Hi, On IRC Monday I asked a brief question about the kerneli patches, and he (? scoobz) said they had no problems... question is, before I settle on that, has anyone else had experience with that, or any other linux encryption fs? Thankyou! Andrew
on Wed, Jul 04, 2001 at 09:26:21PM +0100, Andrew J Glover scribbled:
On IRC Monday I asked a brief question about the kerneli patches, and he (? scoobz) said they had no problems... question is, before I settle on that, has anyone else had experience with that, or any other linux encryption fs? Yes... and CFS <ftp://ftp.zedz.net/pub/crypto/disk/cfs/>
The later basically didn't work. kerneli works very nicely :) just remember to chmod 600 /dev/loop* so you can't lose a layer of crypto unless root..
Andrew J Glover wrote:
Hi,
On IRC Monday I asked a brief question about the kerneli patches, and he (? scoobz) said they had no problems...
That is correct, it was me, I had no problems with the kerneli patch.. now, getting encrypted file systems set up was a different story!! it took me ages to get it working!!!
question is, before I settle on that, has anyone else had experience with that, or any other linux encryption fs?
My buisness partner has recently pointed out to me that SuSE 7.2 comes with encrypted files systems out of the box!!! yes that's right, no configuration necessary!!!... I've been a redhat luser for a long while, but I may change my mind in the near future ;).. if you are looking to play around with it, then I was using PPDD (it was over 2 years ago now though)... but if you want something that just works then I suggest looking into SuSE's offering.. as I am sure it has been tested well... HTH Sz
Thankyou!
Andrew
_______________________________________________ alug, the Anglian Linux User Group list Send list replies to alug@stu.uea.ac.uk http://www.anglian.lug.org.uk/ http://rabbit.stu.uea.ac.uk/cgi-bin/listinfo/alug See the website for instructions on digest or unsub!
-- Open Source Specialists http://www.entora.co.uk/ Tel: +44 (0)701 0723686 Fax: +44 (0)870 3214368
on Thu, Jul 05, 2001 at 10:08:42AM +0100, Neill Newman scribbled:
That is correct, it was me, I had no problems with the kerneli patch.. now, getting encrypted file systems set up was a different story!! it took me ages to get it working!!!
Something like this worked for me: # dd if=/dev/urandom of=/mycfs bs=1m count=$size # modprobe $cipher # losetup -e $cipher /dev/loop0 /mycfs (prompts for key) (add more layers here if needed - by incrementing the loop device and using the previous loop device as the second parameter..) # mkfs.ext2 /dev/loop0 # mount -o noauto,nosuid,nodev,rw,loop,exec /dev/loop0 /cryptofs where $size is the fs size in megs and $cipher is the main cipher you wish to use. I'm pretty sure this is all in a howto somewhere.. If you're doing multiple cfs, then remember the -o *loop* to mount ties up another /dev/loop device. Problems you can come across are with losetup, such as it not being up to date enough to recognize your cipher. iirc you can just download and install the losetup from a later util-linux. losetup -h should list the supported ciphers.
Something like this worked for me:
[snip]
I'm pretty sure this is all in a howto somewhere.. If you're doing multiple cfs, then remember the -o *loop* to mount ties up another /dev/loop device.
Yeah, read the howto, got all that, thanks. Im just trying to decide on a cipher atm. I guess its a choice of Blowfish, IDEA, or serpent. Blowfish being good and fast, IDEA being better but slower than blowfish, and serpent looking good but not really tested against. Anyone got any opinions on them? I doubt i'll get much response, its pretty much a personal choice I guess. On an unrelated note, what was that library system being talked about a couple of weeks ago? Thanks, Andrew.
--- Andrew J Glover <flexifoil@btinternet.com> wrote:
Something like this worked for me:
[snip]
I'm pretty sure this is all in a howto somewhere.. If you're doing multiple cfs, then remember the -o *loop* to mount ties up another /dev/loop device.
Yeah, read the howto, got all that, thanks.
Im just trying to decide on a cipher atm. I guess its a choice of Blowfish, IDEA, or serpent. Blowfish being good and fast, IDEA being
better but slower than blowfish, and serpent looking good but not really tested against.
Anyone got any opinions on them? I doubt i'll get much response, its
pretty much a personal choice I guess.
I seamed to have missed the beginning of this thread so I assume its something about secure filesystems. Being a sad nerd who has read Cryptonomicon, the code book and applied cryptography too many times I have been looking at secure file systems. I was looking at a 128mb disk which is stored on the harddisk as shutdown but which is mounted into ram on boot up, so I get a steganographic Ram disk? Does anyone know if this is possible? Also you mention blowfish, what about twofish? or pontifex?
On an unrelated note, what was that library system being talked about a couple of weeks ago?
The library system is something which shall be filed under "Don't mention the war" Thanks D
Thanks,
Andrew.
===== -------------------- "We all know Linux is great... it does infinite loops in 5 seconds." Linus Torvalds __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Hi,
I seamed to have missed the beginning of this thread so I assume its something about secure filesystems.
Yes.
Being a sad nerd who has read Cryptonomicon, the code book and applied cryptography too many times I have been looking at secure file systems. I was looking at a 128mb disk which is stored on the harddisk as shutdown but which is mounted into ram on boot up, so I get a steganographic Ram disk? Does anyone know if this is possible?
Sounds interesting, but no idea.
Also you mention blowfish, what about twofish? or pontifex?
Alot of sources say dont use twofish, because its changing all the time and could be incompatible with future versions. pontifex isnt there. Been doing some more reading, claiming serpent is secure.
The library system is something which shall be filed under "Don't mention the war"
oki Thanks, Andrew.
on Thu, Jul 05, 2001 at 01:31:02PM -0700, David Freeman scribbled:
I seamed to have missed the beginning of this thread so I assume its something about secure filesystems.
Being a sad nerd who has read Cryptonomicon, the code book and applied cryptography too many times I have been looking at secure file systems. I was looking at a 128mb disk which is stored on the harddisk as shutdown but which is mounted into ram on boot up, so I get a steganographic Ram disk? Does anyone know if this is possible?
Yes, but what happens if you have a power cut or some other crash? ups i guess. You can get the stegfs patches and utils from <http://www.mcdonald.org.uk/StegFS/> although last time I tried it, it wasn't very stable - could have just been me and it was 1999/2000. Then simply compile a kernel with ramdisk support, grab srm/smem by thc. <http://packetstorm.securify.com/groups/thc/> is the most working url I can find at the moment.. So at boot up you just: 0) dd if=/stegramfs of=/dev/ram0 bs=1m count=128 (might be ramdisk size issues here..also might want to store it more encrypted) 1) mount (params) /dev/ram0 /somefs 2) srm /stegramfs 3) use stegfs stuff later to access it and shut down: 0) umount /dev/ram0 1) dd if=/dev/ram0 of=/stegramfs bs=1m count=128 2) smem
participants (4)
-
Andrew J Glover -
David Freeman -
Neill Newman -
xsprite@bigfoot.com