I cannot seem to find any information on which is better.> All I want is a good AES encrypt of my HD with at little overhead as possible.
> My Gentoo Linux OS natively runs the cryptoloop patch and so can use it
> without modification.
I have been using the cryptoapi implementation for more than a year with Gentoo and a 2.4.x kernel; I started with "crypto-sources" but now I think the cryptoloop is in the standard gentoo kernel...
> To use loop-AES is a little more effort.
There is now an ebuild for loop-aes, which may simplify things. Please take a look at the forum thread on this topic:
http://forums.gentoo.org/viewtopic.php?t=31363
I am working on integrating loop-aes with Gentoo and kernel 2.5.69. I have had more success in getting util-linux to work with the loop-AES implementation than with cryptoapi under the development kernel.
dd if=/dev/hdb1 of=/dev/loop1 bs=64k conv=notrun> of the filesystem. Is this correct?
I am not sure what the dd does, but it seems to do the encryption
The /dev/loop is performing the encryption of the filesystem. The "dd" command simply blasts bytes from the "input file" (if) to the "output file" (of), it does not know anything about encryption...
The loop-aes documentation (which is excellent, by the way) instructs you to download "aespipe" and use it to encrypt your system. I do not think this is necessary; I think that a dd command like yours is sufficient.
If the non-encrypted and the encrypted file systems are of different size (or type), then it might be even better to use a higher-level tool that lets the file system handle things. I create an encrypted disk partition, make a file system on it as usual, and then restore my data to the new encrypted partition with cpio.
-- boyd
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
