* Michael Garibaldi <michaelgari@xxxxxxxxx> wrote: > First of all - I'm a bit confused about the options. As far as I can > gather, there are > 1.Kernel's cryptoloop > 2. Kernel's dm-crypt > 3. Jari Ruusu's (or documented by him?) cryptoloop > > Out of these, 1 is clearly bad (documentation of all three say that it > is). However, dm-crypt's documentation does not mention #3 and #3's > documentation does not mention dm-crypt. So, what's the deal between > these? cryptoloop, dm-crypt, and loop-AES are three different crypto implementations on linux systems: Cryptographic API is built-in in modern 2.6 mainline kernels; vendor kernels are derived from these. Cryptoloop stands for using the Cryptographic API via the loop-device, hence it's often referred to as "mainline cryptoloop". dm-crypt is a so-called device-mapper target that provides transparent de/encryption of block devices using the Cryptographic API. Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are vulnerable, and even recent dm-crypt still suffers from a weak crypto implementation. loop-AES is a package that provides loadable linux kernel modules that allow you to safely de/encrypt disk partitions. It does not modify the kernel in any way. -- left blank, right bald
Attachment:
pgp5OBfmCfBpX.pgp
Description: PGP signature
