LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Loop-aes vs DM-crypt (http://www.linuxquestions.org/questions/linux-security-4/loop-aes-vs-dm-crypt-385324/)

Frogular 11-21-2005 08:31 PM

Loop-aes vs DM-crypt
 
I'd like to know the current consensus on whether loop-aes or dm-crypt is the preferred method of encryption; what their relative advantages and disadvantages are.

I have also read that dm-crypt has more known weaknesses than loop-aes and I was wondering if that is still the case for dm-crypt > 2.6.10.

ddaas 11-23-2005 07:29 AM

loop-aes is obsolete. that means it's old and not supported anymore.
dm-crypt (with luks) is the new standard for disk encryption.
Without doubts you should go for dm-crypt (with luks).


Advantage of dm-crypt over loop-aes:
- new standard, supported, future, etc etc
- no need to patch the kernel. The support for dm-crypt is already in the 2.6.x official kernel.
- if you use luks (Linux Unified key setup) there is the possibility to have more passpharase (max 5) for the encryption key. You could add/delete passphrases
- the key (with all the parameters - key length, algorithm etc) resides on you encryption partition at the first bloks of your hdd. This means that you can take you hard-drive and insert into another system(the kernel must be compiled with dm-crypt support) and it should work without any other modification from the user point of view.
- Maybe there are also other

If I am wrong, please correct me.


ddaas

bugmenot60 07-18-2006 11:14 AM

loop-aes, dm-crypt, etc
 
I personally use losetup -e AES256 on my Knoppix 4.0 live CD.

How secure is this?

pturing 12-26-2007 04:13 PM

Quote:

Originally Posted by ddaas (Post 1965318)
loop-aes is obsolete. that means it's old and not supported anymore.

This is not true. loop-aes is still being maintained. As of today, the last update was 2 months ago.


Quote:

Originally Posted by ddaas (Post 1965318)
- the key (with all the parameters - key length, algorithm etc) resides on you encryption partition at the first bloks of your hdd.

This is one of the reasons to use loop-aes... the idea being that the attacker has an advantage if they have access to the key. See section 8 of the loop-aes README file - http://loop-aes.sourceforge.net/loop-AES.README


All times are GMT -5. The time now is 11:47 PM.