[dm-devel] my encryption
Christophe Saout
christophe at saout.de
Mon Oct 13 07:44:02 UTC 2003
Am Mo, den 13.10.2003 schrieb jon at kollegiegaarden.dk um 13:54:
> As far as i remember:
> it can not change password without reencrypting the whole device
That's not correct. Doing this (without reencryption) is a pure
userspace issue. I haven't released any userspace tools yet, but this
isn't an issue with the in-kernel target.
> It doesnt shuffle the sectors arround
> (the freebsd GDBE does this)
Yes, I've read the paper. It's somewhat impressive. I like the ideas.
The current (cryptoloop compatible) way looks like a joke compared to
GDBE. But what I dislike with GDBE is that the ciphers used are fixed
and some things apparently can only be changed with recompiling it.
I think there has to be a more flexible way.
> It's not cross-platform.
Huh? It's only a device-mapper target, how can that be cross-platform?
It's tied to linux 2.6, yes.
> naturally it can be changed, but untill someone actualy does this...
I'm still willing to do this. I'm currently in a "waiting position".
I've read the GDBE papers and think we should go in that direction.
Possibly extend it to be able to load certain "personalities" (e.g.
cryptoloop compatible or GDBE like).
Adding these features to the core target, like shuffling of sectors,
automatically reading and caching these additional "encryption meta data
sectors" would require much more complexity though.
I personally like clean and flexible solutions and I think that my
cryptoloop compatible target is a clean one (compared to the cryptoloop
implementation) and it also seems to perform quite reasonably. I don't
like quick and dirty (no offence, I haven't seen your code yet) hacks.
If you are finished with your "official" work I would like to see us
cooperating. Working against each other seems like a waste of efforts,
especially because I'm doing this for fun and in my free time.
--
Christophe Saout <christophe at saout.de>
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
More information about the dm-devel
mailing list