On Fri, 19 Dec 2003 17:58:11 +0200 Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> wrote: > Petro Verkhogliad wrote: > > Is there a point to using loop-AES with kernel-2.6? CryptoAPI is in the > > kernel. Why not just use it? > > 1) Loop-AES is about twice as fast on modern x86 boxes. > 2) Kernel 2.6 cryptoloop will not work properly with encrypted swap. > Encrypted swap needs memory pre-allocation. > 3) kerneli.org and mainline versions are more than two years behind in > security. Both have exploitable vulnerability that is best described as > back door. > 4) Uncounted number of bugs fixed in loop-AES that still bite mainline. > 5) If Andrew Morton's loop changes get merged to mainline loop, kernel 2.6 > cryptoloop will no longer work reliably with journaled file systems. > (same why reason I don't recommend using journaled file systems with > file backed loops) > > -- > Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > Ahh.. That makes sense. So, even if I am running 2.6.0 I still would want to patch the kernel with loop-AES. I am somewhat new to the whole kernel paching process. If the cryptoloop is already included in the 2.6 kernel, how do you tell the difference between the stock cryptoloop and the loop-AES cryptoloop? --
Attachment:
pgp00103.pgp
Description: PGP signature
