Hello linux-crypto, After a complete failure of my laptop's harddrive, I'm planning the setup of the new system. Two years ago, when I set up the old system, I chose loop-AES, because of its apparent better security in comparison to dm-crypt and cryptoloop. The main points were the possibility of a watermark attack and the possible use of precomputed dictionaries, which are quite understandable even to me as a non-expert on cryptography. And for convinience, loop-AES came with a nice script that allowed me to create a working initrd in no time. Since then, dm-crypt has obviously caught up. There is a cbc-essiv mode with a secure iv generation, and with luks there is even a standard disk format and a salted, iterated key setup which should protect against precomputed dictionaries. Another advantage is, that dm-crypt is in mainline and should even work with the distribution's kernel. And since I use a custom initrd to allow me to suspend to encrypted swap anyway, I see all advantages of loop-AES gone. So here I am, not knowing which method to choose. Are there important differences regarding the security? I'd welcome all kind off comments. Regards, Jim - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
