From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1EwJg9-0002GP-GG for garchives@archives.gentoo.org; Tue, 10 Jan 2006 13:36:49 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id k0ADXYuT009083; Tue, 10 Jan 2006 13:33:34 GMT Received: from fe1.coxmail.com (fe1.cox-internet.com [66.76.2.38]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id k0ADVELi023437 for ; Tue, 10 Jan 2006 13:31:15 GMT Received: from [192.168.1.2] (really [70.178.215.64]) by fe1.coxmail.com (InterMail vM.6.01.05.00 201-2131-123-20050610) with ESMTP id <20060110133113.EDRU10477.fe1.coxmail.com@[192.168.1.2]> for ; Tue, 10 Jan 2006 07:31:13 -0600 From: "Boyd Stephen Smith Jr." To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] LUKS Date: Tue, 10 Jan 2006 07:31:08 -0600 User-Agent: KMail/1.9 References: <7babdf270601090857w75cd06d6o88a0fee6e8e30c49@mail.gmail.com> <7573e9640601090926s11cebbcendd4dd009bac4403f@mail.gmail.com> <7babdf270601100513j3ebca1eam743c30af3cbfbaa3@mail.gmail.com> In-Reply-To: <7babdf270601100513j3ebca1eam743c30af3cbfbaa3@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Message-Id: <200601100731.08605.bss03@volumehost.com> X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id k0ADVELi023437 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id k0ADXYv9009083 X-Archives-Salt: 626b42a8-2791-4814-82bb-218ab734ccc5 X-Archives-Hash: ac55ae68290fea7750d3131842509af2 On Tuesday 10 January 2006 07:13, Cl=E1udio Henrique=20 wrote about 'Re: [gentoo-user] LUKS': > On 1/9/06, Richard Fish wrote: > > > If I used on any of my HDs, will I be able to update them? > > > > What do you mean? > > I mean updating my system (emerge -u world) once I put it on a > cyphered partition. Encrypted block devices are accessed just like normal block devices, once= =20 the encryption keys are in memory. You are only asked for your passphras= e=20 once, each time the block device is created [1]. Generally, this will=20 only be during boot. > I was worried if the algorithm would make all the blocks=20 > dependents on each other. So, if I loose onde block, I'd be loosing > all the others. That's not necessary, since each sector has a separate initialization=20 vector. PlumbIV and CBC (along with the patent-encumbered CMC and EME) d= o=20 make the blocks within a sector dependent on one another, which is good=20 for resisting certain types of attacks. > What about the performance, is it too different from plain partition > usage? I never noticed the difference when I was using aes-loop on a 2GHz laptop= . =20 That said, it will depend on the algorithm you choose and the CPU you hav= e=20 available. Also, I /think/ aes-loop was supposed to be faster than=20 dm-crypt, but I believe the kernel's implementation of aes (and maybe=20 other ciphers) has gotten faster since the last benchmarks I saw. --=20 Boyd Stephen Smith Jr. bss03@volumehost.com ICQ: 514984 YM/AIM: DaTwinkDaddy [1] This choice of wording might be confusing. I am referring to when th= e=20 block device is assigned a minor number and the dm mapping loaded into th= e=20 kernel: creation of the block device. I am not referring to the=20 initialization of the LUKS "superblock", when the passphrase and algorith= m=20 are chosen. --=20 gentoo-user@gentoo.org mailing list