On 26/08/2021 15:38, Christoph Hellwig wrote: > No need to keep a separate loadable module infrastructure for a tiny > amount of cryptoapi glue, especially as unloading of the cryptoloop > module leads to nasty interactions with the loop device state machine > through loop_unregister_transfer. > > Signed-off-by: Christoph Hellwig <hch@xxxxxx> Hi Christoph, the cryptoloop is insecure, most of the encryption modes are deprecated (and known to be problematic); util-linux no longer support cryptoloop options in losetup. Isn't the better way to go just to remove cryptoloop completely? (I tried this years ago, because dm-crypt can actually implement all, even insecure, options, see https://lkml.org/lkml/2012/11/2/162 ) I know that loopAES still use this interface, but it implements own modes anyway, replacing kernel code. I really think that the best option here is just to kill this mess :-) (Or implement sector-level crypto properly in loop.) Just my 2 eorocents... :) Milan
