TrueCrypt and RHEL4

isoides · 03-10-2009, 01:03 PM

I think I'm finally getting the hang of compiling TrueCrypt (6.1a) on RHEL 4 (2.6.9-78.0.13.ELsmp)*. I am however having some post build issues.

When I attempt to mount the new volume I get a message:

Code:

 Your system uses an old version of the Linux kernel.

 Due to a bug in the Linux kernel, your system may stop 
 responding when writing data to a TrueCrypt volume. 
 This problem can be solved by upgrading the kernel 
 to version 2.6.24 or later.

Does anybody know what bug they are referring to and what is meant by "may" (RFC2119 does not seem to apply).

I don't really have the option of stepping up to RHEL 5 at this time. Can I fix it in 4?

*Kernel Source Extraction, Fuse, wxWidgets, encryption headers, RTFM/RTFRM etc.

Many thanks in advance.

i

TB0ne · 03-10-2009, 05:18 PM

Quote:

Originally Posted by isoides

I think I'm finally getting the hang of compiling TrueCrypt (6.1a) on RHEL 4 (2.6.9-78.0.13.ELsmp)*. I am however having some post build issues.

When I attempt to mount the new volume I get a message:

Code:

 Your system uses an old version of the Linux kernel.

 Due to a bug in the Linux kernel, your system may stop 
 responding when writing data to a TrueCrypt volume. 
 This problem can be solved by upgrading the kernel 
 to version 2.6.24 or later.

Does anybody know what bug they are referring to and what is meant by "may" (RFC2119 does not seem to apply).

I don't really have the option of stepping up to RHEL 5 at this time. Can I fix it in 4?

*Kernel Source Extraction, Fuse, wxWidgets, encryption headers, RTFM/RTFRM etc.

Many thanks in advance.

i

You don't have to upgrade to RHEL5 to get the latest kernel. Get in touch with RedHat (since you've got RHEL), and get the latest kernel from them, complete with installation instructions. I *THINK* you could do it by typing in "yum upgrade kernel", but there may be some gotchas there.

isoides · 03-11-2009, 01:13 PM

Thanks TB0ne,

This rings true as a similarly configured system worked (after much kernel fiddling).

Yum is not installed RHEL4 still uses up2date. I'll probably open a ticket.

tux99 · 03-11-2009, 01:22 PM

Why don't you rather use dm-crypt (which is the Linux standard way of encrypting disks), install the cryptsetup command (should be available as RHEL4 package) and you are ready to go, much easier than compiling truecrypt.

See here for a thread discussing it, with some useful links:
http://mandrivausers.org/index.php?showtopic=81004

isoides · 03-12-2009, 09:36 AM

Woohooo Options!

I'm going to play with dm-crypt for a day or two and see how friendly it is.

Looks like I'll have to upgrade the Kernel either way.

http://mareichelt.de/pub/texts.cryptoloop.php
"Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are
vulnerable, and even recent dm-crypt still suffers from a weak crypto
implementation."

Given the complexity of all of this, I'm a bit intimidated by loop-AES. Thanks for the dm-crypt suggestion tux.

i

isoides · 03-22-2009, 05:13 PM

Just for closure sake.
We switched over to dm-crypt and haven't looked back. It took me and the dba a bit of time to figure out where to create the partition. I used LVM and neither of us has much experience with that tool. Should have been easier but it will be next time.