Re: International Kernel Patch / Loopback Encryption Questions

Marc Mutz (Marc@Mutz.com)
Sun, 02 Jan 2000 19:10:22 +0100

"Scott V. McGuire" wrote:
>
> Hi,
>
> I have a few questions about using an encrypted loopback device with
> the international kernel patch:
>
> In configuring the kernel, what is the difference between the
> encryprion options under Loopback Device Support in Block Devices, and
> those in Crypto Options? I think I recall reading that the ones in
> Block Devices were being replaced with ones in Crypto Options, but I'm
> not sure. Is this correct? If so would a twofish encrypted device
> created now with the module from Block Devices be readable by a kernel
> where the twofish option has moved to Crypto Options?
>

Twofish and CAST are broken together with DES and some of the others
under crypto options. There is no userspace program that allows their
use. Use the generic crypto driver and select one of the ciphers in the
crypto options block. It is the newer and the recommended way of doing
things. I personally use blowfish and serpent, YMMV.

> Is there any advantage (disadvantage) to using a raw device rather
> than a file for the physical storage, ie. losetup /dev/loop0 /dev/hdax
> rather than losetup /dev/loop0 /home/xxx/yyy?
<snip>

I don't know about speed, but I guess it is negligible. The advantage of
using a normal file over using a block device is IMO that you can
enlarge the crypted fs easily (see Encryption-Howto for how), whereas
you'd had to re-partition your disk to enlarge a crypted fs residing on
/dev/hda or so.

Marc

-- 
Marc Mutz <Marc@Mutz.com>        http://marc.mutz.com/Encryption-HOWTO/
University of Bielefeld, Dep. of Mathematics / Dep. of Physics


PGP-keyID's:   0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH)






-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/