Bug#614808: O: loop-aes - loop-AES encryption modules

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Max Vozeler writes ("Bug#614808: O: loop-aes - loop-AES encryption modules"):
> loop-aes has an active and helpful upstream maintainer
> and quite a few users.

Why are these people not using dm-crypt and luks ?  Or, why is this
code not using dm-crypt rather than an out-of-tree module ?  

These are serious questions, not rhetorical ones.  If there's a good
answer, fine.  Otherwise perhaps we should think about a compatibility
wrapper or something.


Looking at the Description:

>  loop-AES can be used to encrypt disk partitions, removable media,
>  swap space and other devices.

This is the functionality of dm-crypt.

>                               It provides measures to strengthen
>  the encryption: Passphrase seeds, multiple hash iterations, MD5 IV
>  and use of alternating encryption keys.

With dm-crypt these things can be done in userspace, and cryptsetup's
LUKS facilities would seem to be adequate to meet these objectives.
(Assuming by "alternating" we mean "alternative".)

>  Encryption keys can be stored in a GnuPG-encrypted keyfile, which
>  allows the passphrase to be changed without re-encryption. Keyfiles
>  can also be encrypted asymmetrically for multi-user access.

cryptsetup does not have these features but surely they can be made to
work with dm-crypt.

>  This package includes the cipher modules blowfish, twofish and
>  serpent in addition to the default cipher (AES).

Aren't these ciphers in the mainline kernel yet ?


Can loop-aes's on-disk bulk data format be emulated with dm-crypt ?

Ian.