Pupeno wrote:
On Thursday 28 July 2005 02:54, Richard Fish wrote:
Pupeno wrote:
I use the dm-crypt from the kernel....
I've read that it is unsecure and I also read that it is not yet vory well
suported.
Dm-crypt is fairly well supported, since it is in the kernel, but I find
it to be harder to setup and less 'flexible' than loop-AES (the changing
passphrase thing, for example).
I know it is in the kernes, but I've read that there weren't good userland
tool to work with dm-crypt. Maybe that has changed and Gentoo's userland
tools can work with dm-crypt, what's the status of that ?
Personally, I find cryptsetup/dm-crypt to be much more difficult to use
than losetup/mount. With loop-AES, I have my fstab setup to
automatically enable the encryption and prompt for the password when
certain filesystems are mounted (of course, that only works if running
'mount' from the command line, for now). I do not think this is
possible with dm-crypt yet.
Regarding loop-AES I've read it needs some heavy patching here and there, I
don't want to do any patching myself because I am likely to loose track of
it.
Gentoo already includes the necessary patches if you have USE=crypt.
You just have to remember to do "emerge loop-aes" after each kernel
upgrade to rebuild the kernel module.
That's the idea, that scheme plus the best superted method out fo the box (or
the net, hehehe). I believe it is cryptoloop, but I am not sure.
No no no, cryptoloop is completely brain-damaged security, and AFAIK,
out of the kernel. Loop-AES would be the logical successor to
cryptoloop from a functional and setup standpoint.
-Richard
--
gentoo-user@gentoo.org mailing list
