Re: Linux distro w/loop-aes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



markus reichelt <ml@xxxxxxxxxxxxx> wrote:
> > As you asked for an USB-bootable solution I advise you to follow
> > example 7.7 from loop-aes readme. This works even with SuSE and you
> > can encrypt every bit of data on you drives. No bootpartition and
> > no partition table will remain. Up to now I haven?t seen an
> > installer that supports encrypted installations.
> 
> The beauty of that example is that it can be used also on
> non-ecrypted root partitions... the system will just boot. Great to
> test one's setup before actually encrypting root via aespipe.
> 
> And about that tweaked installer ... I discussed the issue with a
> fellow slackware user some time ago. It's most certainly doable, but
> right now I just lack the time to pursue that project. 

Aespipe is a good hint! When you lose your USB-Stick or think of a key-change for existing encrypted partitions, how do you do that? Aespipe pipes data from one partition to the same. It works fine unless the PC hangs. It would be fine to have a script that makes aespipe use 2 partitions. One for the encrypted data and a small one to backup chunks of the ongoing re-encryption.
Let´s say a partition with 300 GB data is chosen to be re-encrypted with a new keyfile. At present aespipe is given both keyfiles and two loops are set up to read the data from one loop, pipe it through the program and back to the second loop. If the PC get´s stuck in this process 300 GB of data are lost. To prevent this, the 300 GB are to be segmented into 100 MB chunks and the above process is done again. This time with a second partition to store a temporary 100 MB file and an index file that keeps the record of the loop´s offset and size for the actual chunk. In case of a crash the temporary chunk can be replayed and the index file provides the information on where to replace the data and how to continue the re-encryption process. Data protected against crashs, mission accomplished.
A person with good knowledge in linux shell scripting might write this tool in a few hours.

Best regards
Peter
-- 
"Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux