Hi, I will soon build a new system and it's time to make a choice between loop-aes and dm-crypt. I will use full disk encryption, where only the bootlader and initrd will be plaintext while residing in a separate partition. Truecrypt will also be used and will run on top of the chosen device mapper. (Yes, I will use 2 encryption systems simultaneously) I've read that loop-aes is more secure than dm-crypt, but also the contrary. However, the only justification I've seen was that there was a bug in both dm-crypt and truecrypt, that, as of today, has been fixed. Some references: Debian 4 (Etch) install manual http://www.debian.org/releases/stable/amd64/ch06s03.html.en -> "The default method is dm-crypt (included in newer Linux kernels, able to host LVM physical volumes), the other is loop-AES (older, maintained separately from the Linux kernel tree). Unless you have compelling reasons to do otherwise, it is recommended to use the default." => What would be the compelling reason here? http://riseuplabs.org/grimoire/storage/encryption/loop-aes/ -> "Loop-AES is more secure than dm-crypt (and possibly faster), although it requires a custom kernel module and is more work to install than dm-crypt." => But no justification given regarding the security aspect. http://mail.nl.linux.org/linux-crypto/2006-02/msg00037.html -> "Truecrypt, which is also device-mapper based, only very recently attempted to fix a major security hole which Jari had been warning people about for some time." => As of 2006-02 it was fixed, so there is no problem with Truecrypt. -> "debian packages for loop-aes do not require a kernel recompile unless you want to encrypt the root filesystem." => Ok, so I need to recompile -_- http://mail.nl.linux.org/linux-crypto/2006-09/msg00008.html -> "Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are vulnerable, and even recent dm-crypt still suffers from a weak crypto implementation." => I will be using 2.6.20, which allows for LRW mode and thus solve the watermark problem. -> "dm-crypt... which leaks location of changed data in some unusual situations." => What exactly consists this leak and has it been fixed? So, what are the current problems of each implementation (if any)? Thank you. BTW, this question as been itching me... Does the act of upgrading the kernel goes without problems and glitches, or is it "common" to be locked out of the encrypted system (or even worse, to lose data) when an upgrade goes bad? - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
