Mr. Vozeler, et alia: It is particularly instructive that of the congress of users and clients that I frequent with regularity, a notable number have begun to assert instantiate Ubuntu installations. When queried as to what drove their compunction to do so, in more than some several cases I received responses not unlike: Why would I not try it? I get Linux with the "Apple Approach" of "it just works". Predicated upon a congress of users whom would exemplify such thought in their choice for an OS alternative to Windows, or in order to provide a less costly support driven alternative to other Linux based OS distributions, the fact that they are driven by this modicum of thought does not and should not otherwise limit their ability to choose to assert a posture whereby the disk is fully encrypted from the moment installation reaches finalization. Is there some reason why kernels could not be built on the fly during the course of installation capable of supporting the mixture of options that a user would otherwise build in when rolling their own kernel post install time? Additionally, the provisioning of multiple choice kernels onto the distribution media would provide the user's a choice of options neither impossible, nor unattractive in being able to engage loop-aes as a potential encryption software. However, I do believe the best choice for the future will be TrueCrypt since it is planned to be supported on MacOS as well as what is already in force with support for Linux and Windows (thought I do think loop-aes does appear to be one of the best products available of its kind in the open source market). Very Respectfully Submitted, Stuart B. Tener, IT3, USNR, N3GWG Teners AT BH90210 DOTT COM (310) 358-0202 Beverly Hills, CA / Las Vegas, NV / Washington, DC / Philadelphia, PA On 5/4/07 6:42 PM, "Peter_22@xxxxxx" <Peter_22@xxxxxx> wrote: > -------- Original-Nachricht -------- > Datum: Fri, 4 May 2007 00:23:17 +0200 > Von: Max Vozeler <max@xxxxxxxxxxxx> > An: linux-crypto@xxxxxxxxxxxx > >>> No, we are far from a distro that asks for a memory stick to save >>> your root gpg files on it. Very far. >> >> What makes you think so? > > What makes me so pessimistic about full disk encryption beginning with the > installation? Well, first the fact that I had to struggle with every single > SuSE distro since I started with 8.1. Two hours ago I had a (deeper) look at > Kubuntu 7.04 amd64 regarding its loop-aes capabilities. It was embarrassing. I > found your name several times when people asked where they may get the > appropriate packages to build the loop module. As of today: > - ubuntu lacks loop-aes (feisty) > - debian (!) packages have to be used as interim solution to get it working > somehow > - the ubuntu 7.04 DVD starts a live system where rmmod loop fails > - not even a successful build of the loop.ko can be verified from within the > live system > > To avoid misunderstandings, I appreciate your engagement in debian and ubuntu! > My words are not criticism but ubuntu isn´t much closer to loop-aes than SuSE. > > With regard to FULL disk encryption I have serious doubts if the majority of > debian/ubuntu users want such deep interventions in the kernel configuration. > Up to now I always had to build a special kernel to include vfat, usb, serial > ata, native language support and the like. For this evening it looks like it > will remain the same even with debian and ubuntu anyway. Nonetheless, ubuntu > and SuSE are fine distros with installers that most people are able to use. > What you build upon this basis remains up to you. > >> If they already handle e.g. loading of >> pre-configuration from floppy or USB media, it may not be much work >> to extend it for write access and generating/storing the keys. > > "USB media" invites me to explain why I am so crazy about this option. USB > media are no bulky boxes! It is more like this: > Dimensions: 15mm x 11mm x 1mm(L x W x D) > http://sandisk.com/Products/ProductInfo.aspx?ID=1195 > And don´t forget, the cheap 128 MB version is already oversized. -- Very Respectfully, IT3 Stuart Blake Tener, USN Beverly Hills, California Amateur Radio Call Sign: N3GWG (Extra) email: teners@xxxxxxxxxxx phone: +(1) 310.358.0202 (Beverly Hills, CA) phone: +(1) 215.338.6005 (Philadelphia, PA) phone: +(1) 702.988.3989 (Las Vegas, NV) E-Fax: +(1) 915.773.0935 (Telecopier) Military emails (checked monthly until remote NMCI access is secured) NIPRNET: stuart.tener@xxxxxxxx / tenerstu@xxxxxxx SIPRNET: NONE TS/SCI: tenerstu@xxxxxxxxxx (GWAN) Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/