[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [dm-devel] my encryption



Am Mo, den 13.10.2003 schrieb jon kollegiegaarden dk um 13:54:

> As far as i remember:
> it can not change password without reencrypting the whole device

That's not correct. Doing this (without reencryption) is a pure
userspace issue. I haven't released any userspace tools yet, but this
isn't an issue with the in-kernel target.

> It doesnt shuffle the sectors arround
> (the freebsd GDBE does this)

Yes, I've read the paper. It's somewhat impressive. I like the ideas.
The current (cryptoloop compatible) way looks like a joke compared to
GDBE. But what I dislike with GDBE is that the ciphers used are fixed
and some things apparently can only be changed with recompiling it.

I think there has to be a more flexible way.

> It's not cross-platform.

Huh? It's only a device-mapper target, how can that be cross-platform?
It's tied to linux 2.6, yes.

> naturally it can be changed, but untill someone actualy does this...

I'm still willing to do this. I'm currently in a "waiting position".
I've read the GDBE papers and think we should go in that direction.
Possibly extend it to be able to load certain "personalities" (e.g.
cryptoloop compatible or GDBE like).

Adding these features to the core target, like shuffling of sectors,
automatically reading and caching these additional "encryption meta data
sectors" would require much more complexity though.

I personally like clean and flexible solutions and I think that my
cryptoloop compatible target is a clean one (compared to the cryptoloop
implementation) and it also seems to perform quite reasonably. I don't
like quick and dirty (no offence, I haven't seen your code yet) hacks.

If you are finished with your "official" work I would like to see us
cooperating. Working against each other seems like a waste of efforts,
especially because I'm doing this for fun and in my free time.

--
Christophe Saout <christophe saout de>
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]