Re: EVMS and LOOP-AES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

commence  IT3 Stuart Blake Tener, USNR-R quotation:

> 	I understand that loop-aes and cryptoloop are stacking device
> technologies; however, I am also trying to ferment a plan to
> implement everything cohesively.

How is it not "cohesive" now?  All that your proposals are doing is
reordering the stacking of the various layers, for no gain at all.

> 	Fair enough, I am game. I am going to try to devise a method to
> make use of loop-aes, EVMS, and ReiserFS without the need for suggesting
> that a new "code bureaucracy" be created for EVMS. Although I do know
> that already the plan (from IBM) is to have such plug-ins, I do not
> think people on the EVMS team have the experience with encryption to
> write such code.

Nor do they need to.  The work has already been done, by the cryptoapi
and loop-aes folks.

> 	That being said, I would presume that the first layer should be
> loop-aes, then EVMS, then ReiserFS; and that my /boot partition would
> need to be an unencrypted, and outside the control of EVMS.

Running volume management on top of encrypted physicals does not
strike me as a good idea at all.  Losing a single key when you are
using encrypted loop on top of partitions or logical volumes means
that you lose only one volume, without affecting any others.  If you
lose the key to one of your encrypted physicals, you lose access to
ALL of the logical volumes that have PEs allocated from that physical
volume.

> 	Since one person told me that, the issue I have had with using
> DEVFS is related to initrd usage over ReiserFS (I plan to test this
> later this week) I am willing to forgo the need for DEVFS for the
> moment, since it would be a convenience at best right now. However,
> eventually it would be my desire to also include the use DEVFS into the
> mix.

If you don't neeed it, why use it at all?

> 	One other thought is if loop-aes technology were a plug-in for
> EVMS would that not make having encrypted swap a much more simple
> process?

No.

-- 
 /////////////////  |                  | The spark of a pin
<sneakums@zork.net> |  (require 'gnu)  | dropping, falling feather-like.
 \\\\\\\\\\\\\\\\\  |                  | There is too much noise.
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux