* John Smith <the.real.monkey.d.luffy@xxxxxxxxx> wrote: > Debian 4 (Etch) install manual > http://www.debian.org/releases/stable/amd64/ch06s03.html.en -> > "The default method is dm-crypt (included in newer Linux kernels, > able to host LVM physical volumes), the other is loop-AES (older, > maintained separately from the Linux kernel tree). Unless you have > compelling reasons to do otherwise, it is recommended to use the > default." => What would be the compelling reason here? Bad choice of words in the manual, imho. Don't worry about this. > http://riseuplabs.org/grimoire/storage/encryption/loop-aes/ -> > "Loop-AES is more secure than dm-crypt (and possibly faster), > although it requires a custom kernel module and is more work to > install than dm-crypt." => But no justification given regarding > the security aspect. in that example they use kernel 2.6.8 (hint hint) > http://mail.nl.linux.org/linux-crypto/2006-09/msg00008.html -> > "Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are > vulnerable, and even recent dm-crypt still suffers from a weak > crypto implementation." => I will be using 2.6.20, which allows > for LRW mode and thus solve the watermark problem. -> "dm-crypt... > which leaks location of changed data in some unusual situations." " ... not a big problem." = dont worry about this. > => What exactly consists this leak and has it been fixed? This means that loop-aes hides the position of changed ciphertext better than dm-crypt. A change of one byte in a 512 byte sector will cause 16 bytes to change in dm-crypt and 512 bytes (the whole sector) in loop-aes. if an attacker has access to changed ciphertext this could be a problem. But in case an attacker has access to your ciphertext you already got a bigger problem. > So, what are the current problems of each implementation (if any)? by now you are fine with any of the stooges. Just don't use blowfish cipher, it is not recommended for large amounts of data. > BTW, this question as been itching me... Does the act of upgrading > the kernel goes without problems and glitches, or is it "common" > to be locked out of the encrypted system (or even worse, to lose > data) when an upgrade goes bad? well, apart from the usual mantra about backups, all my updates have gone smoothly so far (I'm solely using loop-aes). -- left blank, right bald
Attachment:
pgpp7EvLSC8y2.pgp
Description: PGP signature