Christophe Zwecker wrote: > is it true I shall disable write cache on the controller ? Journaled file systems usually require that. > Now I read the README that comes with loop-aes. the parameters seem > wrong its not > > losetup -e AES128 it seems to be > > losetup -e aes -k 128. well no problem here. Former is correct for loop-AES use. Latter is correct for kerneli.org-cryptoapi use. > Im trying example #3 > It says I shall keep the seed somewhere, but in the example its in the > fstab isnt it ? I suppose its for convienience but better not to keep > there ? Seed needs to be in /etc/fstab. kerneli.org-cryptoapi does not support use of seed (last time I looked). > is solution #3 more secure because of the seed than number 4 (the gpg > solution), altho in #4 I could save the keyfile on a CD or an usb > keychain storage ? Loop-AES examples #4 and #5 switch most of the burden to attacking GnuPG instead of loop cipher. > I did the swap encryption thing as in the read me, however doesnt matter > which parameters I put in fstab swapon always works, so I wonder how can > I check if swap is really encrypted ? kerneli.org-cryptoapi do encrypted swap using modifications to init scripts. Loop-AES' swapon/swapoff do encrypted swap if they find loop= and encryption= options in /etc/fstab. To check if kernel is using loop devices to swap, type "cat /proc/swaps". One or more lines of output should begin with "/dev/loop? " > And finally I wonder how much morge secure aes256 is over aes128 , cause > I got no idea. I wonder when/if I need 256. AES128 should be secure. AES256 is for paranoids. > I load couple modules and do stuff as in loop-aes readme. Now I just > wondered, could it be that I dont use loop-aes but cryptoapi stuff ? Yes, that seems to be the case. > How can I tell ? is loop-aes faster then cryptoapi ? which are the > advantages ? I haven't seen version of kerneli.org-cryptoapi that outperformed loop-AES. > I think ive been playing with the wrong stuff... :( If you want to continue using kerneli.org-cryptoapi, use their docs to set up loop devices. If you want replace kerneli.org-cryptoapi with loop-AES, just follow instructions in loop-AES' README file. Regards, Jari Ruusu <jari.ruusu@pp.inet.fi> - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
