-   Linux - Security (
-   -   Loop-AES questions (

Zmyrgel 10-01-2006 01:59 AM

Loop-AES questions

I was thinking on making a distro hop again, this time to Arch. I have used Arch once before but that didn't impress me as I din't even get my nVidia drivers installed

Im currently running Debian Sid with encrypted LVM partitions using the dm-crypt.
After browsing net a bit and making myself more familiar to encryption options I though to try the loop-AES as it seems to be more secure and faster option than the dm-crypt.

Does loop-AES work with LVM or how?

Correct me if I'm wrong, you can install a Arch and then encrypt the existing installation without erasing the data on partition with loop-aes?

I'm planning on using the Suspend2 also with the loop-aes. I'll follow this

After I have sufficient info I think I try to install it on my laptop.

stress_junkie 10-02-2006 04:05 PM

I thought I knew the answer to your questions but I decided to verify what I thought I knew. It turns out that there is so much to know about this subject that I would like to just refer you to the sources that I found.

I have this file on my system partition.

Also you can look for the web page here.

I wish that I could have summarized it in a couple of sentences but I think that you really need to read the full story.

Zmyrgel 10-03-2006 07:50 AM

I've read that readme and it would seem that system installed and then encrypted doesn't get wiped, is this correct?

What about LVM? Can I use LVM partition and encrypt that with loop-aes?

stress_junkie 10-03-2006 08:12 AM

The essential model is like this. You have a physical device. You associate an encryption module with a loop device and then create a link from this encrypted loop device to the real device. Then you communicate with the loop device. The real device can be a file, a disk, or a virtual device like a RAID set.

I wrote up the details for using a file as an encrypted file system. The principles remain the same. Check out this post of mine.

I seem to recall something about encrypting a file system that already has data on it and keeping the data. I don't recall how that is done or what tool to use.

Zmyrgel 10-03-2006 08:36 AM


Originally Posted by stress_junkie
I seem to recall something about encrypting a file system that already has data on it and keeping the data. I don't recall how that is done or what tool to use.

I read the loop-aes readme and nothing in the root partition encryption seems to wipe the data from the partition AFAIK. Would be nice to know before I start to mess around with this :)

LVM issue isn't that important currently as I have only the root partition besides boot and swap.

Zmyrgel 10-04-2006 02:14 AM

I think that I just try to install this and after this fails :) I'll go back to wiping my partition and do a fresh install with dm-crypt and luks.

stress_junkie 10-04-2006 04:39 AM

That is often the best approach. Make a backup. Try something. If it works then that's good. If it doesn't work then you still have your backup. Either way you learn something.

fotoguy 10-04-2006 05:05 AM

I'm just starting to mess around with AES-loop encryption with a distro im making from slackware, so this thread myight be worth keeping an eye on

Lotharster 10-04-2006 11:44 AM

If you want to encrypt an xeisting partition, you can use aespipe and dd:


dd if=/dev/hda1|aespipe (...)|dd of=/dev/hda1
This encrypts your first hard disk partition with loop-aes. You can also insert a lvm device instead of hda1. Of course, you should not do that with a partition that is currently mounted, and if something goes wrong during encryption (which will take some time depending on the disk size), e.g. a power failure, you will have a disk which is partly encrypted. So do a backup before you encrypt partitions with important stuff on them.

Btw, you can also use aespipe to encrypt iso files. That way, you can encrypt cdroms.



All times are GMT -5. The time now is 02:56 AM.