From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1DyCrY-0001W8-Jm for garchives@archives.gentoo.org; Thu, 28 Jul 2005 18:12:09 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j6SIAjwv029953; Thu, 28 Jul 2005 18:10:45 GMT Received: from smtp105.mail.sc5.yahoo.com (smtp105.mail.sc5.yahoo.com [66.163.169.225]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j6SI77DH031178 for ; Thu, 28 Jul 2005 18:07:08 GMT Received: (qmail 13548 invoked from network); 28 Jul 2005 18:07:38 -0000 Received: from unknown (HELO ?192.168.50.105?) (richard?j?fish@212.180.33.26 with plain) by smtp105.mail.sc5.yahoo.com with SMTP; 28 Jul 2005 18:07:37 -0000 Message-ID: <42E91F9C.1070700@asmallpond.org> Date: Thu, 28 Jul 2005 20:10:36 +0200 From: Richard Fish User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050723) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Encripting /home References: <200507272018.35098.pupeno@pupeno.com> <200507272148.11414.pupeno@pupeno.com> <42E87323.8040803@asmallpond.org> <200507281256.56500.pupeno@pupeno.com> In-Reply-To: <200507281256.56500.pupeno@pupeno.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 4d45513e-dc40-460a-b013-92f99e60b1ff X-Archives-Hash: 538fd6911a2607ad6cb0a16b6f856f93 Pupeno wrote: >On Thursday 28 July 2005 02:54, Richard Fish wrote: > > >>Pupeno wrote: >> >> >>>>I use the dm-crypt from the kernel.... >>>> >>>> >>>I've read that it is unsecure and I also read that it is not yet vory well >>>suported. >>> >>> >>Dm-crypt is fairly well supported, since it is in the kernel, but I find >>it to be harder to setup and less 'flexible' than loop-AES (the changing >>passphrase thing, for example). >> >> > >I know it is in the kernes, but I've read that there weren't good userland >tool to work with dm-crypt. Maybe that has changed and Gentoo's userland >tools can work with dm-crypt, what's the status of that ? > > Personally, I find cryptsetup/dm-crypt to be much more difficult to use than losetup/mount. With loop-AES, I have my fstab setup to automatically enable the encryption and prompt for the password when certain filesystems are mounted (of course, that only works if running 'mount' from the command line, for now). I do not think this is possible with dm-crypt yet. >Regarding loop-AES I've read it needs some heavy patching here and there, I >don't want to do any patching myself because I am likely to loose track of >it. > > Gentoo already includes the necessary patches if you have USE=crypt. You just have to remember to do "emerge loop-aes" after each kernel upgrade to rebuild the kernel module. >That's the idea, that scheme plus the best superted method out fo the box (or >the net, hehehe). I believe it is cryptoloop, but I am not sure. > > No no no, cryptoloop is completely brain-damaged security, and AFAIK, out of the kernel. Loop-AES would be the logical successor to cryptoloop from a functional and setup standpoint. -Richard -- gentoo-user@gentoo.org mailing list