From linux-crypto-bounce@nl.linux.org Tue Apr 03 21:26:19 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HYody-0008Ng-Gg; Tue, 03 Apr 2007 21:26:14 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 03 Apr 2007 21:25:22 +0200 (CEST) Received: from mta-2.ms.rz.rwth-aachen.de ([134.130.7.73]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HYocr-0008NB-QO for linux-crypto@nl.linux.org; Tue, 03 Apr 2007 21:25:05 +0200 Received: from circe ([134.130.3.36]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JFX000HFSHYKP80@mta-2.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Tue, 03 Apr 2007 21:22:46 +0200 (CEST) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Tue, 03 Apr 2007 21:22:45 +0200 (MEST) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l33JMjWw017241; Tue, 03 Apr 2007 21:22:45 +0200 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id B49875B777; Tue, 03 Apr 2007 21:22:45 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23931-01; Tue, 03 Apr 2007 21:22:45 +0200 (CEST) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 2FBE35B775; Tue, 03 Apr 2007 21:22:44 +0200 (CEST) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id B500C1A62EE; Tue, 03 Apr 2007 21:24:02 +0200 (CEST) Date: Tue, 03 Apr 2007 21:24:02 +0200 From: markus reichelt Subject: Strange performance drop with reconnected external drives To: linux-crypto@nl.linux.org Cc: linux-kernel@vger.kernel.org Mail-followup-to: linux-crypto@nl.linux.org, linux-kernel@vger.kernel.org Message-id: <20070403192402.GE4034@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=HG+GLK89HZ1zG0kk Content-disposition: inline X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --HG+GLK89HZ1zG0kk Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I'm encountered the following scenario: Several encrypted external USB HDDs were mounted (via a hub) when Something Bad happened: Accidentially the cable connecting the hub to the laptop was disconnected. The devices used at that time were /dev/sda and /dev/sdb. Logfiles showed the usual USB stuff: disconnections, nothing really worrysome, no oops, no bugs. So I almost immediately replugged one drive and mounted it again, the device used was /dev/sdc and performance was as usual. A few minutes later I replugged the other drive and the device it was associated with was /dev/sda. There were no error messages, the mount operation proceeded normally, filesystem recovery went smoothly. The filesystem was not corrupted during normal use afterwards. I don't think the hub is the issue, but the recycling of used /dev/sd* devices: The really strange thing was the considerable loss in performance. Writing files at ~ 1,5 MB/s was about a 10th of the normal throughput. Reading was also slow. I noticed that the drive's LED was blinking slower than usual during drive access, as if there was a delay of ~ 100 ms during write operations. The kernel used was 2.6.21-rc3 with recent loop-aes v 3.1f. I strongly suspect the code of handling SCSI-compatible devices (or whatever the code handling external USB HDDs is called exactly ;-). Earlier kernels (2.6.16.x) just used the next available devices e.g. /dev/sdc & /dev/sdd and did not recycle ones that had been in use already. Is there a way (apart from going back to earlier kernels) to get the old behaviour back? I'd very much like that. A .config option, boot parameter, patch, anything? --=20 left blank, right bald --HG+GLK89HZ1zG0kk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFGEqnSLMyTO8Kj/uQRAod6AJ4hrolq/W5PRjQ8uAsIaPJ5Xcf33gCfacxY U/oGOc7Y0XgQUpaht/NGGmI= =awrI -----END PGP SIGNATURE----- --HG+GLK89HZ1zG0kk-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Apr 04 03:55:17 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HYuiQ-0005kB-Oc; Wed, 04 Apr 2007 03:55:14 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 04 Apr 2007 03:54:50 +0200 (CEST) Received: from brmea-mail-3.sun.com ([192.18.98.34]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HYuhh-0005iA-2R for linux-crypto@nl.linux.org; Wed, 04 Apr 2007 03:54:29 +0200 Received: from jurassic-x4600.sfbay.sun.com ([129.146.17.59]) by brmea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l341C3V5008393; Wed, 4 Apr 2007 01:12:04 GMT Received: from [129.145.154.110] (sr1-umpk-10.SFBay.Sun.COM [129.145.154.110]) by jurassic-x4600.sfbay.sun.com (8.14.0+Sun/8.14.0) with ESMTP id l341C31k313109; Tue, 3 Apr 2007 18:12:03 -0700 (PDT) Message-ID: <4612FB63.5040803@Sun.COM> Date: Tue, 03 Apr 2007 18:12:03 -0700 From: Kais Belgaied User-Agent: Mozilla/5.0 (X11; U; SunOS sun4v; en-US; rv:1.7) Gecko/20060629 X-Accept-Language: ar-eg, en-us, en, ar, ar-dz, ar-bh, ar-iq, ar-jo, ar-kw, ar-lb, ar-ly, ar-ma, ar-om, ar-qa, ar-sa, ar-sy, ar-tn, ar-ae, ar-ye MIME-Version: 1.0 To: Alex Sudakar CC: linux-crypto@nl.linux.org, lofi-duscuss@opensolaris.com Subject: Re: General questions about crypto and also Solaris References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Kais.Belgaied@sun.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Alex, you may find useful information about lofi's support for filesystem crypto in the OpenSolaris Project: lofi compression & cryptography support http://opensolaris.org/os/project/loficc/ is the project's page. Cheers, Kais Alex Sudakar wrote On 03/24/07 17:54,: > Hi. I've been a happy user of loop-aes for several years now. > Sincerely, > thanks for all the time that people (Jari and others) have put into the > product. I haven't been able to understand *everything* that's been > discussed here (!) but some of it, and the product itself works great. > > I've got a couple of general questions along the lines of encrypted > filesystems, and then a followup regarding what's available for > Solaris x86. I know this list is '*linux*-crypto', but some people might > still be able to help on the latter topic anyway. > > I find myself in a situation of wanting to utilise applications and > filesystems/data on a *shared* system in a work environment. > On my home desktop I use loop-aes to encrypt all of my filesystems > basically so, if the system is stolen, no-one will be able to read my > private data. > > It seems evident, though, that on a shared system, with multiple > people logged in as root on the same machine, any of those > root users will be able to snoop around and read as cleartext > the files I might have on a 'private' filesystem, even if it's mounted > via loop-aes, as the filesystem will be mounted at the time, and > thus visible/decrypted for all. > > Are there products out there that perform filesystem decryption > on a per-process basis? That allow a user to 'register' a set of > process ids - maybe process group ids, or controlling terminals, > etcetera - and decryption into cleartext only takes place for > processes that are thus registered? > > Or would that be considered too dangerous ... if any root process, > say, that wasn't thus registered, came along and looked at > a mounted filesystem which was working on this basis, I guess > the kernel would report the filesystem as 'corrupt' and possibly > make some sort of correction, updating the filesystem outside > the control of the cryptographic layer? > > Any other ideas for being able to work in privacy on a shared > Unix system? Other than using applications which are explicitly > written to provide same? > > And, my followup question ... if there are any such solutions, would > they (also) work for Solaris x86? I'm pretty sure, for example, that > loop-aes isn't ported to Solaris ... and in fact, even though 'vanilla' > Linux seems to have had cryptographic hooks for the loopback > device, going back years as far as I can recall, I haven't seen signs > of anything like that for Solaris's 'lofiadm' command. My actual need > right now is to set up some sort of shared-privacy solution for a > Solaris x86 system, although I'm genuinely curious as to what might > be possible in general for Unix/Linux systems as well. > > Any help or advice, in general or references to specific software, > would be most appreciated. > > Thanks, > > > Alex > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Apr 04 18:24:20 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HZ8HR-0008SO-7c; Wed, 04 Apr 2007 18:24:17 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 04 Apr 2007 18:23:49 +0200 (CEST) Received: from mta-1.ms.rz.rwth-aachen.de ([134.130.7.72]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HZ8Gg-0008RX-7p for linux-crypto@nl.linux.org; Wed, 04 Apr 2007 18:23:30 +0200 Received: from circe ([134.130.3.36]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JFZ00EAQESL6770@mta-1.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Wed, 04 Apr 2007 18:21:57 +0200 (CEST) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Wed, 04 Apr 2007 18:21:57 +0200 (MEST) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l34GLu01008721 for ; Wed, 04 Apr 2007 18:21:56 +0200 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 3D3D15B777 for ; Wed, 04 Apr 2007 18:21:57 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23324-04 for ; Wed, 04 Apr 2007 18:21:56 +0200 (CEST) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id B9C9B5B775 for ; Wed, 04 Apr 2007 18:21:56 +0200 (CEST) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id 6BF2B1A62EE; Wed, 04 Apr 2007 18:23:16 +0200 (CEST) Date: Wed, 04 Apr 2007 18:23:16 +0200 From: markus reichelt Subject: Re: Linux distro w/loop-aes In-reply-to: <20070331141106.74840@gmx.net> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20070404162316.GF4034@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=GpGaEY17fSl8rd50 Content-disposition: inline X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <73cfbf220703282034j1cd8072bm343cfb6cb1767fb2@mail.gmail.com> <20070331141106.74840@gmx.net> User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --GpGaEY17fSl8rd50 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Peter_22@gmx.de wrote: > To summarize it: > - accessing loop-aes encrypted partitions/containers is possible > with any newer Knoppix Live CD/DVD > - setting up an entirely encrypted system (/) requires lots of hand > work Depends ... I'm in the process of writing an "idiots-guide"-like text about setting up root encryption with loop-aes, providing both commented example configs & precompiled initrds. In a nutshell: - create a full install on a single root partition (not needed on a running system, obviously ;-) - create both a bootable USB stick and boot CDROM (always have a backup handy...) - test boot setup=20 - adapt /etc/fstab & encrypt root partition via aespipe I played around a bit with using the swap space (half a GB) for a minimal install of an emergency system. This worked for me, but I regard it as too bloated to include it in the draft. I'm thinking along the lines of a busybox-like approach. =20 > As you asked for an USB-bootable solution I advise you to follow > example 7.7 from loop-aes readme. This works even with SuSE and you > can encrypt every bit of data on you drives. No bootpartition and > no partition table will remain. Up to now I haven?t seen an > installer that supports encrypted installations. The beauty of that example is that it can be used also on non-ecrypted root partitions... the system will just boot. Great to test one's setup before actually encrypting root via aespipe. And about that tweaked installer ... I discussed the issue with a fellow slackware user some time ago. It's most certainly doable, but right now I just lack the time to pursue that project.=20 So many ideas, so little time ... --=20 left blank, right bald --GpGaEY17fSl8rd50 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFGE9D0LMyTO8Kj/uQRArmYAJ9LdrzIUIWn3/vph6xPsRJmPK5K3gCeNIak lHWRz7R8ZnfBKwburqsEHs8= =3/fZ -----END PGP SIGNATURE----- --GpGaEY17fSl8rd50-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Apr 04 20:48:23 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HZAWs-0001rO-78; Wed, 04 Apr 2007 20:48:22 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 04 Apr 2007 20:48:00 +0200 (CEST) Received: from ug-out-1314.google.com ([66.249.92.171]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HZAWI-0001ov-8c for linux-crypto@nl.linux.org; Wed, 04 Apr 2007 20:47:46 +0200 Received: by ug-out-1314.google.com with SMTP id 75so848242ugb for ; Wed, 04 Apr 2007 11:46:24 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UIKR4GtYntReVTO1GYEYNHe0l48M7SaffpOfpfTirvnNXXuodxIWkp5b+y5kfAO+0Eg6uBilj0M9tz+SqalF78FDQ/94JYG+W11GKvkne1XpEE6L7G1pNqSswvt5rbZYc1ar40TgUWJYqF3/H1Cwyr9OOp2w5Z407f5zeaa5ZfE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GLp9081EqVO1HWBijL9NBB5iyAhTfP7Y1jJKENS0AVF5oXtP7A5/609TmBs7HfpyLpal3udQMGamcXjoHUM8ZoEq22OxOskUXtRSq+tp/iN0pF8hxr7y0HCJne2nAvCL9DpXYuHCgzhf4q9QiWVnAiyGcTgVv1UZ/Ny2WXeeNYQ= Received: by 10.82.136.4 with SMTP id j4mr1074887bud.1175705928450; Wed, 04 Apr 2007 09:58:48 -0700 (PDT) Received: by 10.82.180.10 with HTTP; Wed, 4 Apr 2007 09:58:48 -0700 (PDT) Message-ID: <9e0cf0bf0704040958o274da89ejd0a7d74ebe9231f3@mail.gmail.com> Date: Wed, 4 Apr 2007 18:58:48 +0200 From: "Alon Bar-Lev" To: linux-crypto@nl.linux.org Subject: Re: Linux distro w/loop-aes In-Reply-To: <20070404162316.GF4034@tatooine.rebelbase.local> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <73cfbf220703282034j1cd8072bm343cfb6cb1767fb2@mail.gmail.com> <20070331141106.74840@gmx.net> <20070404162316.GF4034@tatooine.rebelbase.local> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: alon.barlev@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto You can review: http://wiki.suspend2.net/EncryptedSwapAndRoot On 4/4/07, markus reichelt wrote: > * Peter_22@gmx.de wrote: > > > To summarize it: > > - accessing loop-aes encrypted partitions/containers is possible > > with any newer Knoppix Live CD/DVD > > - setting up an entirely encrypted system (/) requires lots of hand > > work > > Depends ... I'm in the process of writing an "idiots-guide"-like text > about setting up root encryption with loop-aes, providing both > commented example configs & precompiled initrds. > > In a nutshell: > > - create a full install on a single root partition (not needed on a > running system, obviously ;-) > > - create both a bootable USB stick and boot CDROM (always have a > backup handy...) > > - test boot setup > > - adapt /etc/fstab & encrypt root partition via aespipe > > I played around a bit with using the swap space (half a GB) for a > minimal install of an emergency system. This worked for me, but I > regard it as too bloated to include it in the draft. I'm thinking > along the lines of a busybox-like approach. > > > > As you asked for an USB-bootable solution I advise you to follow > > example 7.7 from loop-aes readme. This works even with SuSE and you > > can encrypt every bit of data on you drives. No bootpartition and > > no partition table will remain. Up to now I haven?t seen an > > installer that supports encrypted installations. > > The beauty of that example is that it can be used also on > non-ecrypted root partitions... the system will just boot. Great to > test one's setup before actually encrypting root via aespipe. > > And about that tweaked installer ... I discussed the issue with a > fellow slackware user some time ago. It's most certainly doable, but > right now I just lack the time to pursue that project. > > > So many ideas, so little time ... > > -- > left blank, right bald > > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Apr 05 23:23:51 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HZZQr-0003W9-GG; Thu, 05 Apr 2007 23:23:49 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 05 Apr 2007 23:23:01 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HZZPs-0003MI-LZ for linux-crypto@nl.linux.org; Thu, 05 Apr 2007 23:22:48 +0200 Received: (qmail 23734 invoked by uid 0); 5 Apr 2007 21:20:57 -0000 Received: from 84.175.17.7 by www139.gmx.net with HTTP; Thu, 05 Apr 2007 23:20:57 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" Date: Thu, 05 Apr 2007 23:20:57 +0200 From: Peter_22@gmx.de In-Reply-To: <20070404162316.GF4034@tatooine.rebelbase.local> Message-ID: <20070405212057.64580@gmx.net> MIME-Version: 1.0 References: <73cfbf220703282034j1cd8072bm343cfb6cb1767fb2@mail.gmail.com> <20070331141106.74840@gmx.net> <20070404162316.GF4034@tatooine.rebelbase.local> Subject: Re: Linux distro w/loop-aes To: markus reichelt , linux-crypto@nl.linux.org X-Authenticated: #5663700 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 X-Provags-ID: V01U2FsdGVkX1+FoEUfLLSFUH/yzViUqeuVNs10IGt2sAWy0VG6B5 SZ550rxqBIZX+b8oqE/t3DavA19jY7/sJt9A== Content-Transfer-Encoding: 8bit X-GMX-UID: Cl8ndw4xIydmCfEOImdrxBJSa2FkZpVS Received-SPF: X-Spam-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto markus reichelt wrote: > > As you asked for an USB-bootable solution I advise you to follow > > example 7.7 from loop-aes readme. This works even with SuSE and you > > can encrypt every bit of data on you drives. No bootpartition and > > no partition table will remain. Up to now I haven?t seen an > > installer that supports encrypted installations. > > The beauty of that example is that it can be used also on > non-ecrypted root partitions... the system will just boot. Great to > test one's setup before actually encrypting root via aespipe. > > And about that tweaked installer ... I discussed the issue with a > fellow slackware user some time ago. It's most certainly doable, but > right now I just lack the time to pursue that project. Aespipe is a good hint! When you lose your USB-Stick or think of a key-change for existing encrypted partitions, how do you do that? Aespipe pipes data from one partition to the same. It works fine unless the PC hangs. It would be fine to have a script that makes aespipe use 2 partitions. One for the encrypted data and a small one to backup chunks of the ongoing re-encryption. Let´s say a partition with 300 GB data is chosen to be re-encrypted with a new keyfile. At present aespipe is given both keyfiles and two loops are set up to read the data from one loop, pipe it through the program and back to the second loop. If the PC get´s stuck in this process 300 GB of data are lost. To prevent this, the 300 GB are to be segmented into 100 MB chunks and the above process is done again. This time with a second partition to store a temporary 100 MB file and an index file that keeps the record of the loop´s offset and size for the actual chunk. In case of a crash the temporary chunk can be replayed and the index file provides the information on where to replace the data and how to continue the re-encryption process. Data protected against crashs, mission accomplished. A person with good knowledge in linux shell scripting might write this tool in a few hours. Best regards Peter -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 07 14:39:58 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HaACx-0000bZ-KK; Sat, 07 Apr 2007 14:39:55 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 07 Apr 2007 14:39:09 +0200 (CEST) Received: from web94307.mail.in2.yahoo.com ([203.104.16.217]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HaAC0-0000ap-7t for linux-crypto@nl.linux.org; Sat, 07 Apr 2007 14:38:56 +0200 Received: (qmail 75225 invoked by uid 60001); 7 Apr 2007 12:31:51 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.in; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=PEQyRd2mLmBsfJlyolTBdZcFdG02BV9kevlCk2knO6rJ7GwVCrNoVYwNMLNUDm8Gpk66Y34I1DGPnC4IQSA86P6a+zQGk9fC8YaohjjUfcj9ubVRxZlXRvZ923rAkK3AzVgNgvkhyjLGd0nw1zH5hgDhBT6IiVTg60j/5z5kOmk=; X-YMail-OSG: ixSKHPAVM1mfrATwFbluQaBAh2Tipa3agvqowmVat9ZzcOaoCbTdjPvUnFZ1YCoFgA-- Received: from [196.207.231.164] by web94307.mail.in2.yahoo.com via HTTP; Sat, 07 Apr 2007 13:31:51 BST Date: Sat, 7 Apr 2007 13:31:51 +0100 (BST) From: angela bamar Subject: FROM MISS ANGELA To: angela1120b@yahoo.co.in MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1873633226-1175949111=:74351" Content-Transfer-Encoding: 8bit Message-ID: <208921.74351.qm@web94307.mail.in2.yahoo.com> Received-SPF: X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_50,HTML_30_40, HTML_MESSAGE,SUBJ_ALL_CAPS,US_DOLLARS_3 autolearn=no version=3.0.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: angela1120b@yahoo.co.in Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --0-1873633226-1175949111=:74351 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Good day Dear. I do not know to what extent you are familiar with events and fragile political situation in my country Liberia, but it has formed consistent headlines in the CNN, BBC news bulletins. I will very glad if you can accept to lead me to the right channel by means of your assistance to my situation now.I will make my proposal well known if I am given the opportunity. I would like to use this opportunity to introduce myself to you. I am Angela Bamar from Liberia i am 24 yrs old, the daughter of Late Mr Donald Bamar Chief Financial Officer for Budget under the leadership of president Charles Taylor who went for excile and presently facing trial on a case of genocide as for the killing of innocent souls.I presently under asylum in Senegal. The main reason am contacting you now is to seek your assistance in the area of our better future living and investment of huge sum Seven millon five hundred thousand dollars (us$7,500.000.00) my late father deposited for safe keeping under Finance company,Dakar -Senegal, in my name for safe keeping, I want you to help me claim the money for transfer to your country on my behalf. As I have mention earlier I will give you more details on this issue on your acceptance to help me. Pls send me your direct phone contact and private email to reach you in your reply if you have for security reason. Thanks,while waiting for your response. Sincerely yours, Miss Angela Bamar. --------------------------------- Here’s a new way to find what you're looking for - Yahoo! Answers --0-1873633226-1175949111=:74351 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit
Good day Dear.
 
I do not know to what extent you are familiar with events and fragile political situation in my country Liberia, but it has formed consistent headlines in the CNN, BBC news bulletins. I will very glad if you can accept to lead me to the right channel by means of your assistance to my situation now.I will make my proposal well known if I am given the opportunity. I would like to use this opportunity to introduce myself to you.
 
I am Angela Bamar from Liberia i am 24 yrs old, the daughter of Late Mr Donald Bamar Chief Financial Officer for Budget under the leadership of president Charles Taylor who went for excile and presently facing trial on a case of genocide as for the killing of innocent souls.I presently under asylum in Senegal.
 
The main reason am contacting you now is to seek your assistance in the area of our better future living and investment of huge sum Seven millon five hundred thousand dollars (us$7,500.000.00) my late father deposited  for safe keeping under Finance company,Dakar -Senegal, in my name for safe keeping,
 
I want you to help me claim the money for transfer to your country on my behalf. As I have mention earlier I will  give you more details on this issue on your acceptance to help me.
 
Pls send me your direct phone contact and private email to reach you in your reply if you have for security reason.
 
Thanks,while waiting for your response.
 
Sincerely yours,
 
Miss Angela Bamar.

Here’s a new way to find what you're looking for - Yahoo! Answers --0-1873633226-1175949111=:74351-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Apr 09 02:38:03 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HahtO-0000U0-T6; Mon, 09 Apr 2007 02:37:58 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 09 Apr 2007 02:37:18 +0200 (CEST) Received: from mx01.hinterhof.net ([83.137.99.114]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HahsT-0000TC-Lu for linux-crypto@nl.linux.org; Mon, 09 Apr 2007 02:37:01 +0200 Received: from localhost (localhost [127.0.0.1]) by mx01.hinterhof.net (Postfix) with ESMTP id 307CA104E6 for ; Mon, 9 Apr 2007 02:37:11 +0200 (CEST) Received: from dp.vpn.nusquama.org (p54a7f49f.dip.t-dialin.net [84.167.244.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "dp.vpn.nusquama.org", Issuer "Max Vozeler" (verified OK)) by mx01.hinterhof.net (Postfix) with ESMTP id 79A5410000 for ; Mon, 9 Apr 2007 02:37:10 +0200 (CEST) Received: by dp.vpn.nusquama.org (Postfix, from userid 1000) id 9B1492E087E; Mon, 9 Apr 2007 02:36:43 +0200 (CEST) Date: Mon, 9 Apr 2007 02:36:43 +0200 From: Max Vozeler To: linux-crypto@nl.linux.org Subject: loop-AES on Debian etch (was: Linux distro w/loop-aes) Message-ID: <20070409003643.GB1966@dp.vpn.nusquama.org> Mail-Followup-To: linux-crypto@nl.linux.org References: <73cfbf220703282034j1cd8072bm343cfb6cb1767fb2@mail.gmail.com> <20070329102806.GC7866@black-sun.demon.co.uk> <20070329115918.GA29232@chapus.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070329115918.GA29232@chapus.net> Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_50 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: max@nusquama.org Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hey all, I realize I'm a bit late; I'll provide some details about the loop-AES support in the new Debian release. On Thu, Mar 29, 2007 at 07:59:18AM -0400, Eloy Paris wrote: > I haven't used a recent version of the Debian Installer for etch > (Debian's upcoming new release) but I believe that it now supports > setting up encrypted partitions at installation time, which would > save a lot of trouble and pain. That's true. The Debian etch (4.0) installer includes support for loop-AES by default. :-) o loop-AES encryption is integrated in the debian-installer partitioning tool (partman). Non-root filesystems, /tmp and swap can be configured on loop-AES encrypted devices. o Available ciphers: Twofish, Serpent, AES; One can choose between passphrase-protected GnuPG keyfiles (created during the installation) and random one-time keys. o The installer makes sure that no non-encrypted swap space is configured along with encrypted partitions and warns about short passphrases (< 20 characters) o Documented in the "Etch installation guide" http://www.debian.org/releases/stable/installmanual o dm-crypt and LUKS are supported, too. Notable missing features: o Root filesystem can't be stored on loop-AES encrypted device (work in progress, Debian bug #378488) o Keyfiles: Pre-existing GnuPG keyfiles can't be used yet and it's not yet possible to store GnuPG keyfiles on removable media (usb key, floppy, etc.) o The installer doesn't allow choice of a different symmetric cipher for GnuPG encryption (currently uses CAST5) On an installed Debian etch system, several packages are provided for use of loop-AES: o loop-aes-modules-* - Those are pre-built kernel modules for the standard Debian kernels. They are available for all supported architectures and kernel flavours (flavours are vserver, xen, etc.) o loop-aes-source - Package of the loop-AES source code (including ciphers) for use with module-assistant, make-kpkg or manual build. This package can be used to create loop-AES module packages for non-standard kernels. o loop-aes-testsuite - Package of the loop-AES (+ciphers) test suite as provided in the upstream Makefile. The tests can be run using the loop-aes-runtests(8) command. o loop-aes-utils - Includes /bin/mount, /bin/umount, /sbin/swapon and /sbin/losetup with loop-AES support. The package also includes a small script to assist with key file creation (loop-aes-keygen) and an init script that tries to fsck filesystems on loop-AES encrypted partitions before mouting them during boot. o aespipe - Simple Debian packaging of aespipe. As usual, feel free to contact me with questions and problems you encounter using loop-AES on Debian. You can contact the loop-AES Team at pkg-loop-aes-maint@lists.alioth.debian.org or contact me at xam@debian.org. There will always be something which can be improved, so your feedback is appreciated :-) cheers, Max - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Apr 09 19:37:06 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Haxna-0005Av-Um; Mon, 09 Apr 2007 19:37:02 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 09 Apr 2007 19:36:35 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1Haxmz-00057D-2r for linux-crypto@nl.linux.org; Mon, 09 Apr 2007 19:36:25 +0200 Received: (qmail invoked by alias); 09 Apr 2007 17:34:34 -0000 Received: from p54bfa6a5.dip0.t-ipconnect.de (EHLO [192.168.1.3]) [84.191.166.165] by mail.gmx.net (mp035) with SMTP; 09 Apr 2007 19:34:34 +0200 X-Authenticated: #27770880 X-Provags-ID: V01U2FsdGVkX184vsgqkao40pVeRj/jPpQsMXVQlVfBPNb+cV/cM4 IL/pWSVOYJ3gGt Message-ID: <461A7928.9060709@gmx.net> Date: Mon, 09 Apr 2007 19:34:32 +0200 From: "S. Sakar" User-Agent: IceDove 1.5.0.10 (X11/20070329) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: loop-aes and busybox/initramfs-hook X-Enigmail-Version: 0.94.2.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: serkan.sakar@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto hi, I'm trying to integrate loop-aes into my ramdisk, but when I type the password to unlock my gpgkey I get the error message "Unable to detect home directory for uid 0" due to this codesegment: if((getuid() == 0) && gpgHomeDir && gpgHomeDir[0]) { h = gpgHomeDir; } else { if(!(p = getpwuid(getuid()))) { fprintf(stderr, _("Error: Unable to detect home directory for uid %d\n"), (int)getuid()); return NULL; } h = p->pw_dir; } First, the login/password features were not build into busybox, so I put /etc/passwd , /etc/group, /etc/shadow, /etc/nsswitch.conf, /lib/libnss_* into the initrd, but same error message. Then i tried a busybox-binary with build-in login/password features, and again no success. I would be glad if someone could point me in the right direction. Regards, Serkan - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Apr 09 19:45:12 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HaxvT-0006JS-Ls; Mon, 09 Apr 2007 19:45:11 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 09 Apr 2007 19:45:06 +0200 (CEST) Received: from mu-out-0910.google.com ([209.85.134.187]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Haxv8-0006HE-PB for linux-crypto@nl.linux.org; Mon, 09 Apr 2007 19:44:50 +0200 Received: by mu-out-0910.google.com with SMTP id w8so2377604mue for ; Mon, 09 Apr 2007 10:44:48 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Gxp1fVf1T1BnonUXMjKBYxykvKmj5ERac8N4NFjDYlN+4PyKTfQxBZw1FRWuXkG9XWj8oQmnGCutKbhxPSZql3icrtGqfQ/MTEP7qsNKQATdT1DKGQezasRoZ+fX0M9qKu9qkv3davvKh8e9CwqjY7UffyfXvSBH9gOU0+GGhLQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=P2DXicySSLlkTnwsW3kdvf5gXdVExhnE1yztnD1p/jEY0Oqfr1gCZiwpc7pP+1O9r+U5s0owGb5zcuzitzeuNzwhet7fqMuXt0+4HsJprBpBljY94KRrY9xwfzxDzN3lHMfBsQt0kwEgM4M2IUGZsIbKc42ddK13+gWzI+x6rgI= Received: by 10.82.104.18 with SMTP id b18mr8017126buc.1176140687244; Mon, 09 Apr 2007 10:44:47 -0700 (PDT) Received: by 10.82.180.10 with HTTP; Mon, 9 Apr 2007 10:44:47 -0700 (PDT) Message-ID: <9e0cf0bf0704091044s259c9d55y8e10f2c13ec3b2f7@mail.gmail.com> Date: Mon, 9 Apr 2007 20:44:47 +0300 From: "Alon Bar-Lev" To: "S. Sakar" Subject: Re: loop-aes and busybox/initramfs-hook Cc: linux-crypto@nl.linux.org In-Reply-To: <461A7928.9060709@gmx.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <461A7928.9060709@gmx.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: alon.barlev@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello, I had no problem with this... The gpg home can be set using -G argument to losetup or using GNUPGHOME environment. You don't have to have any passwd shadow etc. You can refer to: http://wiki.suspend2.net/EncryptedSwapAndRoot For a working environment. Best Regards, Alon Bar-Lev On 4/9/07, S. Sakar wrote: > hi, > I'm trying to integrate loop-aes into my ramdisk, but when I type the > password to unlock my gpgkey I get the error message > "Unable to detect home directory for uid 0" due to this codesegment: > > if((getuid() == 0) && gpgHomeDir && gpgHomeDir[0]) { > h = gpgHomeDir; > } else { > if(!(p = getpwuid(getuid()))) { > fprintf(stderr, _("Error: Unable to detect home directory for uid > %d\n"), (int)getuid()); > return NULL; > } > h = p->pw_dir; > } > > First, the login/password features were not build into busybox, so I put > /etc/passwd , /etc/group, /etc/shadow, /etc/nsswitch.conf, /lib/libnss_* > into the initrd, but same error message. > Then i tried a busybox-binary with build-in login/password features, and > again no success. > I would be glad if someone could point me in the right direction. > > Regards, > Serkan > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Apr 09 22:13:37 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Hb0F5-0004me-C1; Mon, 09 Apr 2007 22:13:35 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 09 Apr 2007 22:13:06 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1Hb0EH-0004gU-IR for linux-crypto@nl.linux.org; Mon, 09 Apr 2007 22:12:45 +0200 Received: (qmail invoked by alias); 09 Apr 2007 20:10:54 -0000 Received: from e179160037.adsl.alicedsl.de (EHLO [10.11.12.86]) [85.179.160.37] by mail.gmx.net (mp035) with SMTP; 09 Apr 2007 22:10:54 +0200 X-Authenticated: #5227436 X-Provags-ID: V01U2FsdGVkX19PQeALhQJP0TlMZHh26z+2ckqgtYvR0mPcLja1E9 c98C0z4bXS2RNs Message-ID: <461A9DCF.1040503@gmx.net> Date: Mon, 09 Apr 2007 22:10:55 +0200 From: Torsten72 User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Via Eden C7 padlock benchmarks Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: torsten.st@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto hardware ======== Jetway J7F4K1G2 cpu: Via Eden C7 1200 MHz chipset: VIA CN700 + 8237RP ram: 512 MB DDR2-533 software ======== Debian Etch Linux debian 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686 GNU/Linux loop(-aes) module rebuilt with support for via padlock hardware encryption openssl 0.9.8c rebuilt with Michal Ludvig's padlock patches performance test results ======================== # ramdisk debian:~# dd if=/dev/zero of=/dev/ram1 bs=1M count=50 50+0 Datensätze ein 50+0 Datensätze aus 52428800 Bytes (52 MB) kopiert, 0,0977001 Sekunden, 537 MB/s # simple loop debian:~# losetup /dev/loop0 /dev/ram1 debian:~# dd if=/dev/zero of=/dev/loop0 bs=1M count=50 50+0 Datensätze ein 50+0 Datensätze aus 52428800 Bytes (52 MB) kopiert, 0,379721 Sekunden, 138 MB/s debian:~# losetup -d /dev/loop0 # loop-aes: AES-128 debian:~# losetup -e AES128 -H random /dev/loop0 /dev/ram1 debian:~# dd if=/dev/zero of=/dev/loop0 bs=1M count=50 50+0 Datensätze ein 50+0 Datensätze aus 52428800 Bytes (52 MB) kopiert, 0,93555 Sekunden, 56,0 MB/s debian:~# losetup -d /dev/loop0 # loop-aes: AES-256 debian:~# losetup -e AES256 -H random /dev/loop0 /dev/ram1 debian:~# dd if=/dev/zero of=/dev/loop0 bs=1M count=50 50+0 Datensätze ein 50+0 Datensätze aus 52428800 Bytes (52 MB) kopiert, 0,953818 Sekunden, 55,0 MB/s # dm-crypt: AES-128 debian:~# modprobe padlock debian:~# cryptsetup create dm-test /dev/ram1 --cipher aes-cbc-essiv:sha256 -s 128 Enter passphrase: debian:~# dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50 50+0 Datensätze ein 50+0 Datensätze aus 52428800 Bytes (52 MB) kopiert, 0,554618 Sekunden, 94,5 MB/s debian:~# cryptsetup remove dm-test # dm-crypt: AES-256 debian:~# cryptsetup create dm-test /dev/ram1 --cipher aes-cbc-essiv:sha256 -s 256 Enter passphrase: debian:~# dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50 50+0 Datensätze ein 50+0 Datensätze aus 52428800 Bytes (52 MB) kopiert, 0,560215 Sekunden, 93,6 MB/s # openssl speed test: AES-128 debian:~# openssl speed -evp aes-128-cbc -engine padlock engine "padlock" set. Doing aes-128-cbc for 3s on 16 size blocks: 8799069 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 64 size blocks: 5274283 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 2049811 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 648022 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 8192 size blocks: 94270 aes-128-cbc's in 3.00s OpenSSL 0.9.8c 05 Sep 2006 built on: Thu Nov 30 22:28:56 UTC 2006 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -march=i686 -Wa,--noexecstack -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 46772.46k 112518.04k 174917.21k 220456.65k 257419.95k # openssl speed test: AES-256 debian:~# openssl speed -evp aes-256-cbc -engine padlock engine "padlock" set. Doing aes-256-cbc for 3s on 16 size blocks: 8651358 aes-256-cbc's in 3.01s Doing aes-256-cbc for 3s on 64 size blocks: 5130751 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 1916758 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 596974 aes-256-cbc's in 3.01s Doing aes-256-cbc for 3s on 8192 size blocks: 85597 aes-256-cbc's in 3.00s OpenSSL 0.9.8c 05 Sep 2006 built on: Thu Nov 30 22:28:56 UTC 2006 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -march=i686 -Wa,--noexecstack -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 45987.29k 109456.02k 163563.35k 203090.16k 233736.87k Can anybody tell me why the loop device is so slow even without encryption? Compared to the openssl speed test the results for both loop-aes and dm-crypt don't look very good. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Apr 10 10:52:43 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbC5g-0001b3-63; Tue, 10 Apr 2007 10:52:40 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 10 Apr 2007 10:52:03 +0200 (CEST) Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbC4t-0001ZK-GC for linux-crypto@nl.linux.org; Tue, 10 Apr 2007 10:51:51 +0200 Received: from mocca.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l3A8ph04024532 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Apr 2007 10:51:44 +0200 X-Hashcash: 1:22:070410:torsten.st@gmx.net::NwY3P7oDGqSyQ3Fd:SZ9u From: Simon Josefsson To: Torsten72 Cc: linux-crypto@nl.linux.org Subject: Re: Via Eden C7 padlock benchmarks References: <461A9DCF.1040503@gmx.net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070410:linux-crypto@nl.linux.org::JfmKz/OO16igPYwP:Tq90 Date: Tue, 10 Apr 2007 11:51:42 +0200 In-Reply-To: <461A9DCF.1040503@gmx.net> (Torsten's message of "Mon\, 09 Apr 2007 22\:10\:55 +0200") Message-ID: <87ps6ctv4h.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.95 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=-0.9 required=4.0 tests=AWL,BAYES_40, FORGED_RCVD_HELO autolearn=ham version=3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: simon@josefsson.org Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Torsten72 writes: > # loop-aes: AES-128 ... > 52428800 Bytes (52 MB) kopiert, 0,93555 Sekunden, 56,0 MB/s ... > # loop-aes: AES-256 ... > 52428800 Bytes (52 MB) kopiert, 0,953818 Sekunden, 55,0 MB/s ... > # dm-crypt: AES-128 ... > 52428800 Bytes (52 MB) kopiert, 0,554618 Sekunden, 94,5 MB/s ... > # dm-crypt: AES-256 ... > 52428800 Bytes (52 MB) kopiert, 0,560215 Sekunden, 93,6 MB/s Interesting results! Even if people generally seems to prefer dm-crypt over loop-aes, it is good to have statistics to back things up. > Can anybody tell me why the loop device is so slow even without encryption? > Compared to the openssl speed test the results for both loop-aes and > dm-crypt > don't look very good. Aren't you comparing apples and oranges here? OpenSSL doesn't read input from /dev/zero, nor does it write the output to a block device. If you want to compare things properly, try comparing just the encryption implementation of loop-aes/dm-crypt with that of OpenSSL. Don't forget to compare compiler optimization flags too. /Simon - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Apr 10 12:21:22 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbDTU-0002q9-Fu; Tue, 10 Apr 2007 12:21:20 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 10 Apr 2007 12:20:59 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HbDT1-0002ju-Co for linux-crypto@nl.linux.org; Tue, 10 Apr 2007 12:20:51 +0200 Received: (qmail invoked by alias); 10 Apr 2007 10:19:01 -0000 Received: from vpn16.mip.uni-hannover.de (EHLO [130.75.236.16]) [130.75.236.16] by mail.gmx.net (mp033) with SMTP; 10 Apr 2007 12:19:01 +0200 X-Authenticated: #5227436 X-Provags-ID: V01U2FsdGVkX18Aj98oOLEA8w4gn5fQ384EguDPaudGKmA5qdKPMS 76AkrRA6TxGwyz Message-ID: <461B649C.8020202@gmx.net> Date: Tue, 10 Apr 2007 12:19:08 +0200 From: Torsten72 User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Via Eden C7 padlock benchmarks References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> In-Reply-To: <87ps6ctv4h.fsf@mocca.josefsson.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: torsten.st@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Simon Josefsson wrote: > Aren't you comparing apples and oranges here? OpenSSL doesn't read > input from /dev/zero, nor does it write the output to a block device. > > I just did not expect such a big overhead for reading from / writing to block devices. The loop device with no encryption just passes through data but leads to a slowdown from 537 MB/s to 138 MB/s if set on top of the ramdisk. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Apr 10 13:09:57 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbEES-00042n-5B; Tue, 10 Apr 2007 13:09:52 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 10 Apr 2007 13:09:38 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HbEDl-0000Qv-0I for linux-crypto@nl.linux.org; Tue, 10 Apr 2007 13:09:09 +0200 Received: (qmail invoked by alias); 10 Apr 2007 11:07:18 -0000 Received: from p54BF903A.dip0.t-ipconnect.de (EHLO [192.168.1.3]) [84.191.144.58] by mail.gmx.net (mp050) with SMTP; 10 Apr 2007 13:07:18 +0200 X-Authenticated: #27770880 X-Provags-ID: V01U2FsdGVkX1/l5ad6fS3lAQxpJ04q6MTMn1oPk8VgNNQwexxLI6 a1q4KSeqxwpsBu Message-ID: <461B6FE4.3050505@gmx.net> Date: Tue, 10 Apr 2007 13:07:16 +0200 From: "S. Sakar" User-Agent: IceDove 1.5.0.10 (X11/20070329) MIME-Version: 1.0 To: Alon Bar-Lev CC: linux-crypto@nl.linux.org Subject: Re: loop-aes and busybox/initramfs-hook References: <461A7928.9060709@gmx.net> <9e0cf0bf0704091044s259c9d55y8e10f2c13ec3b2f7@mail.gmail.com> In-Reply-To: <9e0cf0bf0704091044s259c9d55y8e10f2c13ec3b2f7@mail.gmail.com> X-Enigmail-Version: 0.94.2.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: serkan.sakar@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Thanks. Using the gpghome parameter solved the problem. Now I can mount my sd-card and /. :-) Alon Bar-Lev schrieb: > Hello, > > I had no problem with this... > The gpg home can be set using -G argument to losetup or using > GNUPGHOME environment. > > You don't have to have any passwd shadow etc. > > You can refer to: > http://wiki.suspend2.net/EncryptedSwapAndRoot > > For a working environment. > > Best Regards, > Alon Bar-Lev > > On 4/9/07, S. Sakar wrote: >> hi, >> I'm trying to integrate loop-aes into my ramdisk, but when I type the >> password to unlock my gpgkey I get the error message >> "Unable to detect home directory for uid 0" due to this codesegment: >> >> if((getuid() == 0) && gpgHomeDir && gpgHomeDir[0]) { >> h = gpgHomeDir; >> } else { >> if(!(p = getpwuid(getuid()))) { >> fprintf(stderr, _("Error: Unable to detect home >> directory for uid >> %d\n"), (int)getuid()); >> return NULL; >> } >> h = p->pw_dir; >> } >> >> First, the login/password features were not build into busybox, so I put >> /etc/passwd , /etc/group, /etc/shadow, /etc/nsswitch.conf, /lib/libnss_* >> into the initrd, but same error message. >> Then i tried a busybox-binary with build-in login/password features, and >> again no success. >> I would be glad if someone could point me in the right direction. >> >> Regards, >> Serkan >> >> - >> Linux-crypto: cryptography in and on the Linux system >> Archive: http://mail.nl.linux.org/linux-crypto/ >> >> > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Apr 10 17:37:14 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbIP8-0008AW-PK; Tue, 10 Apr 2007 17:37:10 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 10 Apr 2007 17:36:45 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbIOT-0008A4-81 for linux-crypto@nl.linux.org; Tue, 10 Apr 2007 17:36:29 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id CCFF517B424; Tue, 10 Apr 2007 18:15:47 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85HbZxYKV+2v; Tue, 10 Apr 2007 18:15:41 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id B180717B431; Tue, 10 Apr 2007 18:15:41 +0300 (EEST) Message-ID: <461BAA1C.45D13A7C@users.sourceforge.net> Date: Tue, 10 Apr 2007 18:15:40 +0300 From: Jari Ruusu To: Simon Josefsson , Torsten72 Cc: linux-crypto@nl.linux.org Subject: Re: Via Eden C7 padlock benchmarks References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_20 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Simon Josefsson wrote: > Torsten72 writes: > > # loop-aes: AES-128 > ... > > 52428800 Bytes (52 MB) kopiert, 0,93555 Sekunden, 56,0 MB/s > ... > > # loop-aes: AES-256 > ... > > 52428800 Bytes (52 MB) kopiert, 0,953818 Sekunden, 55,0 MB/s > ... > > # dm-crypt: AES-128 > ... > > 52428800 Bytes (52 MB) kopiert, 0,554618 Sekunden, 94,5 MB/s > ... > > # dm-crypt: AES-256 > ... > > 52428800 Bytes (52 MB) kopiert, 0,560215 Sekunden, 93,6 MB/s > > Interesting results! Even if people generally seems to prefer > dm-crypt over loop-aes, it is good to have statistics to back things > up. Simon, Most people have not realized that loop-AES is using disk sector number and data dependent IV computation, where data needs to be processed twice. dm-crypt is taking a shortcut and using only disk sector number dependent IV that stays same regardless of the data. If adversary is able to observe disk read/write traffic, then dm-crypt leaks location of changed data. loop-AES does not, because all cipher blocks in 512 byte disk sector CBC chain change regardless of where plaintext data change is. In padlock enabled loop version, only that AES CBC processing is using hardware implementation. loop-AES IV computation (the other crypto processing of data) is always using software. So, in padlock enabled case, loop-AES vs. dm-crypt comparison is really software+hardware implementation vs. hardware implementation for those crypto bits. In other x86/amd64 cases, loop-AES vs. dm-crypt comparison is software+software implementation vs. software implementation. torsten.st@gmx.net, Could you check that the VIA C7 processor was properly detected by loop-AES code? If it was properly detected, then there should be "loop: padlock hardware AES enabled" message in your kernel log. You can check that using command "dmesg | grep loop" or "grep loop /var/log/messages". Padlock enabled loop includes both software AES and padlock AES implementations. If padlock detection fails, then code uses software AES implementation. I ask this because when loop-AES padlock code was written, I only had older VIA C3 processor programming manual. loop-AES code follows older VIA C3 padlock detection instructions. When C7 was new, a VIA representative promised me C7 programming manual, but I never got it. Pinged twice, no reply. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Apr 10 19:14:20 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbJv6-0008UG-P0; Tue, 10 Apr 2007 19:14:16 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 10 Apr 2007 19:13:56 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HbJua-0008Hg-5L for linux-crypto@nl.linux.org; Tue, 10 Apr 2007 19:13:44 +0200 Received: (qmail invoked by alias); 10 Apr 2007 17:11:53 -0000 Received: from e182122099.adsl.alicedsl.de (EHLO [10.11.12.86]) [85.182.122.99] by mail.gmx.net (mp053) with SMTP; 10 Apr 2007 19:11:53 +0200 X-Authenticated: #5227436 X-Provags-ID: V01U2FsdGVkX18JJqk8zAsJens0nV4G4xEdk1q9T4F0rxAArMbnK6 vwoijErfV1fXBE Message-ID: <461BC562.3070504@gmx.net> Date: Tue, 10 Apr 2007 19:12:02 +0200 From: Torsten72 User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Via Eden C7 padlock benchmarks References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> <461BAA1C.45D13A7C@users.sourceforge.net> In-Reply-To: <461BAA1C.45D13A7C@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_40 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: torsten.st@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu schrieb: > torsten.st@gmx.net, > > Could you check that the VIA C7 processor was properly detected by loop-AES > code? If it was properly detected, then there should be "loop: padlock > hardware AES enabled" message in your kernel log. You can check that using > command "dmesg | grep loop" or "grep loop /var/log/messages". Padlock > enabled loop includes both software AES and padlock AES implementations. If > padlock detection fails, then code uses software AES implementation. > > the kernel prints these lines: loop: padlock hardware AES enabled loop: AES key scrubbing enabled loop: loaded (max 8 devices) The C7 would not be able to achieve 55 MB/s with a software implementation. > > I ask this because when loop-AES padlock code was written, I only had older > VIA C3 processor programming manual. loop-AES code follows older VIA C3 > padlock detection instructions. When C7 was new, a VIA representative > promised me C7 programming manual, but I never got it. Pinged twice, no > reply. > But your padlock implementation obviously supports the new AES-256 mode of the C7, doesn't it? Could loop-AES IV computation also be done in padlock and speed things up? - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Apr 10 20:53:58 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbLTX-0003zK-U0; Tue, 10 Apr 2007 20:53:55 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 10 Apr 2007 20:53:23 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbLSq-0003z1-UA for linux-crypto@nl.linux.org; Tue, 10 Apr 2007 20:53:12 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id E4BC617B427; Tue, 10 Apr 2007 21:53:10 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zt+ai76tFrh6; Tue, 10 Apr 2007 21:53:05 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 5F16517B424; Tue, 10 Apr 2007 21:53:05 +0300 (EEST) Message-ID: <461BDD10.2B88E96C@users.sourceforge.net> Date: Tue, 10 Apr 2007 21:53:04 +0300 From: Jari Ruusu To: Torsten72 Cc: linux-crypto@nl.linux.org Subject: Re: Via Eden C7 padlock benchmarks References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> <461BAA1C.45D13A7C@users.sourceforge.net> <461BC562.3070504@gmx.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_20 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Torsten72 wrote: > the kernel prints these lines: > > loop: padlock hardware AES enabled > loop: AES key scrubbing enabled > loop: loaded (max 8 devices) Ok, it is properly detected. > But your padlock implementation obviously supports the new AES-256 mode > of the C7, doesn't it? If I remember correctly, VIA C3 (stepping 8) has a bug/flaw that prevents AES192 and AES256 hardware extended key generation, but that bug/flaw can be worked around by doing extended key generation using software. A bit in xcrypt instruction control word defines whether the instruction uses software precomputed extended key or whether it should do that key setup work at the time the instruction is executed. Precomputed extended key is of course faster because the xcrypt instruction can skip some time consuming work. loop-AES always uses software precomputed extended key, so that VIA C3 bug/flaw does not affect loop-AES in any way. Extended key precomputing is done only at losetup time, and does not affect run time performance. > Could loop-AES IV computation also be done in padlock and speed things up? VIA C3 does not have a instruction to do that. C7 specs I have not seen yet. If someone has distributable copy of VIA C7 programming specs, feel free to send a copy or download URL to me. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Apr 10 23:24:41 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HbNpP-0003QB-Iy; Tue, 10 Apr 2007 23:24:39 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 10 Apr 2007 23:24:13 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HbNop-0003EL-AX for linux-crypto@nl.linux.org; Tue, 10 Apr 2007 23:24:03 +0200 Received: (qmail invoked by alias); 10 Apr 2007 21:22:12 -0000 Received: from e182122099.adsl.alicedsl.de (EHLO [10.11.12.86]) [85.182.122.99] by mail.gmx.net (mp030) with SMTP; 10 Apr 2007 23:22:12 +0200 X-Authenticated: #5227436 X-Provags-ID: V01U2FsdGVkX1/Hil8QsxrHyqpTRek0K3GyWkjxJF/WcB1uMaLGHm ihuAN3cHMV1Awl Message-ID: <461C0000.5080605@gmx.net> Date: Tue, 10 Apr 2007 23:22:08 +0200 From: Torsten72 User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Via Eden C7 padlock benchmarks References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> <461BAA1C.45D13A7C@users.sourceforge.net> <461BC562.3070504@gmx.net> <461BDD10.2B88E96C@users.sourceforge.net> In-Reply-To: <461BDD10.2B88E96C@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Status: No, score=-0.3 required=5.0 tests=AWL,BAYES_50 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: torsten.st@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari Ruusu wrote: > VIA C3 does not have a instruction to do that. C7 specs I have not seen yet. > > If someone has distributable copy of VIA C7 programming specs, feel free to > send a copy or download URL to me Hi Jari, there is a via padlock sdk which is available at http://www.viaarena.com/Download/PadlockSDK_2.0.1_Release_20060803.zip If you have a look at the source perhaps you will know how to use the new instructions. see page 19 of the following file for a comparison of C3 and C7 features http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/VIAPadLockSecurityEngine.pdf - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Apr 12 07:33:29 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Hbrvw-0001kn-97; Thu, 12 Apr 2007 07:33:24 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 12 Apr 2007 07:32:41 +0200 (CEST) Received: from f4.2c.5546.static.theplanet.com ([70.85.44.244] helo=hutch.vintagehost.net) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Hbrv5-0001jy-AM for linux-crypto@nl.linux.org; Thu, 12 Apr 2007 07:32:31 +0200 Received: from nobody by hutch.vintagehost.net with local (Exim 4.63) (envelope-from ) id 1HbpCt-0000so-9e for linux-crypto@nl.linux.org; Wed, 11 Apr 2007 21:38:43 -0500 To: linux-crypto@nl.linux.org Subject: Advertising MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 To: From: troy@3dgirlz.com Message-Id: Date: Wed, 11 Apr 2007 21:38:43 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - hutch.vintagehost.net X-AntiAbuse: Original Domain - nl.linux.org X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12] X-AntiAbuse: Sender Address Domain - hutch.vintagehost.net X-Source: X-Source-Args: X-Source-Dir: Received-SPF: X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=1.8 required=5.0 tests=BAYES_60,HTML_00_10, HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,NO_REAL_NAME autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: troy@3dgirlz.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi there, I would like to advertise our product www.3dgirlz.com on your website. Do you have anything available? Our product is converting really well, and I would like to either do this on an affiliate basis or pay flat fee. Our affiliate page can be found here: http://www.3dgirlz.com/3dgirlzcash.html If you would like to see the game first before making a decision, let me know and i will send you a link so you download the full version. Regards, Troy troy@3dgirlz.com www.3dgirlz.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Apr 12 20:39:28 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Hc4Cd-0008VG-8q; Thu, 12 Apr 2007 20:39:27 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 12 Apr 2007 20:39:00 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Hc4By-0008N6-Fv for linux-crypto@nl.linux.org; Thu, 12 Apr 2007 20:38:46 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id E4EA717B422; Thu, 12 Apr 2007 21:38:39 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GxoM9VwwGodv; Thu, 12 Apr 2007 21:38:34 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 5744417B42F; Thu, 12 Apr 2007 21:38:34 +0300 (EEST) Message-ID: <461E7CA9.CB533A9@users.sourceforge.net> Date: Thu, 12 Apr 2007 21:38:33 +0300 From: Jari Ruusu To: Torsten72 Cc: linux-crypto@nl.linux.org Subject: Re: Via Eden C7 padlock benchmarks References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> <461BAA1C.45D13A7C@users.sourceforge.net> <461BC562.3070504@gmx.net> <461BDD10.2B88E96C@users.sourceforge.net> <461C0000.5080605@gmx.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_40 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Torsten72 wrote: > there is a via padlock sdk which is available at > http://www.viaarena.com/Download/PadlockSDK_2.0.1_Release_20060803.zip > If you have a look at the source perhaps you will know how to use the > new instructions. Some information can be extracted from source code, but important information that is still missing about SHA1 and SHA256 hashes: - What processor flags are modified and how. - What processor registers are modified and how. - Description of all opcode bits. Example source uses constant opcode bytes, but no info is available about what each bit means. - What opcodes to use when data to hash is not contiguous. In loop-AES kernel driver code, input data to hash is in three non-contiguous chunks. - Description of how context switching is handled. - What exceptions occur under what conditions. VIA supplied example source code is for userland use, and is not suitable for kernel driver use. First source file that I looked at was src/padlock_sha.c and I spotted a showstopper bug in less than 10 seconds of reading (malloc without checking return value). Kernel driver use of SHA1 and SHA256 would need new interface code to be written, and above mentioned missing info must be available before that can be done. > see page 19 of the following file for a comparison of C3 and C7 features > http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/VIAPadLockSecurityEngine.pdf That PDF is just marketing propaganda. Features mentioned, but no info about how to bit-bang the device. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Apr 12 21:00:04 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Hc4WY-0001ox-7h; Thu, 12 Apr 2007 21:00:02 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 12 Apr 2007 20:59:48 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1Hc4WA-0001jA-Cd for linux-crypto@nl.linux.org; Thu, 12 Apr 2007 20:59:38 +0200 Received: (qmail 10453 invoked by uid 0); 12 Apr 2007 18:57:47 -0000 Received: from 84.175.74.165 by www023.gmx.net with HTTP; Thu, 12 Apr 2007 20:57:47 +0200 (CEST) Cc: linux-crypto@nl.linux.org Content-Type: text/plain; charset="iso-8859-1" Date: Thu, 12 Apr 2007 20:57:47 +0200 From: Peter_22@gmx.de In-Reply-To: <461E7CA9.CB533A9@users.sourceforge.net> Message-ID: <20070412185747.58780@gmx.net> MIME-Version: 1.0 References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> <461BAA1C.45D13A7C@users.sourceforge.net> <461BC562.3070504@gmx.net> <461BDD10.2B88E96C@users.sourceforge.net> <461C0000.5080605@gmx.net> <461E7CA9.CB533A9@users.sourceforge.net> Subject: Re: Via Eden C7 padlock benchmarks To: Jari Ruusu , torsten.st@gmx.net X-Authenticated: #5663700 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 X-Provags-ID: V01U2FsdGVkX19wI60JRg9wM+vvZziJ2sh65qOG2bnC15uOPXeH6Q X8k3KYGcLpTJWauB+GkB4P4Mwu2U6RTUTDsA== Content-Transfer-Encoding: 8bit X-GMX-UID: GrM4bt+xLi50A/xPPGtp1axrZml1ZBhK Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello! To be honest I wonder why you pay so much attention to a processor from VIA. As far as I remember their processors are cheap and found in a few notebooks only. Documentation from VIA marked that their C7 padlock provides hardware aes support faster than current Intel processors. I still suppose my AMD64 and loop-aes remain the best choice, don´t they? Regards Peter -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Apr 20 15:44:27 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HetPS-00014G-5n; Fri, 20 Apr 2007 15:44:22 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 20 Apr 2007 15:43:27 +0200 (CEST) Received: from qb-out-0506.google.com ([72.14.204.239]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HetNs-0000wt-Oy for linux-crypto@nl.linux.org; Fri, 20 Apr 2007 15:42:44 +0200 Received: by qb-out-0506.google.com with SMTP id o21so2010263qba for ; Fri, 20 Apr 2007 06:41:19 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:subject:mime-version:content-type:x-google-sender-auth; b=BiMSHcJwxxuT+hb/pPsx5U9AVq5a958vyP4zwzg3+Tjwxzr0DYbBioImPfcEK3yI6bsuZC10Wi7D6BkW9Eutui0xuO1B6/ssK9Q35ECzAApH9QBiYjro/7L2swfpL9mk66+wG+mtcGxKTlt+1dsJpleITmrG7Pn7Huc3CzASoNM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:subject:mime-version:content-type:x-google-sender-auth; b=n7kc9NfbPRY4JY0bW39gmWrxb4m4CJa7/W4oAP5jCRkVOufYA5lZVTKTSrNKa8vzLVTR/PnvNZEiS0Wr/qsbvzY3K2Eaxrm/lrguUjncryA7egV/OUB+fXscLp99D/x1QFshNfaI78QrhA3BZrXbWDD0mAQU9zt3sALYDHVzRBs= Received: by 10.114.153.18 with SMTP id a18mr126052wae.1177075614235; Fri, 20 Apr 2007 06:26:54 -0700 (PDT) Received: by 10.114.240.20 with HTTP; Fri, 20 Apr 2007 06:26:54 -0700 (PDT) Message-ID: <6313f9890704200626n2f51dbc1v9534c1a00adb5480@mail.gmail.com> Date: Fri, 20 Apr 2007 14:26:54 +0100 From: "edward nkanga" Subject: ASSISTANCE MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_54794_1203805.1177075614054" X-Google-Sender-Auth: 0a1481d531cb94c5 Bcc: Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=4.5 required=5.0 tests=ALL_TRUSTED,BAYES_50, HTML_00_10,HTML_MESSAGE,MILLION_USD,MISSING_HEADERS,NIGERIAN_BODY1, RCVD_BY_IP,US_DOLLARS_3 autolearn=no version=3.0.1 X-Spam-Level: **** X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: edwardnkanga@yahoo.fr Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto ------=_Part_54794_1203805.1177075614054 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Compliments Before I introduce myself, I wish to inform you that this letter is not a hoax mail and I urge you to treat it serious. We want to transfer to an oversea account ($16,700.000.00 USD) Sixteen Million Seven Hundred Thousand United States Dollars) from one of the banks located in Euroupe. I want to ask you, If you are not capable to quietly look for a reliable and honest person who will be capable and fit to provide either an existing bank account or to set up a new Bank a/c immediately to receive this money, even an empty a/c can serve to receive this money, as long as you will remain honest to me till the end of this important business ,I am trusting in you and believing in God that you will never let me down either now or in future. I am mr Edward Nkanga a personal assiatant to late Andreas Schranner. During the course of his bank's last week auditing,it was discovered that since his death no one has come forward to lay claim to this funds.So the bank issued me a memo to provide his next of kin or forfeith the funds. This account was opened with the bank in 1999 and since 2000 nobody has operated on this account again, after going through some old files in my records,I discovered that my late client died without a [Heir/WILL] hence the money is floating and if I do not remit this money out urgently it will be forfeited for nothing. The owner of this account Mr. Andreas Schranner a German property magnate who unfortunately lost his life in the plane crash of AF4590 German Concorde which crahsed on July 25th 2000,including his family leaving nobody as next of kin. No other person knows about this account or any thing concerning it,the account has no other beneficiary and my investigation proved to me as well that the account is a secret account. The total amount involved is Sixteen million Seven Hundred Thousand United States Dollars only [$16,700.000.00] and we wish to transfer this money into a safe foreigners account abroad. But I don't know any foreigner, I am only contacting you as a foreigner because this money can not be approved to a local person here, but to a foreigner who has information about the account, which I shall give to you upon your positive response. I am revealing this to you with believe in God that you will never let me down in this business, you are the first and the only person that I am contacting for this business, so please reply urgently so that I will inform you the next step to take urgently. At the conclusion of this businesas, you will be given 25% of the total amount,70% will be for us, while 5% will be for expenses both parties might have incurred during the process of transferring. I look forward to your earliest reply through my yahoo email ( edwardnkanga@yahoo.fr) PLEASE TREAT THIS PROPOSAL AS TOP SECRET. Best Regards, Edward Nkanga. ------=_Part_54794_1203805.1177075614054 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline

Compliments
Before I introduce myself, I wish to inform you that this letter is not a hoax mail and I urge you to treat it serious. We want to transfer to an oversea account ($16,700.000.00 USD) Sixteen Million Seven Hundred Thousand United States Dollars) from one of the banks located in Euroupe. I want to ask you, If you are not capable to quietly look for a reliable and honest person who will be capable and fit to provide either an existing bank account or to set up a new Bank a/c immediately to receive this money, even an empty a/c can serve to receive this money, as long as you will remain honest to me till the end of this important business ,I am trusting in you and believing in God that you will never let me down either now or in future.
 
I am mr Edward Nkanga a personal assiatant to late Andreas Schranner. During the course of his bank's last week auditing,it was discovered that since his death no one has come forward to lay claim to this funds.So the bank issued me a memo to provide his next of kin or forfeith the funds. This account was opened with the bank in 1999 and since 2000 nobody has operated on this account again, after going through some old files in my records,I discovered that my late client  died without a [Heir/WILL] hence the money is floating and if I do not remit this money out urgently it will be forfeited for nothing.
 
The owner of this account Mr. Andreas Schranner a German property magnate who unfortunately lost his life in the plane crash of AF4590 German Concorde which crahsed on July 25th 2000,including his family leaving nobody as next of kin.

No other person knows about this account or any thing concerning it,the account has no other beneficiary and my investigation proved to me as well that the account is a secret account.

The total amount involved is Sixteen million Seven Hundred Thousand United States Dollars only [$16,700.000.00] and we wish to transfer this money into a safe foreigners account abroad. But I don't know any foreigner, I am only contacting you as a foreigner because this money can not be approved to a local person here, but to a foreigner who has information about the account, which I shall give to you upon your positive response. I am revealing this to you with believe in God that you will never let me down in this business, you are the first and the only person that I am contacting for this business, so please reply urgently so that I will inform you the next step to take urgently.
At the conclusion of this businesas, you will be given 25% of the total amount,70% will be for us, while 5% will be for expenses both parties might have incurred during the process of transferring. I look forward to your earliest reply through my yahoo email ( edwardnkanga@yahoo.fr)  PLEASE  TREAT THIS PROPOSAL
AS TOP SECRET. 
 
Best Regards,
Edward Nkanga.

 

------=_Part_54794_1203805.1177075614054-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Apr 20 23:28:20 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Hf0eO-0006Yk-2P; Fri, 20 Apr 2007 23:28:16 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 20 Apr 2007 23:27:48 +0200 (CEST) Received: from qb-out-0506.google.com ([72.14.204.232]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1Hf0dj-0006Vc-6V for linux-crypto@nl.linux.org; Fri, 20 Apr 2007 23:27:35 +0200 Received: by qb-out-0506.google.com with SMTP id o21so2276429qba for ; Fri, 20 Apr 2007 14:26:11 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=W7fyIo8ZWJe0E1hQdwZBrc+t6neLllJ+GU8j6Hg8IJAA41q9p2lHxgT8ANJxGcgPseVxlaFCbbm0UfIvihIZEvwgPdAD3aWGjras3nz1Ha4mZJcou+LVYo6cy62rItcr1Tpr6A3ngV02y0bZCvPpq/QqX9KXmw9pO0sY+l8lXp4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=A+UG30qpS9ePo/AlAzv1CLbKqQTDmcSeWkIjLGQhqpChfoJO6hsVZRkKlCoHbN1WwnPDhFgCkuJ2pt2u50LVcbuLQNlYrXMwX/BWUZNk5tezSse9uIgGdHkdLFpnTwedzgiU9TPQK+sQVy14gMLJ1tQemdu4Cqev8cx6jN2eFZg= Received: by 10.35.110.13 with SMTP id n13mr5632592pym.1177104344415; Fri, 20 Apr 2007 14:25:44 -0700 (PDT) Received: by 10.35.38.1 with HTTP; Fri, 20 Apr 2007 14:25:43 -0700 (PDT) Message-ID: <20f036a20704201425jba8a79dvf19f7d4a05a125dd@mail.gmail.com> Date: Fri, 20 Apr 2007 23:25:43 +0200 From: "Sonia Benson" Subject: I have transfer the funds MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Bcc: Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_50, MISSING_HEADERS,RCVD_BY_IP,UPPERCASE_75_100 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: benson.sonia4@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto GOOD DAY MY DEAR, COMPLIMENTS OF THE DAY AND GOD'S BLESSINGS.I AM GLAD TO INFORM YOU THAT I HAVE SUCCESSFULLY CONCLUDED THE TRANSACTION, THE MONEY WAS TRANSFERRED TO USA. IT IS DONE THROUGH THE ASSISTANT OF YOUR COUNTRY MAN DR.ZAFAR MOHAMAD WHO IS A US BASE BUSINESS MAN. CURRENTLY I AM IN USA WITH MY CHILDREN. HOWEVER, I DID NOT FORGET YOU BECAUSE YOU ARE THE SOURCE OF MY SUCCESS THOUGH YOU ARE NOT THERE TO COMPLETE THIS PROJECT WITH ME BUT I GAVE ALL THE CREDIT AND THANKS TO YOU. I KNOW IT IS NOT YOUR FAULT RATHER YOUR WISH TO BACK UP ON THE TRANSACTION, I UNDERSTAND IT WAS SIMPLY BECAUSE OF WHAT YOU MUST HAVE HEARD ABOUT AFRICA. ACTUALLY THERE ARE STILL GOOD ONES FOR EXAMPLE MYSELF. IN APPRECIATE OF YOUR ASSISTANCE I HAVE MAPPED OUT AS A COMPENSATION OF $700.000(SEVEN HUNDRED THOUSAND UNITED STATES DOLLARS ONLY) I LEFT THE MONEY WITH MY ATTORNEY SIR. MALICK DIOP ON MY DEPARTURE TO USA. I WOULD LIKE YOU THEREFORE,TO CONTACT HIM ON THE BELOW INFO SO THAT HE CAN SEND YOUR MONEY. MALICK DIOP (SIR) E-MAIL : malick1950@yahoo.co.uk I WOULD HAVE LOVE TO CALL YOU FROM USA WHERE I CURRENTLY RESIDE BUT DUE TO THE RECENT KILLING IN CAMPUS MR.ZAFAR ADVICE ME NOT TO CALL BECAUSE ALL INTERNATONAL CALLS ARE BEING MONITORED BY THE US AUTHORITY. CONTACT MY ATTORNEY SO THAT HE CAN RELEASE YOUR MONEY TO YOU. I WILL STOP HERE. ONCE AGAIN, THANK YOU VERY MUCH AND REMAIN BLESSED. REGARDS, MRS SONIA BENSON. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 21 10:01:50 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfAXR-0006rz-K2; Sat, 21 Apr 2007 10:01:45 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 21 Apr 2007 10:01:16 +0200 (CEST) Received: from w254232.ppp.asahi-net.or.jp ([121.1.254.232] helo=mail.kartworks.com) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfAWl-0006ZO-8o for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 10:01:03 +0200 Received: by mail.kartworks.com (Postfix, from userid 33) id 9DC237D771; Sat, 21 Apr 2007 15:59:32 +0900 (JST) To: linux-crypto@nl.linux.org Subject: JOB OFFER!!!( REPRESENTATIVE NEEDED) From: Wujiang Wanlida Textile Co.Ltd. Reply-To: shao_cheng_textile001@yahoo.com.cn MIME-Version: 1.0 Content-Type: text/plain Message-Id: <20070421065932.9DC237D771@mail.kartworks.com> Date: Sat, 21 Apr 2007 15:59:32 +0900 (JST) Content-Transfer-Encoding: quoted-printable Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=4.1 required=5.0 tests=ALL_TRUSTED,BAYES_99, DEAR_SOMETHING,FROM_HAS_ULINE_NUMS,PLING_PLING,SUBJ_ALL_CAPS autolearn=no version=3.0.1 X-Spam-Level: **** X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: shao_cheng_textile001@yahoo.com.cn Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto =0D Dear Sir/Madam, =0D =0D I am Mr. Shao Cheng, It is my pleasure to write you in respect of our Com= pany, Wujiang Wanlida Textile Co. Ltd. =0D Based No.6 The Third District Nanshan Road, Shengze, Wujiang City, Jiangs= u Province. China. We are experts in the sale of Textile materials; we ex= port into the Canada/America and parts Europe. =0D =0D We are searching for representatives who can help us establish a medium o= f getting our funds from our costumers in these areas as well as making p= ayments through you to us. =0D =0D Please if interested in transacting business in view helping us, so our c= lients could make payment to you being a representative for us we will be= very glad and compensations will be given and as well as other benefits.= =0D Subject to your satisfaction you will be given the opportunity to negotia= te your mode of which we will pay for your services as our representative= /agent in Canada, America, and Europe. =0D =0D If interested forward information below to us =0D =0D 1.FULL NAMES: =0D =0D 2.RESIDENTIAL ADDRESS:=0D =0D 3.PHONE NUMBER: =0D =0D 4.FAX NUMBER(IF ANY): =0D =0D 5.OCCUPATION : =0D =0D 6.COMPANY NAME: =0D =0D To this email:shao_cheng_textile001@yahoo.com.cn =0D Note that no form of payment will be requested upfront in this endeavor.O= n our receipt of the above details we shall forward to our customer/clien= ts to immediately contact you with the mode of payment. =0D =0D Thanks in advance, =0D =0D Mr. Shao Cheng.=0D Company Director.=0D =0D =0D - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 21 10:25:10 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfAYo-0006zc-5b; Sat, 21 Apr 2007 10:03:10 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 21 Apr 2007 10:03:05 +0200 (CEST) Received: from w254232.ppp.asahi-net.or.jp ([121.1.254.232] helo=mail.kartworks.com) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfAYK-0006lN-29 for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 10:02:40 +0200 Received: by mail.kartworks.com (Postfix, from userid 33) id 6A1287B130; Sat, 21 Apr 2007 15:43:16 +0900 (JST) To: linux-crypto@nl.linux.org Subject: JOB OFFER!!!( REPRESENTATIVE NEEDED) From: Wujiang Wanlida Textile Co.Ltd. Reply-To: shao_cheng_textile001@yahoo.com.cn MIME-Version: 1.0 Content-Type: text/plain Message-Id: <20070421064316.6A1287B130@mail.kartworks.com> Date: Sat, 21 Apr 2007 15:43:16 +0900 (JST) Content-Transfer-Encoding: quoted-printable Received-SPF: X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=4.1 required=5.0 tests=ALL_TRUSTED,BAYES_99, DEAR_SOMETHING,FROM_HAS_ULINE_NUMS,PLING_PLING,SUBJ_ALL_CAPS autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: shao_cheng_textile001@yahoo.com.cn Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto =0D Dear Sir/Madam, =0D =0D I am Mr. Shao Cheng, It is my pleasure to write you in respect of our Com= pany, Wujiang Wanlida Textile Co. Ltd. =0D Based No.6 The Third District Nanshan Road, Shengze, Wujiang City, Jiangs= u Province. China. We are experts in the sale of Textile materials; we ex= port into the Canada/America and parts Europe. =0D =0D We are searching for representatives who can help us establish a medium o= f getting our funds from our costumers in these areas as well as making p= ayments through you to us. =0D =0D Please if interested in transacting business in view helping us, so our c= lients could make payment to you being a representative for us we will be= very glad and compensations will be given and as well as other benefits.= =0D Subject to your satisfaction you will be given the opportunity to negotia= te your mode of which we will pay for your services as our representative= /agent in Canada, America, and Europe. =0D =0D If interested forward information below to us =0D =0D 1.FULL NAMES: =0D =0D 2.RESIDENTIAL ADDRESS:=0D =0D 3.PHONE NUMBER: =0D =0D 4.FAX NUMBER(IF ANY): =0D =0D 5.OCCUPATION : =0D =0D 6.COMPANY NAME: =0D =0D To this email:shao_cheng_textile001@yahoo.com.cn =0D Note that no form of payment will be requested upfront in this endeavor.O= n our receipt of the above details we shall forward to our customer/clien= ts to immediately contact you with the mode of payment. =0D =0D Thanks in advance, =0D =0D Mr. Shao Cheng.=0D Company Director.=0D =0D =0D - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 21 18:15:54 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfIF8-00080R-6d; Sat, 21 Apr 2007 18:15:22 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 21 Apr 2007 18:14:39 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HfIEF-0007q3-9i for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 18:14:27 +0200 Received: (qmail 27915 invoked by uid 0); 21 Apr 2007 16:05:55 -0000 Received: from 84.175.5.148 by www050.gmx.net with HTTP; Sat, 21 Apr 2007 18:05:55 +0200 (CEST) Cc: linux-crypto@nl.linux.org Content-Type: text/plain; charset="us-ascii" Date: Sat, 21 Apr 2007 18:05:55 +0200 From: Peter_22@gmx.de In-Reply-To: <461E7CA9.CB533A9@users.sourceforge.net> Message-ID: <20070421160555.263240@gmx.net> MIME-Version: 1.0 References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> <461BAA1C.45D13A7C@users.sourceforge.net> <461BC562.3070504@gmx.net> <461BDD10.2B88E96C@users.sourceforge.net> <461C0000.5080605@gmx.net> <461E7CA9.CB533A9@users.sourceforge.net> Subject: loop-aes on MIPS DSL Router To: Jari Ruusu X-Authenticated: #5663700 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 X-Provags-ID: V01U2FsdGVkX18kJdIB3k8kUSESebqi8xpDU4/v80B9mXRzuhEmZQ I3QrHuO+sM0N9W0P3Q9o8IiFhiBlz3lcQGJQ== Content-Transfer-Encoding: 7bit X-GMX-UID: DVtIEpNGbXB+QLEZZDQ21IciLyUmZYg0 Received-SPF: X-Spam-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi all! Since popular DSL Modems/Routers run some kind of Linux on a 32bit MIPS processor I ask myself if loop-aes source can be compiled for this platform as well. Someone claimed on his website http://nanl.de/blog/html/loop-aes-lauft-nun-auch-auf-der-nslu2.html to run loop-aes on a network storage link device. A popular DSL modem is the 7170 model from AVM http://www.avm.de/, an integrated DSL modem and WLAN router with 32MB ram and 8MB flash memory. This model can also handle attached hard disk drives via USB. Concerning processing power it offers a MIPS with about 200 MHz clock speed. So, can the loop-aes source package be compiled for MIPS or is this a bad idea? Hopefully my questions make sense to someone here. Kind regards, Peter -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 21 19:45:03 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfJds-0001uT-IX; Sat, 21 Apr 2007 19:45:00 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 21 Apr 2007 19:44:37 +0200 (CEST) Received: from smtp005.mail.ukl.yahoo.com ([217.12.11.36]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HfJdM-0001tt-0M for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 19:44:28 +0200 Received: (qmail 84134 invoked from network); 21 Apr 2007 17:37:16 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:From:Organization:To:Subject:Date:User-Agent:References:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Disposition:Message-Id; b=zF2Jmzdbbnz64UEt42it0uZqJ7ZP1hbgQChKqmhfT0ztoM19ueKTe1BcqlqDnJTYQj1sNpnrdy2fpr6hRX1JK5OPkNOTdPyTFAbQ0zRY7kxE37/eg3rsabDmz7lgF8Rm1xfwYtyMPLv6XG7pd2RRHR1fwz7wEp9lpWlYFkVjvg8= ; Received: from unknown (HELO cantoris) (molletts@62.49.26.143 with plain) by smtp005.mail.ukl.yahoo.com with SMTP; 21 Apr 2007 17:37:16 -0000 X-YMail-OSG: DkmW2FwVM1mMvUudqTzU75yCMwnnDvZDPhfQkgGaatdBX5wkssJyZKpTWJiGJaiQTUO4gc48i_BmPiHUejTvmsp8abfxtt6PookgLXke6ZYA4SD9 From: Stephen Mollett Organization: Organisation? What's that? To: linux-crypto@nl.linux.org Subject: Re: loop-aes on MIPS DSL Router Date: Sat, 21 Apr 2007 18:37:15 +0100 User-Agent: KMail/1.9.6 References: <461A9DCF.1040503@gmx.net> <461E7CA9.CB533A9@users.sourceforge.net> <20070421160555.263240@gmx.net> In-Reply-To: <20070421160555.263240@gmx.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200704211837.15283.molletts@yahoo.com> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: molletts@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto On Saturday 21 Apr 2007, Peter_22@gmx.de wrote: > Since popular DSL Modems/Routers run some kind of Linux on a 32bit MIPS > processor I ask myself if loop-aes source can be compiled for this platform > as well. ... You might want to take a look at www.openwrt.org - open-source firmware for router-type devices. The AVM 7170 is listed as "untested", so you'd be on your own (apart from any OpenWRT mailing-lists/fora) and on the bleeding-edge if you tried installing OpenWRT on it. It's got loads of RAM and flash, though, compared to many other routers. Alternatively, you might be able to upload loop-aes kernel modules and userspace stuff to an unmodified one via some kind of debugging interface (for example, the Netgear DG834G can be accessed by telnet to get a shell prompt which can then be used to upload files). It's worth a try and, as long as you don't try installing OpenWRT, I can't see that you could do it any harm. Happy hacking! Stephen - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 21 20:40:16 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfKVK-00016u-KT; Sat, 21 Apr 2007 20:40:14 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 21 Apr 2007 20:39:58 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HfKUt-00012J-Nh for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 20:39:47 +0200 Received: (qmail 21774 invoked by uid 0); 21 Apr 2007 18:37:57 -0000 Received: from 84.175.5.148 by www030.gmx.net with HTTP; Sat, 21 Apr 2007 20:37:57 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" Date: Sat, 21 Apr 2007 20:37:57 +0200 From: Peter_22@gmx.de In-Reply-To: <200704211837.15283.molletts@yahoo.com> Message-ID: <20070421183757.20510@gmx.net> MIME-Version: 1.0 References: <461A9DCF.1040503@gmx.net> <461E7CA9.CB533A9@users.sourceforge.net> <20070421160555.263240@gmx.net> <200704211837.15283.molletts@yahoo.com> Subject: Re: loop-aes on MIPS DSL Router To: Stephen Mollett , linux-crypto@nl.linux.org X-Authenticated: #5663700 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 X-Provags-ID: V01U2FsdGVkX1+CMUpFaHmC0VH+9gOpAEYqLjkw4vrQRZ2Lnfc99l bzcjCRja8Jg7hsSar6/iqX69xNZcli95wF2g== Content-Transfer-Encoding: 7bit X-GMX-UID: MmIcdzE7YmYBY+JcM3c3+2BCWkZTQRRi Received-SPF: X-Spam-Status: No, score=-1.0 required=5.0 tests=AWL,BAYES_40,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto >Stephen Mollett wrote: > You might want to take a look at www.openwrt.org - open-source firmware > for > router-type devices. The AVM 7170 is listed as "untested", so you'd be on > your own (apart from any OpenWRT mailing-lists/fora) and on the > bleeding-edge > if you tried installing OpenWRT on it. It's got loads of RAM and flash, > though, compared to many other routers. Thanks for this first advice! http://openwrt.org/ looks promising indeed. There seem to be two approaches. First, installing so-called Mods to an untampered firmware. The site http://wiki.ip-phone-forum.de/software:ds-mod:start offers a Mod called Danisahne with some userspace programs, but no encryption module. Second approach would be a cross compiler for MIPS which means changing the firmware image and integrating loop-aes as module or into kernel. Anyway, my question whether or not the existing loop-aes code can be compiled for MIPS remains. None of the sites offers an encrypting solution. Thanks for all hints and you interest. Best regards, Peter -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 21 21:05:39 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfKtt-0006bC-Mb; Sat, 21 Apr 2007 21:05:37 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 21 Apr 2007 21:05:15 +0200 (CEST) Received: from isis45.plusserver.de ([217.172.174.164]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfKt4-0005hZ-K0 for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 21:04:46 +0200 Received: from 89-186-138-187.dynamic.primacom.net ([89.186.138.187] helo=hunapu) by isis45.plusserver.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1HfK1s-0002x0-Vz for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 20:09:49 +0200 Date: Sat, 21 Apr 2007 20:11:33 +0200 From: Georg Lukas To: linux-crypto@nl.linux.org Subject: Re: loop-aes on MIPS DSL Router Message-ID: <20070421181133.GZ3882@op-co.de> Mail-Followup-To: linux-crypto@nl.linux.org References: <461A9DCF.1040503@gmx.net> <87ps6ctv4h.fsf@mocca.josefsson.org> <461BAA1C.45D13A7C@users.sourceforge.net> <461BC562.3070504@gmx.net> <461BDD10.2B88E96C@users.sourceforge.net> <461C0000.5080605@gmx.net> <461E7CA9.CB533A9@users.sourceforge.net> <20070421160555.263240@gmx.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20070421160555.263240@gmx.net> Organization: Path-E-Tech Management X-Accepted-Language: de,en,ru User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: georg@boerde.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello, * Peter_22@gmx.de [2007-04-21 18:27]: > Since popular DSL Modems/Routers run some kind of Linux on a 32bit > MIPS processor I ask myself if loop-aes source can be compiled for > this platform as well. Someone claimed on his website > http://nanl.de/blog/html/loop-aes-lauft-nun-auch-auf-der-nslu2.html to > run loop-aes on a network storage link device. There is no reason why it should not work, there is also a report and benchmark of loop-AES on openwrt: http://nanl.de/blog/html/es-ist-getan-loopaes-lauft-auf-openwrt.html (100mb in 5m 32s means a speed of ca. 300kbyte/s, far away from a regular PC) > A popular DSL modem is > the 7170 model from AVM http://www.avm.de/, an integrated DSL modem > and WLAN router with 32MB ram and 8MB flash memory. This model can > also handle attached hard disk drives via USB. Concerning processing > power it offers a MIPS with about 200 MHz clock speed. So, can the > loop-aes source package be compiled for MIPS or is this a bad idea? > Hopefully my questions make sense to someone here. You can look for the different fritz!box modding projects to get a compiler and maybe the kernel sources. The last time I opened a fritz!box, it had a 150MHz CPU, which would even further reduce the possible throughput. Some embedded routers (e.g. the Netgear WGT634U) also offer an embedded crypto core based on the Sentry 5 (BCM55xx?) chipset - this probably would highly improve loop-aes speed, but there is no driver available as of yet. Kind regards, Georg Lukas -- || http://op-co.de ++ GCS/CM d? s: a-- C+++ UL+++ !P L+++ E--- W++ ++ || gpg: 0x962FD2DE || N++ o? K- w---() O M V? PS+ PE-- Y+ PGP++ t* || || Ge0rG: euIRCnet || 5 X+ R tv b+(+++) DI+(+++) D+ G e* h! r* !y+ || ++ IRCnet OFTC OPN ||________________________________________________|| - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 21 21:13:06 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfKuP-00008h-NL; Sat, 21 Apr 2007 21:06:09 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 21 Apr 2007 21:06:03 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1HfKtx-00030E-9O for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 21:05:41 +0200 Received: (qmail invoked by alias); 21 Apr 2007 19:03:49 -0000 Received: from p54BF9ED7.dip0.t-ipconnect.de (EHLO [192.168.1.3]) [84.191.158.215] by mail.gmx.net (mp055) with SMTP; 21 Apr 2007 21:03:49 +0200 X-Authenticated: #27770880 X-Provags-ID: V01U2FsdGVkX1/KU/FouILKy8f59IhmhdQK5lX3cThmCvK4rq/veu yDclxjjpup8O+u Message-ID: <462A6014.1080006@gmx.net> Date: Sat, 21 Apr 2007 21:03:48 +0200 From: "S. Sakar" User-Agent: IceDove 1.5.0.10 (X11/20070329) MIME-Version: 1.0 To: Peter_22@gmx.de CC: Stephen Mollett , linux-crypto@nl.linux.org Subject: Re: loop-aes on MIPS DSL Router References: <461A9DCF.1040503@gmx.net> <461E7CA9.CB533A9@users.sourceforge.net> <20070421160555.263240@gmx.net> <200704211837.15283.molletts@yahoo.com> <20070421183757.20510@gmx.net> In-Reply-To: <20070421183757.20510@gmx.net> X-Enigmail-Version: 0.94.2.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_05 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: serkan.sakar@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Peter_22@gmx.de schrieb: >> Stephen Mollett wrote: >> You might want to take a look at www.openwrt.org - open-source firmware >> for >> router-type devices. The AVM 7170 is listed as "untested", so you'd be on >> your own (apart from any OpenWRT mailing-lists/fora) and on the >> bleeding-edge >> if you tried installing OpenWRT on it. It's got loads of RAM and flash, >> though, compared to many other routers. > > Thanks for this first advice! http://openwrt.org/ looks promising indeed. There seem to be two approaches. First, installing so-called Mods to an untampered firmware. The site http://wiki.ip-phone-forum.de/software:ds-mod:start offers a Mod called Danisahne with some userspace programs, but no encryption module. Second approach would be a cross compiler for MIPS which means changing the firmware image and integrating loop-aes as module or into kernel. > Anyway, my question whether or not the existing loop-aes code can be compiled for MIPS remains. None of the sites offers an encrypting solution. > > Thanks for all hints and you interest. > > Best regards, > Peter according to this german tutorial http://nanl.de/tuts/hdd-encryption_openvpn.pdf loop-aes is working on openwrt. aespipe for file encryption is also working. the openwrt build environment makes it really easy to build your own packages / firmware and with wlan-routers like the wl-500gP you also have usb-support. Regards, Serkan - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Apr 21 21:31:54 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfLJI-0001Oa-Vm; Sat, 21 Apr 2007 21:31:53 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 21 Apr 2007 21:31:39 +0200 (CEST) Received: from mta-1.ms.rz.rwth-aachen.de ([134.130.7.72]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1HfLIr-0001NP-Gd for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 21:31:25 +0200 Received: from circe ([134.130.3.36]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JGV007TH477BA00@mta-1.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Sat, 21 Apr 2007 21:16:19 +0200 (CEST) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Sat, 21 Apr 2007 21:16:19 +0200 (MEST) Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l3LJGIKM016500 for ; Sat, 21 Apr 2007 21:16:18 +0200 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 5118D5B77A for ; Sat, 21 Apr 2007 21:16:19 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30629-06 for ; Sat, 21 Apr 2007 21:16:18 +0200 (CEST) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id E17A35B775 for ; Sat, 21 Apr 2007 21:16:18 +0200 (CEST) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id BB14D1A6AA7; Sat, 21 Apr 2007 21:16:42 +0200 (CEST) Date: Sat, 21 Apr 2007 21:16:42 +0200 From: markus reichelt Subject: Re: loop-aes on MIPS DSL Router In-reply-to: <20070421183757.20510@gmx.net> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20070421191642.GA13982@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=qMm9M+Fa2AknHoGS Content-disposition: inline X-PGP-Key: 0xC2A