Anon wrote:
Anon wrote:
Could I then use ReiserFS on top of a file backed loop device?
the loop-AES.README also states:
1. Loop device primer
[...]
File backed loops may deadlock under some kernel + file system
combinations.
So, if you can choose between device backed and file backed, choose
device backed even if it means that you have to re-partition your
disks.
I *am* planning on using a device-backed loop.
so, file backed loops SHOULD be avoided, no matter if encrypted or not,
with journaling fs on it or without. yes, it's possible and you SHOULD
try it to see if it works for you. but in "most cases" file backed loops
are behaving better.
I assume you really meant device-backed loops in the last sentance above.
My interest in using a file-backed loop is so that I can have a loop-AES device-backed loop
containing a loop-AES file-backed loop, for two (or more) layers of encryption.
I have the impression from the loop-AES.README file a non-journalling file system can be used in a
file-backed loop. It is my understanding from the ReiserFS documentation that using the "nolog"
option during mounting would satisfy the non-journalling criteria, as this option disables
journalling.
For that scenario you only 'need' a filesystem for the last layer.
You pack an encryption layer onto the partion/device.
"losetup" it and losetup the next layer directly onto the newly created
/dev/loop<x> device.
That way you only stack block-devices and pack a filesystem on the last one.
For a (say) 4 layer encryption you would stack;
HDD -> Partition
-> Loop 1 -> Loop 2 -> Loop 3 -> Loop 4
-> Filesystem
e.g.
sdb -> sdb1 -> loop0 -> loop1 -> loop2 -> loop3 -> <whatever>
If you want you can also pack the encryption keys before each layer
using the "offset"-options to leave the needed space for the keys and
shrink the block-device of each layer by a little bit.
That way you had to actually break each encryption layer to even get the
needed keys for the next. (Of course the key-sets are also encrypted
with by gpg or whatever else layer you may think of)
Bis denn
--
Real Programmers consider "what you see is what you get" to be just as
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated,
cryptic, powerful, unforgiving, dangerous.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
