Announce loop-AES-v1.4e file/swap crypto package

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In short: If file and swap crypto is all you need, this package is a hassle
free replacement for international crypto patch and HVR's cryptoapi.

This package provides loadable Linux kernel module (loop.o) that has AES
cipher built-in. AES cipher can be used to encrypt local file systems and
disk partitions. For more information about compiling and using the driver,
see the README file in the package.

Features:
- GPL license.
- No source modifications to kernel. No patch hassles when you are upgrading
  your kernel.
- Works with all recent 2.4, 2.2 and 2.0 kernels, including distro vendor
  kernels. Encrypted disk images are compatible across all supported
  kernels.
- AES cipher is used in CBC mode. Supports 128, 192 and 256 bit keys.
- Passwords hashed with SHA-256, SHA-384 or SHA-512.
- 512 byte based IV. IV is immune to variations in transfer size and does
  not depend on file system block size.
- Device backed (partition backed) loop is capable of encrypting swap on 2.4
  kernels.

Changes since previous release:
- Execute depmod only if target was currently running kernel.
- loop.c-2.4.original updated to Linus' 2.4.10 + fixes from 2.4.9-ac16, with
  ifdefs so it compiles on older kernels as well.
- Rest of AES finalist cipher names added to util-linux patch.
- External encryption module locking bug is fixed (kernel 2.2 only,
  backported kernel 2.4 fix). This bug did not affect loop-AES operation at
  all.
- Password seeds can be used to slow down dictionary attacks. "-S XXX"
  option added to losetup, and "-o pseed=XXX" option added to mount.
- For device backed loops, allocate pages only from private pool during run
  time (kernel 2.4 only). This eases stress on the VM as some of them can't
  handle stress too well.

Note to people upgrading from version v1.4d to v1.4e: Loop-AES-v1.4d used
pre-allocated pages in addition to run time allocated pages. Loop-AES-v1.4e
and later rely solely on pre-allocated pages and don't allocate additional
pages at run time at all. If you have set up a non-default 'lo_prealloc'
value, please make sure to adjust it as needed. Values smaller than 50 are
not recommended, as that is likely to cause slow disk access.

bzip2 compressed tarball is here:

    http://loop-aes.sourceforge.net/loop-AES-v1.4e.tar.bz2
    md5sum 0561fdc04ae0b6a8330006fbe20796f5

PGP signature file, my public key, and fingerprint here:

    http://loop-aes.sourceforge.net/loop-AES-v1.4e.tar.bz2.sign
    http://loop-aes.sourceforge.net/PGP-public-key.asc
    1024/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

Regards,
Jari Ruusu <jari.ruusu@xxxxxxxxxx>


Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux