[WBEL-users] Cryptoloop in stock WBEL kernel? Average time for
security updates to get available?
Phil Schaffner
Philip.R.Schaffner@NASA.gov
Mon, 19 Apr 2004 14:29:14 -0400
On Sun, 2004-04-18 at 16:23, John Morris wrote:
> On Sun, 18 Apr 2004, Alex Georgiev wrote:
>
> > > The kernel support appears to be there but the losetup package is still
> > > unpatched. I will be fixing that for my own use, probably won't roll it
> > > into the official package because WBEL is supposed to be as close to RHEL
> > > as I can make it. Probably will post it somewhere though. I really miss
> > > the crypto loopback with my ssh and gpg keyrings.
> >
> > Are you sure? Redhat are selling an enterprise level os with
> > half-support for encrypted filesystesm? I find this hard to
> > grasp.
>
> Guess they are still afraid of the legal/political implications. Things
> were moving in the right direction on the crypto front but 9/11 seems to
> have moved things back a few years. They included the crypto support in
> the kernel for the VPN users I suspect, since few would argue against
> secure networks for the corporate world, but encrypted filesystems have
> had a counterculture aura to them.
Red Hat, at least in Fedora Core 2 Test 2, is now including encrypted
filesystem support - making use of kernel 2.6 dm_crypt (successor to
cryptoloop): https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120487
Be careful of the old cryptoloop patches to 2.4 kernels as they do not
provide a robust encryption scheme: http://kerneltrap.org/node/view/2433
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111536
However, cryptoloop does seem to be the only viable route to getting
encrypted filesystem support with 2.4 kernels. Links in the above URLs
show the way.
Phil