LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Loop-AES questions (http://www.linuxquestions.org/questions/linux-security-4/loop-aes-questions-488408/)

Zmyrgel 10-01-2006 01:59 AM

Loop-AES questions
 
Hi,

I was thinking on making a distro hop again, this time to Arch. I have used Arch once before but that didn't impress me as I din't even get my nVidia drivers installed

Im currently running Debian Sid with encrypted LVM partitions using the dm-crypt.
After browsing net a bit and making myself more familiar to encryption options I though to try the loop-AES as it seems to be more secure and faster option than the dm-crypt.

Does loop-AES work with LVM or how?

Correct me if I'm wrong, you can install a Arch and then encrypt the existing installation without erasing the data on partition with loop-aes?

I'm planning on using the Suspend2 also with the loop-aes. I'll follow this http://wiki.suspend2.net/EncryptedSwapAndRoot.

After I have sufficient info I think I try to install it on my laptop.

stress_junkie 10-02-2006 04:05 PM

I thought I knew the answer to your questions but I decided to verify what I thought I knew. It turns out that there is so much to know about this subject that I would like to just refer you to the sources that I found.

I have this file on my system partition.
/usr/share/doc/packages/util-linux/README.loop-AES-v2.2d

Also you can look for the web page here.
http://loop-aes.sourceforge.net/

I wish that I could have summarized it in a couple of sentences but I think that you really need to read the full story.

Zmyrgel 10-03-2006 07:50 AM

I've read that readme and it would seem that system installed and then encrypted doesn't get wiped, is this correct?

What about LVM? Can I use LVM partition and encrypt that with loop-aes?

stress_junkie 10-03-2006 08:12 AM

The essential model is like this. You have a physical device. You associate an encryption module with a loop device and then create a link from this encrypted loop device to the real device. Then you communicate with the loop device. The real device can be a file, a disk, or a virtual device like a RAID set.

I wrote up the details for using a file as an encrypted file system. The principles remain the same. Check out this post of mine.

http://www.linuxquestions.org/questi...33#post2416433

I seem to recall something about encrypting a file system that already has data on it and keeping the data. I don't recall how that is done or what tool to use.

Zmyrgel 10-03-2006 08:36 AM

Quote:

Originally Posted by stress_junkie
I seem to recall something about encrypting a file system that already has data on it and keeping the data. I don't recall how that is done or what tool to use.

I read the loop-aes readme and nothing in the root partition encryption seems to wipe the data from the partition AFAIK. Would be nice to know before I start to mess around with this :)

LVM issue isn't that important currently as I have only the root partition besides boot and swap.

Zmyrgel 10-04-2006 02:14 AM

I think that I just try to install this and after this fails :) I'll go back to wiping my partition and do a fresh install with dm-crypt and luks.

stress_junkie 10-04-2006 04:39 AM

That is often the best approach. Make a backup. Try something. If it works then that's good. If it doesn't work then you still have your backup. Either way you learn something.

fotoguy 10-04-2006 05:05 AM

I'm just starting to mess around with AES-loop encryption with a distro im making from slackware, so this thread myight be worth keeping an eye on

Lotharster 10-04-2006 11:44 AM

If you want to encrypt an xeisting partition, you can use aespipe and dd:

Code:

dd if=/dev/hda1|aespipe (...)|dd of=/dev/hda1
This encrypts your first hard disk partition with loop-aes. You can also insert a lvm device instead of hda1. Of course, you should not do that with a partition that is currently mounted, and if something goes wrong during encryption (which will take some time depending on the disk size), e.g. a power failure, you will have a disk which is partly encrypted. So do a backup before you encrypt partitions with important stuff on them.

Btw, you can also use aespipe to encrypt iso files. That way, you can encrypt cdroms.

Regards,

Lotharster


All times are GMT -5. The time now is 01:24 AM.