Re: newbie: for my understanding of loop-aes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Christophe Zwecker wrote:
> is it true I shall disable write cache on the controller ?

Journaled file systems usually require that.

> Now I read the README that comes with loop-aes. the parameters seem
> wrong its not
> 
> losetup -e AES128   it seems  to be
> 
> losetup -e aes -k 128. well no problem here.

Former is correct for loop-AES use. Latter is correct for
kerneli.org-cryptoapi use.

> Im trying example #3
> It says I shall keep the seed somewhere, but in the example its in the
> fstab isnt it ? I suppose its for convienience but better not to keep
> there ?

Seed needs to be in /etc/fstab. kerneli.org-cryptoapi does not support use
of seed (last time I looked).

> is solution #3 more secure because of the seed than number 4 (the gpg
> solution), altho in #4 I could save the keyfile on a CD or an usb
> keychain storage ?

Loop-AES examples #4 and #5 switch most of the burden to attacking GnuPG
instead of loop cipher.

> I did the swap encryption thing as in the read me, however doesnt matter
> which parameters I put in fstab swapon always works, so I wonder how can
> I check if swap is really encrypted ?

kerneli.org-cryptoapi do encrypted swap using modifications to init scripts.
Loop-AES' swapon/swapoff do encrypted swap if they find loop= and
encryption= options in /etc/fstab.

To check if kernel is using loop devices to swap, type "cat /proc/swaps".
One or more lines of output should begin with "/dev/loop? "

> And finally I wonder how much morge secure aes256 is over aes128 , cause
> I got no idea. I wonder when/if I need 256.

AES128 should be secure. AES256 is for paranoids.

> I load couple modules and do stuff as in loop-aes readme. Now I just
> wondered, could it be that I dont use loop-aes but cryptoapi stuff ?

Yes, that seems to be the case.

> How can I tell ? is loop-aes faster then cryptoapi ? which are the
> advantages ?

I haven't seen version of kerneli.org-cryptoapi that outperformed loop-AES.

> I think ive been playing with the wrong stuff... :(

If you want to continue using kerneli.org-cryptoapi, use their docs to set
up loop devices. If you want replace kerneli.org-cryptoapi with loop-AES,
just follow instructions in loop-AES' README file.

Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux