> > Jan Lühr <jluehr@xxxxxxx> wrote: > > Due to google, I found how to set up every single utility, but I haven't found > > any site comparing theses approaches, analysing 'em (from a scientific point > > of view) and give some advice for newbies. > > just use loop-aes, and forget about mainline cryptoloop and dm-crypt. > > Why Mainline Cryptoloop Should Not Be Used > http://mareichelt.de/pub/texts.cryptoloop.php > > still needs an update, but you should be able to get the picture ;) > http://clemens.endorphin.org/LinuxHDEncSettings The mainline crypto (dm-crypt only--cryptoloop will be depreciated very soon) is _starting_ to address some of the issues Jari Ruusu has been mentioning. At this point, if you want to make sure you are relatively secure, use loop-AES in multi-key mode. (As for speed, don't think about it. The more secure modes of loop-AES and mainline crypto both have some performance penalties over their less secure modes*, even though both have an assembly-optimized version of AES on x86 architectures available to all modes.) *E.g. loop-AES multi-key versus single-key mode, and dm-crypt (mainline crypto ) ESSIV and Plumb IV hashing (both are relatively new to mainline) versus Plain IV hashing. > Being able to gain access to my data with OpenBSD, Solaris or MacOS would also be nice. Using GnuPG to encrypt individual files seems to be the most cross-platform solution for portable media (as it even works on Windows with no problems). For x86-platform boxes, Knoppix CD's usually have current implementations of loop-AES (and, months ago, there was talk of including dm-crypt).
Attachment:
signature.asc
Description: This is a digitally signed message part
