LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-01-2006, 02:59 AM   #1
Zmyrgel
Senior Member
 
Registered: Dec 2005
Location: Finland
Distribution: Slackware, CentOS, RHEL, OpenBSD
Posts: 1,006

Rep: Reputation: 37
Loop-AES questions


Hi,

I was thinking on making a distro hop again, this time to Arch. I have used Arch once before but that didn't impress me as I din't even get my nVidia drivers installed

Im currently running Debian Sid with encrypted LVM partitions using the dm-crypt.
After browsing net a bit and making myself more familiar to encryption options I though to try the loop-AES as it seems to be more secure and faster option than the dm-crypt.

Does loop-AES work with LVM or how?

Correct me if I'm wrong, you can install a Arch and then encrypt the existing installation without erasing the data on partition with loop-aes?

I'm planning on using the Suspend2 also with the loop-aes. I'll follow this http://wiki.suspend2.net/EncryptedSwapAndRoot.

After I have sufficient info I think I try to install it on my laptop.
 
Old 10-02-2006, 05:05 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
I thought I knew the answer to your questions but I decided to verify what I thought I knew. It turns out that there is so much to know about this subject that I would like to just refer you to the sources that I found.

I have this file on my system partition.
/usr/share/doc/packages/util-linux/README.loop-AES-v2.2d

Also you can look for the web page here.
http://loop-aes.sourceforge.net/

I wish that I could have summarized it in a couple of sentences but I think that you really need to read the full story.
 
Old 10-03-2006, 08:50 AM   #3
Zmyrgel
Senior Member
 
Registered: Dec 2005
Location: Finland
Distribution: Slackware, CentOS, RHEL, OpenBSD
Posts: 1,006

Original Poster
Rep: Reputation: 37
I've read that readme and it would seem that system installed and then encrypted doesn't get wiped, is this correct?

What about LVM? Can I use LVM partition and encrypt that with loop-aes?
 
Old 10-03-2006, 09:12 AM   #4
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
The essential model is like this. You have a physical device. You associate an encryption module with a loop device and then create a link from this encrypted loop device to the real device. Then you communicate with the loop device. The real device can be a file, a disk, or a virtual device like a RAID set.

I wrote up the details for using a file as an encrypted file system. The principles remain the same. Check out this post of mine.

http://www.linuxquestions.org/questi...33#post2416433

I seem to recall something about encrypting a file system that already has data on it and keeping the data. I don't recall how that is done or what tool to use.

Last edited by stress_junkie; 10-03-2006 at 09:15 AM.
 
Old 10-03-2006, 09:36 AM   #5
Zmyrgel
Senior Member
 
Registered: Dec 2005
Location: Finland
Distribution: Slackware, CentOS, RHEL, OpenBSD
Posts: 1,006

Original Poster
Rep: Reputation: 37
Quote:
Originally Posted by stress_junkie
I seem to recall something about encrypting a file system that already has data on it and keeping the data. I don't recall how that is done or what tool to use.
I read the loop-aes readme and nothing in the root partition encryption seems to wipe the data from the partition AFAIK. Would be nice to know before I start to mess around with this

LVM issue isn't that important currently as I have only the root partition besides boot and swap.
 
Old 10-04-2006, 03:14 AM   #6
Zmyrgel
Senior Member
 
Registered: Dec 2005
Location: Finland
Distribution: Slackware, CentOS, RHEL, OpenBSD
Posts: 1,006

Original Poster
Rep: Reputation: 37
I think that I just try to install this and after this fails I'll go back to wiping my partition and do a fresh install with dm-crypt and luks.
 
Old 10-04-2006, 05:39 AM   #7
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
That is often the best approach. Make a backup. Try something. If it works then that's good. If it doesn't work then you still have your backup. Either way you learn something.
 
Old 10-04-2006, 06:05 AM   #8
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
I'm just starting to mess around with AES-loop encryption with a distro im making from slackware, so this thread myight be worth keeping an eye on
 
Old 10-04-2006, 12:44 PM   #9
Lotharster
Member
 
Registered: Nov 2005
Posts: 144

Rep: Reputation: 18
If you want to encrypt an xeisting partition, you can use aespipe and dd:

Code:
 dd if=/dev/hda1|aespipe (...)|dd of=/dev/hda1
This encrypts your first hard disk partition with loop-aes. You can also insert a lvm device instead of hda1. Of course, you should not do that with a partition that is currently mounted, and if something goes wrong during encryption (which will take some time depending on the disk size), e.g. a power failure, you will have a disk which is partly encrypted. So do a backup before you encrypt partitions with important stuff on them.

Btw, you can also use aespipe to encrypt iso files. That way, you can encrypt cdroms.

Regards,

Lotharster
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Loop-aes vs DM-crypt Frogular Linux - Security 3 12-26-2007 04:13 PM
Need help with loop-aes encryption. yanik Linux - Software 0 04-20-2006 08:59 AM
loop aes digi691 Linux - Security 6 05-27-2005 10:11 PM
loop-aes movery Linux - Security 0 01-14-2005 09:29 AM
loop-AES dm-crypt and Gentoo PrimusXPrimus Linux - Software 1 10-12-2004 06:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration