Re: partman-crypto

To: debian-boot@lists.debian.org
Cc: terpstra@debian.org
Subject: Re: partman-crypto
From: Max Vozeler <max@decl.org>
Date: Sat, 6 Aug 2005 00:15:40 +0200
Message-id: <[🔎] 20050805221540.GA11453@dp.roam.hinterhof.net>
Mail-followup-to: debian-boot@lists.debian.org, terpstra@debian.org
In-reply-to: <[🔎] 20050805080552.GP14709@deprecation.cyrius.com>
References: <[🔎] 20050805004339.GA992@dp.roam.hinterhof.net> <[🔎] 20050805080552.GP14709@deprecation.cyrius.com>

On Fri, Aug 05, 2005 at 09:05:52AM +0100, Martin Michlmayr wrote:

> Thanks for working on this.  Just a quick question: what's the
> advantage of loop-AES over dm-crypt? 

That's of course a matter of discussion. :-)

loop-AES has a very good track record with regards to introducing 
measures against possible attacks. For example, the 2.x versions 
introduced a multi-key mode to protect against a chosen plaintext 
attack that had been published shortly before.

Due to this multi-key mode and a stronger method for deriving IV, 
loop-AES is thought not to be vulnerable to a number of non-fatal
crypto attacks that cryptoloop and (last time I looked) dm-crypt 
have no protection against. From what I read, the LUKS version of
dm-crypt has some improvements over plain dm-crypt in this regard.

There are also a couple of advantages from a usability POV: 
Encryption keys are wrapped in GnuPG keyfiles and their passphrases
can be changed without having to re-encrypt the device[1]. Then 
there is a portable userspace tool that can decrypt loop-AES volumes
on most POSIX systems without requiring kernel support.

> Also, without having looked at your code, do you think your package is
> flexible enough to allow for different encryption methods?

I'm not actually very familiar with dm-crypt, but I've had this 
in mind when I started to work on it.

Much of the code should be identical for dm-crypt and loop-AES. In 
principle the package is also prepared for using dm volumes and
handling their specific settings (keysize, hash function?, volume 
name), only most of those things have not been implemented so far.

A first step could be to split the passphrase questions out of
loop-aes-keygen into a common file, fill in the currently empty
setup_dmcrypt() function in init.d/crypto and add a volume name
questions in active_partition/. (There might be complications from 
partman assuming that everything in /dev/mapper/ is an LVM device,
but that was only from a quick look and I could well be wrong.)

Generally speaking, if someone is interested in completing the 
dm-crypt and LUKS support in partman-crypto, I would be happy to 
contribute and help get it working. I'm mainly lacking knowledge
and experience with either to do a good job with this myself.

Wesley I'm CCing you to ask for correction on what I wrote about
dm-crypt above :-P and if you'd perhaps be interested in joining
this work. We'd probably need at least a cryptsetup-udeb, if my
understanding of dm-crypt is correct.

cheers,
Max

--
[1] I suppose one could do similarily for dm-crypt, so this is not
really a genuine advantage.

Reply to:

Follow-Ups:
- Re: partman-crypto
  - From: "Wesley W. Terpstra" <wesley@terpstra.ca>

References:
- partman-crypto
  - From: Max Vozeler <max@decl.org>
- Re: partman-crypto
  - From: Martin Michlmayr <tbm@cyrius.com>

Prev by Date: Re: partman-crypto
Next by Date: Bug#321503: busybox insmod segault on alpha d-i
Previous by thread: Re: partman-crypto
Next by thread: Re: partman-crypto
Index(es):
- Date
- Thread