30:10 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGlYc-0007EG-2c; Tue, 13 Feb 2007 01:30:06 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 13 Feb 2007 01:29:35 +0100 (CET) Received: from mta-1.ms.rz.rwth-aachen.de ([134.130.7.72]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGlXu-0007Dt-1Z for linux-crypto@nl.linux.org; Tue, 13 Feb 2007 01:29:22 +0100 Received: from circe ([134.130.3.36]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JDD00FXXIKP8LC0@mta-1.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Tue, 13 Feb 2007 00:29:13 +0100 (CET) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Tue, 13 Feb 2007 00:29:13 +0100 (MET) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l1CNTCcv011430 for ; Tue, 13 Feb 2007 00:29:12 +0100 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 9F6715B953 for ; Tue, 13 Feb 2007 00:29:13 +0100 (CET) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32042-02 for ; Tue, 13 Feb 2007 00:29:13 +0100 (CET) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 334985B913 for ; Tue, 13 Feb 2007 00:29:13 +0100 (CET) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id 497551A6175; Tue, 13 Feb 2007 00:28:52 +0100 (CET) Date: Tue, 13 Feb 2007 00:28:52 +0100 From: markus reichelt Subject: Re: README losetup/mount-Parameter "offset" needs another note In-reply-to: <45D0D81E.2090301@citd.de> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20070212232852.GB3552@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=DBIVS5p969aUjpLe Content-disposition: inline X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <45C9F715.5030006@citd.de> <45CA1156.A1625246@users.sourceforge.net> <45CA1E83.4020105@citd.de> <45CA3E4E.DC1DE094@users.sourceforge.net> <45CA4D44.6040000@citd.de> <45CA59A8.9677D9C@users.sourceforge.net> <45CA69D0.4B8F99D9@users.sourceforge.net> <45CAF544.2000308@citd.de> <45D0A70D.AA8486B0@users.sourceforge.net> <45D0D81E.2090301@citd.de> User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --DBIVS5p969aUjpLe Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Matthias Schniedermeyer wrote: > Btw. "Performance tuning". You already changed the last paragraph > of the (current) chapter? Current 2.6 kernels contain another > IO-scheduler and made it default in 2.6.18: CFQ. I hate this scheduler tuning thing / choose from 3 more-or-less evils =2E.. back in 2.6.7 my world was still in place -- best performing kernel ever. I still use Anticipatory as default (yes, with preemptible kernel...) Still, the last 2.6 kernel I had no trouble with was .16 but I can't use that branch cos of too modern hardware -- what a hassle. --=20 left blank, right bald --DBIVS5p969aUjpLe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFF0Pg0LMyTO8Kj/uQRAvARAKCCB7yh1miGjgmFHe+10KputpGsNQCfa1qZ uaAvwY+VGQRflHzrq9UfbsI= =5q9c -----END PGP SIGNATURE----- --DBIVS5p969aUjpLe-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Feb 13 13:25:30 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGwit-0007TW-Nn; Tue, 13 Feb 2007 13:25:27 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 13 Feb 2007 13:24:36 +0100 (CET) Received: from mailgate1.fcc.gov ([192.104.54.10]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HGwhx-0007PU-8t for linux-crypto@humbolt.nl.linux.org; Tue, 13 Feb 2007 13:24:29 +0100 Received: from smarthost2.fcc.gov (gatekeeper4.fcc.gov [192.104.54.21]) by mailgate1.fcc.gov (dcMail/040510q) with ESMTP id l1DB04nx021117 for ; Tue, 13 Feb 2007 07:23:50 -0500 (EST) Received: by smarthost2.fcc.gov; Tue, 13 Feb 2007 07:23:50 -0500 Message-Id: Date: Tue, 13 Feb 2007 07:23:50 -0500 From: Postmaster@smarthost2.fcc.gov To: linux-crypto@humbolt.nl.linux.org Subject: Re: News Received-SPF: X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_60,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Postmaster@smarthost2.fcc.gov Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto The message you sent to a Federal Communications Commission staff member was quarantined due to an unacceptable attachment type. Do not resend, but contact the recipient for information on how to transfer this file. Thanks. Information Technology Center FCC - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 14 00:01:16 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HH6cz-0008Lv-Ti; Wed, 14 Feb 2007 00:00:01 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 13 Feb 2007 23:58:09 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HH6az-0008JD-Rv for linux-crypto@nl.linux.org; Tue, 13 Feb 2007 23:57:57 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id 03B712BDC0 for ; Tue, 13 Feb 2007 23:57:44 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 12139-01 for ; Tue, 13 Feb 2007 23:57:36 +0100 (CET) Received: from [192.168.100.3] (p548B2F98.dip0.t-ipconnect.de [84.139.47.152]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 242192BDC4 for ; Tue, 13 Feb 2007 23:57:36 +0100 (CET) Message-ID: <45D2425E.2060909@citd.de> Date: Tue, 13 Feb 2007 23:57:34 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Loop-AES: Question for Password when none is needed Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi When i use a key-file that is only 'gpg --store -a', for e.x. because the key-file is stored inside an encrypted filesystem that is currently mounted, mount still asks for a Password where anything can be typed. What makes this not beautiful is that it can only be short-circuited with -p . But that doesn't fly with autofs map-type rule. You can only provide "-o " options that are passed down to mount. Naturally redirecting stderr isn't possible either. The mount succeeds, because nothing can be read from STDIN as i guess there is no STDIN, so the mount continues. But every time an encrypted automount happens i get an ugly ... automount[1441]: >> Password: line in syslog. an example of a map-type rule (stripped down to into 72 chars): test -fstype=xfs,encryption=aes128,gpgkey=/tmp/key.gpg :/dev/sda4 So i tested a bit. With: gpg --passphrase '' &>/dev/null < key.gpg and a look at the errorlevel it can tested if a key can be decrypted without a passphrase. So my feature-wish would be: Test if a key can be decrypted without a password and don't ask for one if none is need and/or add a another parameter to losetup and a "-o"-type option for mount, so that it can be explicitly specified that a key is only stored Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 15 16:38:31 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHigm-0001Sb-CO; Thu, 15 Feb 2007 16:38:28 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 15 Feb 2007 16:37:37 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHifi-0001Rm-Ac for linux-crypto@nl.linux.org; Thu, 15 Feb 2007 16:37:22 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id BCFC117B484; Thu, 15 Feb 2007 17:37:16 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z3QuNFj6fqIz; Thu, 15 Feb 2007 17:37:11 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id DEFA617B433; Thu, 15 Feb 2007 17:37:10 +0200 (EET) Message-ID: <45D47E25.47549FDB@users.sourceforge.net> Date: Thu, 15 Feb 2007 17:37:09 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Schniedermeyer wrote: > When i use a key-file that is only 'gpg --store -a', for e.x. because > the key-file is stored inside an encrypted filesystem that is currently > mounted, mount still asks for a Password where anything can be typed. I hope that for security reasons you are using a different key file for each automounted file system. If you are mounting removable media, then encrypted key file must be stored on same media. Passphrase-less key file on same media won't provide any security. > What makes this not beautiful is that it can only be short-circuited > with -p . But that doesn't fly with autofs map-type rule. You > can only provide "-o " options that are passed down to mount. > Naturally redirecting stderr isn't possible either. I don't know what automounter implementation you are using, but BSD amd automounter that I am using lets admin configure a program or script to do the actual mount operation. > The mount succeeds, because nothing can be read from STDIN as i guess > there is no STDIN, so the mount continues. > But every time an encrypted automount happens i get an ugly > ... automount[1441]: >> Password: > line in syslog. I don't see such messages on my box. Below are some config lines from my test box that I set up to automount encrypted floppy. First 8192 bytes of each floppy is used to store gpg encrypted key file. Here is mount point definition in /etc/am-utils/amd.conf file: [/a] map_name = /etc/am-utils/amd.a Here is map entry in /etc/am-utils/amd.a file: fd0-crypt type:=program;fs:=/floppy;mount:="/etc/am-utils/cryptmount.sh /etc/am-utils/cryptmount.sh ext2 /dev/fd0 /floppy /dev/loop0";unmount:="/bin/umount umount /floppy" Here is root-only executable shell script in /etc/am-utils/cryptmount.sh file: #!/bin/sh /bin/mount -t $1 $2 $3 -o encryption=AES128,gpgkey=$2,offset=8192,loop=$4 -p3 3 Date: Thu, 15 Feb 2007 18:08:04 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> In-Reply-To: <45D47E25.47549FDB@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Matthias Schniedermeyer wrote: >> When i use a key-file that is only 'gpg --store -a', for e.x. because >> the key-file is stored inside an encrypted filesystem that is currently >> mounted, mount still asks for a Password where anything can be typed. > > I hope that for security reasons you are using a different key file for each > automounted file system. If you are mounting removable media, then encrypted > key file must be stored on same media. Passphrase-less key file on same > media won't provide any security. If i'm not mistaken i said exactly that. Every HDD has a separate key-file and the container with the key-files is on another partition and the key-file from the container is encrypted. >> What makes this not beautiful is that it can only be short-circuited >> with -p . But that doesn't fly with autofs map-type rule. You >> can only provide "-o " options that are passed down to mount. >> Naturally redirecting stderr isn't possible either. > > I don't know what automounter implementation you are using, but BSD amd > automounter that I am using lets admin configure a program or script to do > the actual mount operation. autofs(v4) that is included in Linux since i don't know how long. As to the topic of using another mount command, i could use a "program"-type map. But as the line in Syslog is the only annoying thing, with the "map"-type, it's a bit of an overkill. I could also skip autofs completely and just use udev to start a mount after the HDD is connected. But i like the "auto umount"-Part of autofs, so that i can just disconnect the HDD, if enough time had passed since usage. >> The mount succeeds, because nothing can be read from STDIN as i guess >> there is no STDIN, so the mount continues. >> But every time an encrypted automount happens i get an ugly >> ... automount[1441]: >> Password: >> line in syslog. > > I don't see such messages on my box. Do you get the password-question on the commandline with an unencrypted key-file (with Linux)? If not, then the loop-aes-utils package from Debian-SID contains the bug. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 15 19:16:56 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHlA6-00088W-OV; Thu, 15 Feb 2007 19:16:54 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 15 Feb 2007 19:16:31 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHl9Y-000870-Gk for linux-crypto@nl.linux.org; Thu, 15 Feb 2007 19:16:20 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 6E47217B45E; Thu, 15 Feb 2007 20:16:17 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Dhzkp4vXM74; Thu, 15 Feb 2007 20:16:11 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id C878D17B45D; Thu, 15 Feb 2007 20:16:11 +0200 (EET) Message-ID: <45D4A36A.C7E73D1F@users.sourceforge.net> Date: Thu, 15 Feb 2007 20:16:10 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> <45D49374.9080600@citd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Schniedermeyer wrote: > autofs(v4) that is included in Linux since i don't know how long. Here are my kernel config entries: # CONFIG_AUTOFS_FS is not set # CONFIG_AUTOFS4_FS is not set I'm not using autofs > I could also skip autofs completely and just use udev to start a mount > after the HDD is connected. But i like the "auto umount"-Part of autofs, > so that i can just disconnect the HDD, if enough time had passed since > usage. BSD amd does auto unmount. For removable devices I use 10 second unmount delay. Zero problems with BSD amd so far. I have used it for many years to mount removable unencrypted devices like floppies, CD-ROMs, and USB-sticks. Little window shows me what automounted devices are currently mounted. I take a look at that window before I yank a removable automounted device. > Do you get the password-question on the commandline with an unencrypted > key-file (with Linux)? Nope. I tested it using encrypted key files that were stored at beginning of each floppy. Passphrase to decrypt each per floppy key file was read from encrypted file system using "mount ... -p3 3 If not, then the loop-aes-utils package from Debian-SID contains the bug. Nope. mount -p3 makes password-question go away. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 15 19:44:59 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHlbF-0001lD-U1; Thu, 15 Feb 2007 19:44:57 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 15 Feb 2007 19:44:41 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHlap-0001kw-HF for linux-crypto@nl.linux.org; Thu, 15 Feb 2007 19:44:31 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id B3F9D2BDC8; Thu, 15 Feb 2007 19:44:24 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 25937-01; Thu, 15 Feb 2007 19:44:11 +0100 (CET) Received: from [192.168.100.3] (p548B3387.dip0.t-ipconnect.de [84.139.51.135]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 5C4D52BDCA; Thu, 15 Feb 2007 19:44:10 +0100 (CET) Message-ID: <45D4A9F9.9000802@citd.de> Date: Thu, 15 Feb 2007 19:44:09 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> <45D49374.9080600@citd.de> <45D4A36A.C7E73D1F@users.sourceforge.net> In-Reply-To: <45D4A36A.C7E73D1F@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Matthias Schniedermeyer wrote: >> Do you get the password-question on the commandline with an unencrypted >> key-file (with Linux)? > > Nope. I tested it using encrypted key files that were stored at beginning of > each floppy. Passphrase to decrypt each per floppy key file was read from > encrypted file system using "mount ... -p3 3 that amd runs when it wants a file system mounted. > >> If not, then the loop-aes-utils package from Debian-SID contains the bug. > > Nope. mount -p3 makes password-question go away. If you had read the first mail you should know that i know how to short circuit the question at the commandline. But that doesn't mean that that isn't a WORKAROUND for something that should happen in the first place. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 15 20:32:52 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHmLa-00016N-9q; Thu, 15 Feb 2007 20:32:50 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 15 Feb 2007 20:32:24 +0100 (CET) Received: from mta-1.ms.rz.rwth-aachen.de ([134.130.7.72]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHmKs-00014e-Gf for linux-crypto@nl.linux.org; Thu, 15 Feb 2007 20:32:06 +0100 Received: from circe ([134.130.3.36]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JDI001KCRLFLT10@mta-1.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Thu, 15 Feb 2007 20:32:03 +0100 (CET) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Thu, 15 Feb 2007 20:32:02 +0100 (MET) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l1FJW11v007721 for ; Thu, 15 Feb 2007 20:32:01 +0100 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id CE1D45BB8B for ; Thu, 15 Feb 2007 20:32:02 +0100 (CET) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08256-04 for ; Thu, 15 Feb 2007 20:32:02 +0100 (CET) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 70FD85B779 for ; Thu, 15 Feb 2007 20:32:02 +0100 (CET) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id 508401A6175; Thu, 15 Feb 2007 20:31:36 +0100 (CET) Date: Thu, 15 Feb 2007 20:31:36 +0100 From: markus reichelt Subject: Re: Loop-AES: Question for Password when none is needed In-reply-to: <45D4A9F9.9000802@citd.de> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20070215193136.GE3552@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=7gGkHNMELEOhSGF6 Content-disposition: inline X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> <45D49374.9080600@citd.de> <45D4A36A.C7E73D1F@users.sourceforge.net> <45D4A9F9.9000802@citd.de> User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --7gGkHNMELEOhSGF6 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Matthias Schniedermeyer wrote: > But that doesn't mean that that isn't a WORKAROUND for something > that should happen in the first place. =2E.. Maybe you are just asking for one more -o keyword without realising it. 'key=3D' which expects a plain keyfile, just like 'gpgkey=3D' expects a .gpg Would be my choice instead of messing around with .gpg handling. It just doesn't make any sense at all to have a passwordless .gpg --- Thinking along these lines... Imagine some plain text embedded into a word document and trying to tune a converter to get your hands on the text instead of using a plain textfile in the first place. --=20 left blank, right bald --7gGkHNMELEOhSGF6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFF1LUYLMyTO8Kj/uQRAomGAJ9iHjyNvnROltsK2Se59ClZufLtRACeKCcU I+NsWptktvjrDHQI4VHMHPE= =ftLK -----END PGP SIGNATURE----- --7gGkHNMELEOhSGF6-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 15 23:08:04 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHolj-0007EC-M6; Thu, 15 Feb 2007 23:07:59 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 15 Feb 2007 23:07:29 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHokx-0006WT-La for linux-crypto@nl.linux.org; Thu, 15 Feb 2007 23:07:11 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id ADC432BDCB for ; Thu, 15 Feb 2007 23:07:00 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 24550-04-2 for ; Thu, 15 Feb 2007 23:06:52 +0100 (CET) Received: from [192.168.100.3] (p548B3387.dip0.t-ipconnect.de [84.139.51.135]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 8C20F2BDC9 for ; Thu, 15 Feb 2007 23:06:52 +0100 (CET) Message-ID: <45D4D97A.30303@citd.de> Date: Thu, 15 Feb 2007 23:06:50 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> <45D49374.9080600@citd.de> <45D4A36A.C7E73D1F@users.sourceforge.net> <45D4A9F9.9000802@citd.de> <20070215193136.GE3552@tatooine.rebelbase.local> In-Reply-To: <20070215193136.GE3552@tatooine.rebelbase.local> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto markus reichelt wrote: > * Matthias Schniedermeyer wrote: > >> But that doesn't mean that that isn't a WORKAROUND for something >> that should happen in the first place. > > ... > > Maybe you are just asking for one more -o keyword without realising > it. > > 'key=' which expects a plain keyfile, just like 'gpgkey=' > expects a .gpg > > Would be my choice instead of messing around with .gpg handling. It > just doesn't make any sense at all to have a passwordless .gpg --- > Thinking along these lines... Imagine some plain text embedded into a > word document and trying to tune a converter to get your hands on the > text instead of using a plain textfile in the first place. That would also be a solution for my problem. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 16 00:11:50 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHplV-00005k-1p; Fri, 16 Feb 2007 00:11:49 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 16 Feb 2007 00:11:25 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHpkv-00002V-QH for linux-crypto@nl.linux.org; Fri, 16 Feb 2007 00:11:13 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id BE0BA2BDC9 for ; Fri, 16 Feb 2007 00:11:06 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 13954-02-2 for ; Fri, 16 Feb 2007 00:10:59 +0100 (CET) Received: from [192.168.100.3] (p548B3387.dip0.t-ipconnect.de [84.139.51.135]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 2BE732BDC6 for ; Fri, 16 Feb 2007 00:10:59 +0100 (CET) Message-ID: <45D4E881.8030905@citd.de> Date: Fri, 16 Feb 2007 00:10:57 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> <45D49374.9080600@citd.de> <45D4A36A.C7E73D1F@users.sourceforge.net> <45D4A9F9.9000802@citd.de> <20070215193136.GE3552@tatooine.rebelbase.local> In-Reply-To: <20070215193136.GE3552@tatooine.rebelbase.local> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto markus reichelt wrote: > * Matthias Schniedermeyer wrote: > >> But that doesn't mean that that isn't a WORKAROUND for something >> that should happen in the first place. > > ... > > Maybe you are just asking for one more -o keyword without realising > it. > > 'key=' which expects a plain keyfile, just like 'gpgkey=' > expects a .gpg > > Would be my choice instead of messing around with .gpg handling. It > just doesn't make any sense at all to have a passwordless .gpg --- > Thinking along these lines... Imagine some plain text embedded into a > word document and trying to tune a converter to get your hands on the > text instead of using a plain textfile in the first place. Or another alternative: a option "keycommand=<..>" to execute print the key to its stdout. But the tricky think here would be how to pass the necessary information to the keycommand so that it can decide on which key to pass on. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 16 09:08:40 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHy90-0000cM-BL; Fri, 16 Feb 2007 09:08:38 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 16 Feb 2007 09:08:11 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHy8P-0000Z3-Om for linux-crypto@nl.linux.org; Fri, 16 Feb 2007 09:08:01 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id B5D7617B434; Fri, 16 Feb 2007 10:08:00 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uIMMOpzqiKG4; Fri, 16 Feb 2007 10:07:55 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 2030B1FF03; Fri, 16 Feb 2007 10:07:55 +0200 (EET) Message-ID: <45D56659.8E087F9D@users.sourceforge.net> Date: Fri, 16 Feb 2007 10:07:53 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> <45D49374.9080600@citd.de> <45D4A36A.C7E73D1F@users.sourceforge.net> <45D4A9F9.9000802@citd.de> <20070215193136.GE3552@tatooine.rebelbase.local> <45D4E881.8030905@citd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Matthias Schniedermeyer wrote: > Or another alternative: a option "keycommand=<..>" to execute print the > key to its stdout. > > But the tricky think here would be how to pass the necessary information > to the keycommand so that it can decide on which key to pass on. Both losetup and mount can read full 65 line unencrypted key data using -p command line parameter. That feature can not be enabled using mount option, and when you think about it, it makes more sense that way. This problem can be summarized as: You don't want to configure your automounter to pass -p command line parameter to mount. The fix is: Reconfigure your automounter. Problem solved. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 16 10:22:56 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHzIs-0002fO-DP; Fri, 16 Feb 2007 10:22:54 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 16 Feb 2007 10:22:27 +0100 (CET) Received: from enyo.dsw2k3.info ([195.71.86.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HHzIB-0002d8-39 for linux-crypto@nl.linux.org; Fri, 16 Feb 2007 10:22:11 +0100 Received: from localhost (localhost [127.0.0.1]) by enyo.dsw2k3.info (Postfix) with ESMTP id 827FA2BDCB; Fri, 16 Feb 2007 10:21:59 +0100 (CET) Received: from enyo.dsw2k3.info ([127.0.0.1]) by localhost (enyo [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 00917-01-2; Fri, 16 Feb 2007 10:21:50 +0100 (CET) Received: from [192.168.4.17] (i59F558A3.versanet.de [89.245.88.163]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by enyo.dsw2k3.info (Postfix) with ESMTP id 99D062BDB8; Fri, 16 Feb 2007 10:21:50 +0100 (CET) Message-ID: <45D577A9.2010204@citd.de> Date: Fri, 16 Feb 2007 10:21:45 +0100 From: Matthias Schniedermeyer User-Agent: Icedove 1.5.0.9 (X11/20061220) MIME-Version: 1.0 To: Jari Ruusu Cc: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> <45D49374.9080600@citd.de> <45D4A36A.C7E73D1F@users.sourceforge.net> <45D4A9F9.9000802@citd.de> <20070215193136.GE3552@tatooine.rebelbase.local> <45D4E881.8030905@citd.de> <45D56659.8E087F9D@users.sourceforge.net> In-Reply-To: <45D56659.8E087F9D@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at dsw2k3.info Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ms@citd.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > Matthias Schniedermeyer wrote: >> Or another alternative: a option "keycommand=<..>" to execute print the >> key to its stdout. >> >> But the tricky think here would be how to pass the necessary information >> to the keycommand so that it can decide on which key to pass on. > > Both losetup and mount can read full 65 line unencrypted key data using -p > command line parameter. That feature can not be enabled using mount option, > and when you think about it, it makes more sense that way. Ask 10 people and you get at least 11 options about makes sense and what not, regardless of topic. Having script calling mount doesn't make more sense than mount calling script X -> Y vs. Y -> X As i said, the only 'tricky' part in the later case is passing over the parameters so the script can decide what to do. In the script calls mount-case the parameter passing is mostly solved in some other way, but still the script has to have some way to 'know' what it must do. To make things short. I don't share the opinion that is makes 'more sense'. > This problem can be summarized as: You don't want to configure your > automounter to pass -p command line parameter to mount. The fix is: > Reconfigure your automounter. Problem solved. No. In the used configuration the automounter just only supports passing "-o"-options. AND in a configuration where the automounter would support it, i would lose the 'ghosting' feature where all possible mount-point are shown, regardless if they currently are mounted or not. I'm a commandline-person and i would loose TAB-completition, which i dislike like hell. So it's choosing the lesser evil, which currently having to live with stupid lines in Syslog. And i don't see why that should be changed to WORKAROUND a dumb: 'always ask for password, regardless if it is needed or not'. -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 16 22:07:53 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HIAJ3-0003Q8-Uv; Fri, 16 Feb 2007 22:07:49 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 16 Feb 2007 22:07:03 +0100 (CET) Received: from mail.snip.co.za ([196.22.97.235]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HIAI1-0002rD-No for linux-crypto@nl.linux.org; Fri, 16 Feb 2007 22:06:46 +0100 Received: from localhost (mail.snip.co.za [127.0.0.1]) by mail.snip.co.za (Postfix) with ESMTP id 88AC710DA65 for ; Fri, 16 Feb 2007 23:24:34 +0200 (SAST) Received: from mail.snip.co.za ([127.0.0.1]) by localhost (mail.snip.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25054-06 for ; Fri, 16 Feb 2007 23:24:33 +0200 (SAST) Received: by mail.snip.co.za (Postfix, from userid 904) id 321FF10C870; Fri, 16 Feb 2007 23:01:08 +0200 (SAST) To: linux-crypto@nl.linux.org Subject: SEE A GIRL HOW SUCK A DICK From: xxx@home.ro Content-Type: text/html Message-Id: <20070216210108.321FF10C870@mail.snip.co.za> Date: Fri, 16 Feb 2007 23:01:08 +0200 (SAST) X-Virus-Scanned: amavisd-new at snip.co.za Received-SPF: X-Spam-Status: No, score=2.3 required=5.0 tests=AWL,BAYES_60,HTML_MESSAGE, HTML_TITLE_EMPTY,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,SUBJ_ALL_CAPS autolearn=no version=3.0.1 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: xxx@home.ro Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto

Wanna Se Nice Girl's ?

We have the solution,

Download This File -> www.helsinki.home.ro/sexxy.exe <-

Open sexxy.exe to see the movie and then e-mail us if you like this video.

Your Home.ro XXX Team.

- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 17 11:05:28 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HIMRZ-0002cD-1f; Sat, 17 Feb 2007 11:05:25 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 17 Feb 2007 11:04:56 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HIMQM-0000tX-4V for linux-crypto@nl.linux.org; Sat, 17 Feb 2007 11:04:10 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 46B0617B458; Sat, 17 Feb 2007 11:44:38 +0200 (EET) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYQVCTCzXlvw; Sat, 17 Feb 2007 11:44:32 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 2B15A17B43A; Sat, 17 Feb 2007 11:44:32 +0200 (EET) Message-ID: <45D6CE7E.72C8E0EE@users.sourceforge.net> Date: Sat, 17 Feb 2007 11:44:30 +0200 From: Jari Ruusu To: Matthias Schniedermeyer Cc: linux-crypto@nl.linux.org Subject: Re: Loop-AES: Question for Password when none is needed References: <45D2425E.2060909@citd.de> <45D47E25.47549FDB@users.sourceforge.net> <45D49374.9080600@citd.de> <45D4A36A.C7E73D1F@users.sourceforge.net> <45D4A9F9.9000802@citd.de> <20070215193136.GE3552@tatooine.rebelbase.local> <45D4E881.8030905@citd.de> <45D56659.8E087F9D@users.sourceforge.net> <45D577A9.2010204@citd.de> Content-Type: multipart/mixed; boundary="------------5749900D8A6F0FD57623D933" Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X