cryptoloop and ds-crypt

m wrote:
> I heard that cryptoloop and ds-crypt are backended and not at the
> highest level of security.
>
> If it is true what should I use to encrypt my partitions (also
> partitions inside one file created by dd)

ds-crypt ??????
Platform: Win95,Win98,WinME,WinNT 3.x,WinNT 4.x,WinXP,Windows2000

Not sure why/what "backended" conserns you, driving and jail time
excepted, the security level of cryptoloop is not, hmmm, "stringent".

dm-crypt
http://kerneltrap.org/node/2433
http://www.saout.de/misc/dm-crypt/

Probably not ready for prime time just yet, but you're encouraged to
give it a go, afaict. You might want to google for complaints/praises
and see if it's time to try it for your situation/distro.

hth,
prg

I heard that cryptoloop and ds-crypt are backended and not at the
highest level of security.

If it is true what should I use to encrypt my partitions (also
partitions inside one file created by dd)

--
best
Michal

> ds-crypt ??????

yes it was my small mistake :)
platform GNU/Linux

m <sq8ijk@poczta.onet.pl> pise na comp.os.linux.security:
> http://marc.theaimsgroup.com/?l=linu...631935&q=p3%22
>
> I meant, what should I use regarding to this article... ?

As the Jari said loopAES with multi-key mode is not vulnerable to the
known attacks, so the way I see it you dont have to many options.

--
____ __ ___| | ___ Ignorance is .~. hrvoje.spoljar@><.pbf.hr
(_-< '_ \/ _ \ |_/ -_) bliss, but / V \ irc # RoCkY
/__/ .__/\___/__/\___| knowledge is /( )\ icq : 53000945
|_| power! ^-^ http://spole.pbf.hr

http://marc.theaimsgroup.com/?l=linu...631935&q=p3%22

I meant, what should I use regarding to this article... ?

--
Michal

m wrote:
>
http://marc.theaimsgroup.com/?l=linu...631935&q=p3%22
>
> I meant, what should I use regarding to this article... ?
>

Well, that's your decision ;)

I'm no crypto guy -- but I don't have anything on my disks that a
crypto guy would be interested in, do I?

Point is, you have to decide if you're guarding "Fort Knox" or "Fort
Dirty Socks". Only you can decide that and what you imagine the
nefarious do-wrongers would do with your stuff.

The link you posted is usual stuff from this guy -- no slam on him --
and I would not be surprised if he has a good point. There are a
number of kernel "non-contributors" with particular expertise that
can't get their work accepted into the kernel for who knows what
reasons.

My impression from past forays/reading into this would suggest that his
work is "superior" in a crypto sense, so if you require that level of
"toughness", you can/will have to roll your own for each setup. Lot's
of stuff pre-prepared for you out there to help out, but it's still up
to you to keep up and keep on top. I think some distros are beginning
to "support" his efforts (something almost required these days for an
"outsider" to get his stuff into the kernel).

Are your needs worth the effort? Can satisfying your needs be confined
to a single disk/server? Are your needs worth the effort of supporting
this on multiple machines?

Note that many folks concerned about leaving around "loose" info on
disks don't factor the trouble/time/expense required to recover such
stuff. Why would _anybody_ be interested in your stuff to make this a
worthwhile gamble. People that recover even minimally encrypted hard
disk data have to have a _really_ good reason to expend the effort. If
they knew what was on the disk ahead of time they wouldn't need to
decrypt it. If they can't be _sure_ what _is_ on the disk (or even how
much effort will be required to find out) what's the incentive to try
to get your stuff?

Now if you're storing data similar to that in the news lately, well,
you might _really_ want to consider _every_ mechanism to secure your
data;)

So, it's in your lap to decide what is worth the effort.

regards,
prg

On Mon, 25 Apr 2005 21:22:54 +0000, m wrote:

> I heard that cryptoloop and ds-crypt are backended and not at the
> highest level of security.
>
> If it is true what should I use to encrypt my partitions (also
> partitions inside one file created by dd)

First, thanks for pointing that weakness of cryptoloop.

I've checked that (using cryptoloop) if you make a new encrypted
container inside a previous encrypted container, the watermark proggies
fail to find the watermarked files. I've used two different encryption
algorithms but I don't know it that's really needed. You may need a fast
CPU to do this.