[WBEL-users] Anybody using an encrypted file system on Whitebox?

Benjamin J. Weiss Benjamin J. Weiss" <benjamin@birdvet.org
Mon, 26 Jul 2004 17:16:53 -0500 (CDT) 

On Mon, 26 Jul 2004, Kirby Bohling wrote:

> On Mon, Jul 26, 2004 at 04:45:18PM -0500, Benjamin J. Weiss wrote:
> > I've been searching for a way to encrypt a directory with some private 
> > files, and came across cfs.  The only problem is that the code looks like 
> > it hasn't been updated in three years.
> > 
> > I'm hoping for something relatively easy that doesn't require kernel 
> > patching.  CFS and CryptFS look like they've been abandoned.  I'm looking 
> > into losetup now, though I've heard that it's kinda slow.
> > 
> > Anybody actually doing this now?
> 
> 
> I've looked into it at various points.  In the end, I either had to
> patch my utilities (util-linux), or I had to patch my kernel.
> 
> The standard util-linux doesn't have support for AES, and the stock
> Redhat kernel doesn't have support for DES (at least not that I've
> found).

The annoying thing is that it apparently works "out of the box" with
mandrake 9.1:

http://bopolissimus.sni.ph/index.php?m=200308  (search for losetup)

 
> losetup doesn't understand AES as an encryption type.  It's
> relatively straightforward to patch the utilities.  It's a pain in
> the butt, because you lose your ability to just use YUM to keep in
> sync.  At one point I had tracked down why, they aren't being
> applied to the older series of util-linux.  That might change with a
> 2.6 kernel.

Yeah, I was afraid of that.  I'd *really* hate losing the ability to 
maintain patches with YUM.
 
> Google quickly comes up with this:
> 
> http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=78550

Yep, saw this, guess I may have to start digging.

> You might have luck chasing down the threads from there.  There are
> plenty of howto's on how to do it out there.  Loops sorta slow, but
> it's probably the encryption.  Mount an ISO image loopback and see
> if that's slow.  The encryption is slow, because by it's very nature
> it's a complex calculation (granted DES runs well on anything that
> has a barrel shifter in hardware that gets used).
> 

Thanks!

Ben