Status in 2007 of: loop-aes VS dm-crypt VS truecrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I will soon build a new system and it's time to make a choice between
loop-aes and dm-crypt.
I will use full disk encryption, where only the bootlader and initrd
will be plaintext while residing in a separate partition.
Truecrypt will also be used and will run on top of the chosen device
mapper. (Yes, I will use 2 encryption systems simultaneously)

I've read that loop-aes is more secure than dm-crypt, but also the
contrary. However, the only justification I've seen was that there was
a bug in both dm-crypt and truecrypt, that, as of today, has been
fixed.


Some references:

Debian 4 (Etch) install manual
http://www.debian.org/releases/stable/amd64/ch06s03.html.en
-> "The default method is dm-crypt (included in newer Linux kernels,
able to host LVM physical volumes), the other is loop-AES (older,
maintained separately from the Linux kernel tree). Unless you have
compelling reasons to do otherwise, it is recommended to use the
default."
=> What would be the compelling reason here?

http://riseuplabs.org/grimoire/storage/encryption/loop-aes/
-> "Loop-AES is more secure than dm-crypt (and possibly faster),
although it requires a custom kernel module and is more work to
install than dm-crypt."
=> But no justification given regarding the security aspect.

http://mail.nl.linux.org/linux-crypto/2006-02/msg00037.html
-> "Truecrypt, which is also device-mapper based, only very recently
attempted to fix a major security hole which Jari had been warning
people about for some time."
=> As of 2006-02 it was fixed, so there is no problem with Truecrypt.
-> "debian packages for loop-aes do not require a kernel recompile
unless you want to encrypt the root filesystem."
=> Ok, so I need to recompile -_-

http://mail.nl.linux.org/linux-crypto/2006-09/msg00008.html
-> "Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are
vulnerable, and even recent dm-crypt still suffers from a weak crypto
implementation."
=> I will be using 2.6.20, which allows for LRW mode and thus solve
the watermark problem.
-> "dm-crypt... which leaks location of changed data in some unusual
situations."
=> What exactly consists this leak and has it been fixed?




So, what are the current problems of each implementation (if any)?

Thank you.


BTW, this question as been itching me...
Does the act of upgrading the kernel goes without problems and
glitches, or is it "common" to be locked out of the encrypted system
(or even worse, to lose data) when an upgrade goes bad?

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux