Petersen wrote: > So baseline, must I prepare my kernel (use 2.6, select some option or > whatever) to use ext3 safely, encrypted or not? Last time I checked, ext3 barrier mount required 'barrier=1' mount option in /etc/fstab . > Does ext3/loop-aes encryption increase risks compared to ext3/plain? Device backed loop-AES does not increase write order related risk. > If loop-aes maintains write-order, then I suppose ext3/loop-aes and > ext3/plain have same risks. Encrypted data has bigger data corruption risk on hardware failure. One bit ciphertext read error will completely destroy one or more 16 byte plaintext blocks, but errors still stay within same 512 byte sector where the one bit error is. > KEYSCRUB=n could still be available for aficionados. However, I'd > really like to see someone recovering the key from 'wornout > ram-oxide'. If some three letter government agency is capable of doing that, they probably stay mum about it. I almost forgot: Anyone compiling loop-AES for Xen Linux, must not enable KEYSCRUB=y for now. There is privilege related bug that prevents it from running correctly on some versions of Xen. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
