> In-place encryption of partitions and disk images work just fine as > long as these requirement are met: > > 1) File system must not be mounted at time of encryption > > 2) Encryption is allowed to complete without interruptions (power > loss renders file system partially encrypted and completely > useless)
Impressive! Risky! Cool! :-)
>Boyd Waters wrote: >> >> The loop-aes documentation (which is excellent, by the way) >> instructs you to download "aespipe" and use it to encrypt your >> system. I do not think this is necessary; I think that a dd command >> like yours is sufficient. > > This statement of yours about aespipe is a little bit out of > context. Direct 'dd' to and from loop devices work just fine... if > you have a kernel that supports loop crypto. Loop-AES' README > recommends use of userspace aespipe program with boot floppy or > CDROM.
Got it... so you can use the aespipe program anywhere, so it's a good candidate for putting on a rescue CD-ROM.
Can aespipe use alternate encryption ciphers? Since it is statically linked, it seems to be AES-specific.
As always, thanks to Jaari for clarifying these points!
-- boyd
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
