I'm not an expert, so a flame war with me will useless and not responded to (*note*), however this is what I think I've gleaned in all my googling:
Loop-aes is still regarded as by far the best civilian partition encryption scheme available for linux. Developmentally and in terms of bug fixes is is way ahead of dmcrypt.
Loop-aes developer Jari Rassu has been at pains to point this out - I strongly suggest you search this list for his comments on dmcrypt and truecrypt. Truecrypt, which is also device-mapper based, only very recently attempted to fix a major security hole which Jari had been warning people about for some time.
The rise of dmcrypt is perhaps largely because Fedora has decided it's the thing to go with. Why? Perhaps because it's seen to be "easier to use", because the loop-aes readme insists that a kernel recompile is necessary => "no newbies please". However the debian packages for loop-aes do not require a kernel recompile unless you want to encrypt the root filesystem. (But I overreach my level of expertise. The person to talk to here might be Max, the maintainer of the debian loop-aes packages. He is a regular on this list). If you look at some of the "serious" security-oriented livecds ie knoppix-STD and INSERT, you'll see they ship with recent versions of loop-aes - not dmcrypt.
I don't want to disparage any efforts in this direction and I really hope dmcrypt and truecrypt continue to improve, but if you look at the dmcrypt wiki the project doesn't inspire confidence in me. I mean, loop-aes has a venerable history. Also, truecrypt cannot yet make containers under linux - it can only mount them.
Recently I was horrified when I read an article on root filesystem encryption on laptops in Linux Journal by an "expert" who, being a Fedora user, went with dmcrypt. The horrifying thing was this: his instructions used a *PLAIN TEXT single aes256 keyfile* - NOT EVEN a gpg-encrypted, multiline keychain. So your usb stick contains the key in plain text. An attacker gets hold of your usb stick, and game over. Yet it is a simple matter to use a gpg-encrypted key with dmcrypt - I've done it just to prove this.
I don't see how cryptLUKS or whatever it's called is any easier to use than loop-aes, once loop-aes is set up. In fact I find it confusing to use.
Just why has what is often regarded as an inferior encryption scheme been pushed? That in itself would make an interesting article.
Master of Reality <funkville@xxxxxxxxx> wrote:
I believe using the loopback device is deprecated... the new kernel uses
device mapper to encrypt the filesystem.
--
View this message in context: http://www.nabble.com/Encrypting-Filesystems-t1155912.html#a3038074
Sent from the Linux Crypto forum at Nabble.com.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
Master of Reality <funkville@xxxxxxxxx> wrote:
I believe using the loopback device is deprecated... the new kernel uses
device mapper to encrypt the filesystem.
--
View this message in context: http://www.nabble.com/Encrypting-Filesystems-t1155912.html#a3038074
Sent from the Linux Crypto forum at Nabble.com.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
Yahoo! Mail
Use Photomail to share photos without annoying attachments.