Bug#614808: O: loop-aes - loop-AES encryption modules
Max Vozeler writes ("Bug#614808: O: loop-aes - loop-AES encryption modules"):
> loop-aes has an active and helpful upstream maintainer
> and quite a few users.
Why are these people not using dm-crypt and luks ? Or, why is this
code not using dm-crypt rather than an out-of-tree module ?
These are serious questions, not rhetorical ones. If there's a good
answer, fine. Otherwise perhaps we should think about a compatibility
wrapper or something.
Looking at the Description:
> loop-AES can be used to encrypt disk partitions, removable media,
> swap space and other devices.
This is the functionality of dm-crypt.
> It provides measures to strengthen
> the encryption: Passphrase seeds, multiple hash iterations, MD5 IV
> and use of alternating encryption keys.
With dm-crypt these things can be done in userspace, and cryptsetup's
LUKS facilities would seem to be adequate to meet these objectives.
(Assuming by "alternating" we mean "alternative".)
> Encryption keys can be stored in a GnuPG-encrypted keyfile, which
> allows the passphrase to be changed without re-encryption. Keyfiles
> can also be encrypted asymmetrically for multi-user access.
cryptsetup does not have these features but surely they can be made to
work with dm-crypt.
> This package includes the cipher modules blowfish, twofish and
> serpent in addition to the default cipher (AES).
Aren't these ciphers in the mainline kernel yet ?
Can loop-aes's on-disk bulk data format be emulated with dm-crypt ?
Ian.
Reply to: