On 08/01/2013 11:49 AM, Ciprian Dorin Craciun wrote: > On Thu, Aug 1, 2013 at 10:43 AM, Milan Broz <gmazyland@xxxxxxxxx> wrote: >> On 1.8.2013 9:00, Ciprian Dorin Craciun wrote: >>> >>> As said, I guess this can be obtained in two ways: >>> * either if there is a "backward" mode for dm-crypt; (which I'm >>> not aware of;) >> >> >> No, there is not. >> >> I hope I understand your use case correctly, bu if so, this mode >> (transport over network) _cannot_ be secure. > > Indeed such a solution I'm after won't be "completely" secure (as > a matter of fact nothing can be completely as that would imply > perfection). And in my particular use case I don't need it. Well, you have been warned... and you can always shoot yourself in the foot ;-) I think that quick hack to try it would be to write simple kernel cipher module (or wrapper), where you only change cipher name (so it will not mix up with normal implementation, name like reverse_aes or so) and just switch encrypt/decrypt callbacks. I am afraid you will need to avoid LUKS and IV where encryption is used (ESSIV) (or at least you must analyze if encrypt/decrypt change for the given cipher is safe for use there). Then just use this reverse cipher for exported disk only. IMHO configuring openVPN an just use iscsi over it is better, more secure and you do not need to hack around it. For saturating Gigabit network you need fast cpu anyway. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
