Pawel Pokrywka wrote: > I found that it is possible to encrypt device without using aes-pipe. > After /dev/hda1 has been associated with loop device /dev/loop0 this > command: > > # dd if=/dev/hda1 of=/dev/loop0 > > Encrypts hda1 and makes filesystem on this device accessible via loop0. > > I'm developing application, which I don't like to depend on aes-pipe. > > Well, this method worked for my test filesystem, but I'm not sure if it > will work in every situation. Does anybody on the list see any dangers > in this method compared to classic "dd if=dev|aespipe|dd of=loop"? The 'dd if=/dev/hda1 of=/dev/loop0' is the classic method to encrypt a file system in place. Ancient versions of loop-AES used that method to encrypt root file system in-place. But since root file system encryption had to be done using rescue boot-CD or boot-floppy kernel, all of which didn't have encrypted loop device support, not everyone was able to do the encryption. Aespipe has the advantage that is does not require any encrypted loop device support from the kernel, and as such works with all kernels, even non-linux kernels. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
