Re: linux kernel loopback encryption

Eric Young (eay@cryptsoft.com)
Sat, 18 Jul 1998 10:00:21 +1000 (EST)

• Next message: Enzo Michelangeli: "Re: Random Data from Geiger Counter"
• Previous message: Paulo Barreto: "Re: ``Better DES challenge'' solved by John Gilmore and ``Deep Crack''"
• In reply to: Matt Blaze: "``Better DES challenge'' solved by John Gilmore and ``Deep Crack''"
• Next in thread: Jon Leonard: "Re: linux kernel loopback encryption"

On Fri, 17 Jul 1998, Bill Stewart wrote:
> At 09:41 PM 7/16/98 -0400, mgraffam@mhv.net wrote:
> >On Fri, 17 Jul 1998, Eric Young wrote:
> >> - Design your code to accept any cipher via some regularised API (even
> >> if the cipher to be used is specified at compile time via macros).
> >Yep, this is a really good idea. It also allows replacement of ciphers
> >as we get paranoid about some and gain confidence in others.
>
> In particular, designing _some_ kind of negotiation mechanism is important,
> so you can find what algorithms and parameters you're willing to use;
> otherwise everything tends to default to 3DES.

I'm not sure what system is normally used to 'initalise' an encrypted
partition, but make one of the parameters the crypto module to use. If it
is not present, fail.

> >> - How about making the ciphers loadable modules? Again, depending on
> >> the cipher used on a disk, dynamically load the module.
> Kernels are hard enough to mess with, and failures are often very bad.
> If you do make the cypher a loadable module, make sure the system
> will do something reasonable if it's not loaded.

Simple, don't mount the filesystem and give a suitable error message :-).

eric

• Next message: Enzo Michelangeli: "Re: Random Data from Geiger Counter"
• Previous message: Paulo Barreto: "Re: ``Better DES challenge'' solved by John Gilmore and ``Deep Crack''"
• In reply to: Matt Blaze: "``Better DES challenge'' solved by John Gilmore and ``Deep Crack''"
• Next in thread: Jon Leonard: "Re: linux kernel loopback encryption"