>There also is a README.loop-AES-v2.0f.SuSE file saying that "to enhance the feature of mount, umount, losetup, swapon and swapoff we have included the patch to util-linux-2.12 from Jari Ruusu's loop-AES package". Does that mean that I don't have to patch anything?
If losetup man page says it supports -K option, and that -K option description mentions multi-key mode, then your util-linux is most likely already patched with loop-AES' multi-key support, and you can use it without patching.
No, it didn't mention multi-key mode. But after following "4. Instructions for building new mount, umount, losetup, swapon and swapoff" it does.
However, I'm worried about your saying "Do *not* install all the utilities in the util-linux package without thinking. You may ruin your system if you do that. Read the INSTALL file provided with util-linux tarball.". Am I safe if I only performed the comments below your saying "These commands, as root user, will recompile and install mount, umount,
losetup, swapon, swapoff and their man pages:"? I'm still a Linux newbie, just wanting to easily setup root encryption to get rid of Windows + Compusec (free closed source root encryption for Windows) :-)
BTW, does someone understand why no flavor of UNIX I'm aware of and no Linux distribution offers integrated root encryption?
Also, after the make command I cannot find any loop.o or loop.ko file.That is strange. Please post output of "ls -l" of loop-AES build directory.
In your howto, sometimes you don't mention where to execute a command. It may be obvious for people with more Linux experience, but it wasn't for me. loop.ko does exist now.
And how do I verify for sure which kernel has been loaded? (I'm asking this beause even after choosing my new compiled kernel at the grub boot menu, the last line before login says that the default kernel was loaded - if this is a bug, how do I fix it?)Run command: uname -a
It's strange: My only self-compiled kernel is named vmlinuz-2.6.5-7.95-default-neo1 (compiled on 00:58 CET Jul 27 2004) and I can boot it, but uname -a keeps saying that I'm runnung vmlinuz-2.6.5-7.95-default 00:58 CET Jul 27 2004.
If I try to load loop.ko from /lib/modules/2.6.5-7.95-default/block, it fails. After renaming loop.ko to loop.tmp and copying loop.ko from /lib/modules/2.6.5-7.95-default-neo1/block, loading and "make tests" works!!!
Yes, patched gpg is better.P.S. Does a patched gnupg make sense even if my passphrase is composed of over 20 quite alleatory characters?
If someone uses a non-patched gpg, would this represent one of the weakest known elements for an attacks? Which ones would be the other ones?
Some days ago you wrote: > loop-AES is also vulnerable to attacker modifying ciphertext
So if someone modifies data on the crypted harddrive while I'm e.g. sleeping (but without modifying my boot USB stick or CD-R), he could decipher my data if he steals the laptop later?
Many thanks,
Christian
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/