Re: encrypting existing filesystem without aes-pipe?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pawel Pokrywka wrote:
> I found that it is possible to encrypt device without using aes-pipe.
> After /dev/hda1 has been associated with loop device /dev/loop0 this
> command:
> 
> # dd if=/dev/hda1 of=/dev/loop0
> 
> Encrypts hda1 and makes filesystem on this device accessible via loop0.
> 
> I'm developing application, which I don't like to depend on aes-pipe.
> 
> Well, this method worked for my test filesystem, but I'm not sure if it
> will work in every situation. Does anybody on the list see any dangers
> in this method compared to classic "dd if=dev|aespipe|dd of=loop"?

The 'dd if=/dev/hda1 of=/dev/loop0' is the classic method to encrypt a file
system in place. Ancient versions of loop-AES used that method to encrypt
root file system in-place. But since root file system encryption had to be
done using rescue boot-CD or boot-floppy kernel, all of which didn't have
encrypted loop device support, not everyone was able to do the encryption.
Aespipe has the advantage that is does not require any encrypted loop device
support from the kernel, and as such works with all kernels, even non-linux
kernels.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux