[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [dm-devel] encrypted filesystem not encrypted?



Also, did you initialize the partition with random data before the
cryptsetup step? If not, you could be looking at stale, unencrypted
data.
e.g
       dd if=/dev/urandom of=/dev/sda3 
    or
       /sbin/badblocks -c 10240 -s -w -t random -v /dev/sda3

Either will do; the choice is how secure you want your actual data
and/or how long you're willing to wait for the seeding to complete.
--
bob

-----Original Message-----
From: dm-devel-bounces redhat com [mailto:dm-devel-bounces redhat com]
On Behalf Of Jonathan Brassow
Sent: Wednesday, August 01, 2007 10:43 AM
To: device-mapper development
Subject: Re: [dm-devel] encrypted filesystem not encrypted?

I'm guessing that you are bypassing your crypt device.  Depends on  
what your arguments are to the LVM commands.

cryptsetup will create a new device that sits on top of sda3 - you  
should use that one.  Do not use sda3 directly.

  brassow

On Jul 31, 2007, at 8:08 PM, chris wrote:

> Hi all,
>
> I was not sure which list to send this to, so I choose a couple  
> that looked like decent fits, please advise if there is one more  
> specific to the encryption.
>
> I am currently working on a project where we are converting some of  
> our filesystems to an encrypted fs using LVM2.  We are running  
> RHEL:  "2.6.9-55.0.2.ELsmp #1 SMP Tue Jun 12 17:59:08 EDT 2007 i686  
> i686 i386 GNU/Linux"
>
> We setup an encrypted filesystem using one of the open partitions  
> on the physical hard drive using "cryptsetup create /dev/sda3"  We  
> have verified this using the cryptsetup status, This shows the  
> filesystem as being encrypted as aes_plain 256 bit key.  We then  
> created an LVM and mounted the filesystem using the LVM.
>
> All seems to be well, except when our testers ran the following  
> command:
> head -c 5000 /dev/sda3
>
> They got some output that includes clear text and obviously not  
> encrypted data (along with encrypted data).  Some things are date  
> formatted strings like 20050912 which appears quite a few times in  
> the mounted filesystem, and in the raw device (/dev/sda3).
>
> I can post the exact commands that were used to create the  
> filesystem, but they are basically
> create partition ...sda3
> cryptsetup create /dev/sda3 (prompts for passphrase)
> pvcreate
> vgcreate
> lvcreate
> mount
>
> (TIA) any help (or light shed on this) is greatly appreciated!
>
> -chris
>
> --
> dm-devel mailing list
> dm-devel redhat com
> https://www.redhat.com/mailman/listinfo/dm-devel

--
dm-devel mailing list
dm-devel redhat com
https://www.redhat.com/mailman/listinfo/dm-devel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]