cryptoloop and ds-crypt

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I heard that cryptoloop and ds-crypt are backended and not at the
highest level of security.

If it is true what should I use to encrypt my partitions (also
partitions inside one file created by dd)


Re: cryptoloop and ds-crypt

m wrote:
Quoted text here. Click to load it

ds-crypt ??????
Platform: Win95,Win98,WinME,WinNT 3.x,WinNT 4.x,WinXP,Windows2000

Not sure why/what "backended" conserns you, driving and jail time
excepted, the security level of cryptoloop is not, hmmm, "stringent".

dm-crypt /

Probably not ready for prime time just yet, but you're encouraged to
give it a go, afaict.  You might want to google for complaints/praises
and see if it's time to try it for your situation/distro.


Re: cryptoloop and ds-crypt

 > ds-crypt ??????

yes it was my small mistake  :)
platform GNU/Linux

Re: cryptoloop and ds-crypt

I meant, what should I use regarding to this article... ?


Re: cryptoloop and ds-crypt

Quoted text here. Click to load it

As the Jari said loopAES with multi-key mode is not vulnerable to the
known attacks, so the way I see it you dont have to many options.

 ____ __  ___| |  ___   Ignorance is    .~.    hrvoje.spoljar@><
(_-< '_ \/ _ \ |_/ -_)  bliss, but     / V \   irc # RoCkY
/__/ .__/\___/__/\___|  knowledge is  /(   )\  icq : 53000945  
   |_|                  power!          ^-^

Re: cryptoloop and ds-crypt

m wrote:
Quoted text here. Click to load it
Quoted text here. Click to load it

Well, that's your decision ;)

I'm no crypto guy -- but I don't have anything on my disks that a
crypto guy would be interested in, do I?

Point is, you have to decide if you're guarding "Fort Knox" or "Fort
Dirty Socks".  Only you can decide that and what you imagine the
nefarious do-wrongers would do with your stuff.

The link you posted is usual stuff from this guy -- no slam on him --
and I would not be surprised if he has a good point.  There are a
number of kernel "non-contributors" with particular expertise that
can't get their work accepted into the kernel for who knows what

My impression from past forays/reading into this would suggest that his
work is "superior" in a crypto sense, so if you require that level of
"toughness", you can/will have to roll your own for each setup.  Lot's
of stuff pre-prepared for you out there to help out, but it's still up
to you to keep up and keep on top.  I think some distros are beginning
to "support" his efforts (something almost required these days for an
"outsider" to get his stuff into the kernel).

Are your needs worth the effort?  Can satisfying your needs be confined
to a single disk/server?  Are your needs worth the effort of supporting
this on multiple machines?

Note that many folks concerned about leaving around "loose" info on
disks don't factor the trouble/time/expense required to recover such
stuff.  Why would _anybody_ be interested in your stuff to make this a
worthwhile gamble.  People that recover even minimally encrypted hard
disk data have to have a _really_ good reason to expend the effort.  If
they knew what was on the disk ahead of time they wouldn't need to
decrypt it.  If they can't be _sure_ what _is_ on the disk (or even how
much effort will be required to find out) what's the incentive to try
to get your stuff?

Now if you're storing data similar to that in the news lately, well,
you might _really_ want to consider _every_ mechanism to secure your

So, it's in your lap to decide what is worth the effort.


Re: cryptoloop and ds-crypt

On Mon, 25 Apr 2005 21:22:54 +0000, m wrote:

Quoted text here. Click to load it

First, thanks for pointing that weakness of cryptoloop.

I've checked that (using cryptoloop) if you make a new encrypted
container inside a previous encrypted container, the watermark proggies
fail to find the watermarked files. I've used two different encryption
algorithms but I don't know it that's really needed. You may need a fast
CPU to do this.

Site Timeline