[WBEL-users] kerneli.org down?

Kirby C. Bohling kbohling@birddog.com
Wed, 22 Sep 2004 13:54:51 -0500 

	This looks all wrong to me.  Last time I investigated cryptoloop
(using kernel encryption and losetup to create a loop device which
is encrypted automatically) the problem was that:

losetup only supports DES and XOR encryption.  The maintainer
(Andries Brouwer) has the patches to support AES encryption, but
wasn't applying them because of some sort of legal issue (I thought
it was related to copyright, but it might be a crypto legality
issue).

If you go grab the Mandrake losetup SRPM (which I believe is
actually util-linux), they added AES support according to the
changelog in early 2002:

* Tue Jan 15 2002 Chmouel Boudjnah <chmouel@mandrakesoft.com> 2.11m-6mdk
  - Add encyrpted option for loop-AES.

	The kernel from RedHat doesn't have an DES (XOR isn't very good
encryption) module, it supports the updated standard AES.

	You had to fix one of the two tools to support what the other
one did last time I looked.  I believe I found the crytoloop patches
to make it work with AES and had it all working under RH7.1 or
RH7.2, but was reluctant to deploy it given that everytime losetup
was updated I had to rebuild the SRPM.

	Thanks,
		Kirby



On Wed, Sep 22, 2004 at 04:11:54PM +0300, Alex Georgiev wrote:
> There was a discussion in april, regarding cryptoloop , rhel
> and losetup.
> 
> Back then, rhel had cryptoloop compiled in the kernel - first
> prerequisite to use an encrypted file system. However the
> second prerequisite - adequate losetup needed to mount the
> encrypted file system was not available. The losetup
> package was two old.
> 
> Mr. John Morris opinion was that redhat included crypto loop for
> VPN purposes, but ommited losetep. The exact words:
> 
> >Guess they are still afraid of the legal/political implications.  Things
> >were moving in the right direction on the crypto front but 9/11 seems to
> >have moved things back a few years.  They included the crypto support in
> >the kernel for the VPN users I suspect, since few would argue against
> >secure networks for the corporate world, but encrypted filesystems have
> >had a counterculture aura to them.
> 
> I do not know if current U3 version of losetup supports cryptoloop, you
> have to check that yourself, but back then Mr. John Morris said:
> 
> > > The kernel support appears to be there but the losetup package is still
> > > unpatched.  I will be fixing that for my own use, probably won't roll it
> > > into the official package because WBEL is supposed to be as close to 
> RHEL
> > > as I can make it.  Probably will post it somewhere though.  I really 
> miss
> > > the crypto loopback with my ssh and gpg keyrings.
> 
> As I see U3 version of losetup is 2.11y.
> 
> On a debian system I have a working version of losetup with version:
> 
> 	2.12-4.backports.org.1
> 
> Anyone able to provide a patched losetup version?
> 
> Benjamin J. Weiss wrote:
> 
> >I've been trying to research methods of creating an encrypted file system, 
> >but so far all of the links to www.kerneli.org seem to be down.  Anybody 
> >know what's going on?
> >
> >Ben
> >
> >_______________________________________________
> >Whitebox-users mailing list
> >Whitebox-users@beau.org
> >http://beau.org/mailman/listinfo/whitebox-users
> >
> >
> 
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users@beau.org
> http://beau.org/mailman/listinfo/whitebox-users
>