![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: Jari Ruusu <jari.ruusu@pp.inet.fi>
To: linux-crypto@nl.linux.org
Subject: Announce loop-AES-v1.4e file/swap crypto package
Date: Sat, 29 Sep 2001 17:54:23 +0300
In short: If file and swap crypto is all you need, this package is a hassle
free replacement for international crypto patch and HVR's cryptoapi.
This package provides loadable Linux kernel module (loop.o) that has AES
cipher built-in. AES cipher can be used to encrypt local file systems and
disk partitions. For more information about compiling and using the driver,
see the README file in the package.
Features:
- GPL license.
- No source modifications to kernel. No patch hassles when you are upgrading
your kernel.
- Works with all recent 2.4, 2.2 and 2.0 kernels, including distro vendor
kernels. Encrypted disk images are compatible across all supported
kernels.
- AES cipher is used in CBC mode. Supports 128, 192 and 256 bit keys.
- Passwords hashed with SHA-256, SHA-384 or SHA-512.
- 512 byte based IV. IV is immune to variations in transfer size and does
not depend on file system block size.
- Device backed (partition backed) loop is capable of encrypting swap on 2.4
kernels.
Changes since previous release:
- Execute depmod only if target was currently running kernel.
- loop.c-2.4.original updated to Linus' 2.4.10 + fixes from 2.4.9-ac16, with
ifdefs so it compiles on older kernels as well.
- Rest of AES finalist cipher names added to util-linux patch.
- External encryption module locking bug is fixed (kernel 2.2 only,
backported kernel 2.4 fix). This bug did not affect loop-AES operation at
all.
- Password seeds can be used to slow down dictionary attacks. "-S XXX"
option added to losetup, and "-o pseed=XXX" option added to mount.
- For device backed loops, allocate pages only from private pool during run
time (kernel 2.4 only). This eases stress on the VM as some of them can't
handle stress too well.
Note to people upgrading from version v1.4d to v1.4e: Loop-AES-v1.4d used
pre-allocated pages in addition to run time allocated pages. Loop-AES-v1.4e
and later rely solely on pre-allocated pages and don't allocate additional
pages at run time at all. If you have set up a non-default 'lo_prealloc'
value, please make sure to adjust it as needed. Values smaller than 50 are
not recommended, as that is likely to cause slow disk access.
bzip2 compressed tarball is here:
http://loop-aes.sourceforge.net/loop-AES-v1.4e.tar.bz2
md5sum 0561fdc04ae0b6a8330006fbe20796f5
PGP signature file, my public key, and fingerprint here:
http://loop-aes.sourceforge.net/loop-AES-v1.4e.tar.bz2.sign
http://loop-aes.sourceforge.net/PGP-public-key.asc
1024/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/