Re: linux kernel loopback encryption

Jon Leonard (jleonard@divcom.slimy.com)
Fri, 17 Jul 1998 20:40:13 -0700

• Next message: Bruce Schneier: "Re: Newness of cryptographic algorithms & Diamond 2"
• Previous message: Bruce Schneier: "Re: linux kernel loopback encryption"
• In reply to: Anonymous: "Re: linux kernel loopback encryption"
• Next in thread: Eric Young: "Re: linux kernel loopback encryption"
• Reply: Eric Young: "Re: linux kernel loopback encryption"

On Fri, Jul 17, 1998 at 11:41:58AM +1000, Eric Young wrote:
>
> On Thu, 16 Jul 1998 mgraffam@mhv.net wrote:
> > Don't do any kernel code in assembler. The linux kernel runs on far more
> > than just ix86. Do it in well-written C that will be portable, and
> > compatible across architectures.
>
> I would make a few sugestions.

[most suggestions trimmed, as I like them and have no other comments]

> - How about making the ciphers loadable modules? Again, depending on
> the cipher used on a disk, dynamically load the module.
> My main interest in encrypted partions is for ZIP and JAZ drives where
> you have 100m+ removable disks with >1meg/sec transfer rates (scsi).
> I would like to be able to have the kernel modules I need on a
> non-encrypted partition of this disk. I have not played enough with
> the linux kernel, but it would be an easy way to support hardware devices
> etc. It would also be nice for encrypted CDs to hold their own cipher
> modules.

I don't think that a mechanism for automatically loading kernel modules off
of removable media is a good idea.

If you created the encrypted filesystem yourself, then you probably have the
encryption modules around on fixed media.

If you didn't create the media, what are you doing trusting someone else's
object code in your kernel, especially when you're building a secure system?

This is very similar to the issues with downloadable code (Java, ActiveX,
etc.), and also to the MS windows autorun CD feature. While it's probably
possible to design it in a secure manner, available examples imply that
there are big costs in either performance or security, usually both.

The closest thing that I would recommend would be a directory on the root
filesytem containing the compiled modules, indexed by name. Other media
then specify by name what encryption to use, possibly providing source
code. Anyone who runs such code without investigating it first probably
deserves what they get.

Jon Leonard

• Next message: Bruce Schneier: "Re: Newness of cryptographic algorithms & Diamond 2"
• Previous message: Bruce Schneier: "Re: linux kernel loopback encryption"
• In reply to: Anonymous: "Re: linux kernel loopback encryption"
• Next in thread: Eric Young: "Re: linux kernel loopback encryption"
• Reply: Eric Young: "Re: linux kernel loopback encryption"