Soon I also want to do what Jari described at http://www.spinics.net/lists/crypto/msg01063.html. Could you, Jari, make this patch available at sourceforge with your signature, possibly with a small README (you could copy most things from the URL mentioned above), also telling how to apply the patch?That patch should work if loopinfo.lo_name is changed to loopinfo.lo_file_name in xstrncpy() function call.
Thanks. However, I still want to suggest to you to include the patch and instructions in loop-AES-latest.tar.bz2.
However, it will not work ok with gpg encrypted key file as required by loop-AES' multi-key mode. One would have to use two different key files, one of those key files hidden someplace where lead pipe guys don't look.
But this would also mean vulnerability to watermark attacks, right?
If not, how would I create a boot CD which allows for manual input of the encrypted root partition (/dev/hda?) and keyfile at boot time?
BTW, my rootkey.gpg file is only about 4k big. How 64 keys end up taking so little space?
Thanks,
Christian
P.S. If someone analyses data on an multi-key mode loop-AES encrypted partition, can he tell for sure that it is encrypted?
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
