[WBEL-users] Cryptoloop in stock WBEL kernel? Average time for security updates to get available?

[Phil Schaffner]

On Sun, 2004-04-18 at 16:23, John Morris wrote:
> On Sun, 18 Apr 2004, Alex Georgiev wrote:
> 
> > > The kernel support appears to be there but the losetup package is still 
> > > unpatched.  I will be fixing that for my own use, probably won't roll it 
> > > into the official package because WBEL is supposed to be as close to RHEL 
> > > as I can make it.  Probably will post it somewhere though.  I really miss 
> > > the crypto loopback with my ssh and gpg keyrings.
> > 
> > Are you sure? Redhat are selling an enterprise level os with
> > half-support for encrypted filesystesm? I find this hard to
> > grasp.
> 
> Guess they are still afraid of the legal/political implications.  Things
> were moving in the right direction on the crypto front but 9/11 seems to
> have moved things back a few years.  They included the crypto support in
> the kernel for the VPN users I suspect, since few would argue against
> secure networks for the corporate world, but encrypted filesystems have
> had a counterculture aura to them.

Red Hat, at least in Fedora Core 2 Test 2, is now including encrypted
filesystem support - making use of kernel 2.6 dm_crypt (successor to
cryptoloop): https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120487

Be careful of the old cryptoloop patches to 2.4 kernels as they do not
provide a robust encryption scheme: http://kerneltrap.org/node/view/2433
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111536

However, cryptoloop does seem to be the only viable route to getting
encrypted filesystem support with 2.4 kernels.  Links in the above URLs
show the way.

Phil