[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Disk (block device) encryption for Linux and *BSD?




>Apologies for the interruption,
>
>I'm looking for disk / partition encryption for Unix-alikes, especially
>Linux, OpenBSD and/or NetBSD.

Good luck. We're in the same boat. I'm using Andrew Mileski's patches,
but they're outdated, only implement CAST-128 and IDEA, and the user
interface leaves a lot to be desired. Writing a new user interface
is on my project list, but of course I can't export the thing.

>My websearch has been less than satisfactory - I found outdated Linux
>kernel patches for encryption loopback, and I distinctly remember reading
>about a serious bug in the use (or lack thereof) of key material in this
>code.

Andrew Mileski <[email protected]> has patches available via FTP from 
fractal.mta.ca, but they're very outdated. I think they're against 2.1.64,
but they'll run with kernels up to the 90s. Kernels after about 2.1.105
are hopelessly broken with regard to Andrew's patches, so I wouldn't advise
even trying it. If you use his patches, use kernel 2.1.105 or below.

I think those are in /pub/aem/crypto.

>Do patches for a current Linux kernel exist, and have all the known
>bugs been fixed?

There are several different versions floating around. There was some set
of patches on ftp.csua.berkeley.edu but they're outdated too. There was a
hole in some DES code somebody was distributing. 

>Also, there seems to be no version of Marutukku about that I can actually
>get to work on *BSD. Is Marutukku still being developed?

Again, good luck.

>Generally, is there a good page that tracks disk encryption for Unix?
>
>I'm currently using cfs here and there, and I have a specific question
>about that package, too:
>
>Does the cypherpunks list trust the patches that add Blowfish support
>to cfs?

Every time I've used CFS it has locked up into some kind of recursive loop
where it eats more and more CPU time until it finally takes all it can get.
Other people have had the same problem on both Linux and BSD. Other people
never have any problems. No clue why.