Dear mailing list readers, I have spent the last days to evaluate whole disk encryption possibilities under Linux. As far as I know there are 3 ways: cryptoloop, dm-crypt and loop-aes. My task is to backup gigabytes of medical and financial data stored on a couple of smb file servers to a remote machine, whose security is unknown. Lets assume the worst case that the crypto container on this backup machines is world readable. I will use rsync, so only changes of the crypto container are transferred on a daily basis. It appears to me that loop-aes is the only one choice under linux with real secure implementation of strong encryption. However, I am no crypto analyst and would love to read some professional comments about loop-aes. So, my first question is, if somebody knows a link to a document which deals with this? Also, I have questions related to file backed loop-aes encryption. If I use ext3 on top of a file backed loop device, I understand that the consistency is in danger because writes are reordered of the underlying fs. What I dont understand is the claim, that ext3 (top) <-> loop-aes <-> ext3 (underlying with data=ordered or data=journal) should work. Why is the assumption correct that the underlying ext3 preserves the same write order of the ext3 on top? I found some other notes about deadlocks while using file backed loop-aes. On Linux Kernel mailing list it is claimed that GFP_NOFS is cause of deadlocks. Ext3 uses this call, ext2 not. The author of loop-aes just used the phrase "it should maybe work" if ext2 is fs on top. So, does somebody of you know the stability of this scenario (file backed loop-aes with ext2 on top) on production servers? The reason I dont want to use device backed loop-aes is the dependency from the block device. If I use file backed loop-aes and one server crashes, I can just copy the crypto container as file to to an arbitrary fs created on a i.e. a ide, scsi-blockdevice or even software raid of a new server. I think I wouldnt have this functionality if I backup the (ide-,scsi- or software raid-) block device with "dd" (maybe I am wrong?). Kind regards, A.Engels - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
