1. What is the deal with adding arguments to losetup so that the program will support calling external hashing programs (Ben Slusky's work I think)? I have been hashing passwords with openssl, a pipe and losetup's -p 0 option for quite some time. Why is the additional code needed? Am I missing something here?
I think it is so you can specify options to the mount(8) program in /etc/fstab; this might give people the option of a rather powerful system setup with management from only one file (/etc/fstab) -- you can imagine not having to use a crypto-swap wrapper script, for example.
2. Is it safe to use the 2.6 code to encrypt a swap partition (or safe to start testing this since this is all experimental code)?
I certainly think so.
3. Mount needs to support variable key sizes. I have seen a little discussion about this but I fear much of it went on using other mailing lists. Losetup supports variable key sizes so mount should somehow. Granted, losetup is not usually suid root, but the code addition to mount is minimal and mount is essentially broken without it. Comments?
Loop-AES patches to losetup certainly support this, so it must be useful to people. Investigate at loop-aes.sourceforge.net
Thanks for your comments!
-- boyd
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
