LinuxLists.cc - Announce loop-AES-v2.2c file/swap crypto package

2004-10-24 17:16:46

Subject: Announce loop-AES-v2.2c file/swap crypto package

loop-AES changes since previous release:
- Added compile time autodetection and workaround for per-thread vs.
per-process rlimits (2.6 kernels).
- Added Gentoo compatible binary key setup option to mount and losetup
'mount -p 0 -o phash=unhashed3' or 'losetup -p 0 -H unhashed3'.
- Added random key setup option to mount and losetup. This can be used to
encrypt /tmp with random keys.
- Added workaround for module_param_array() breakage in 2.6.10-rc

bzip2 compressed tarball is here:

http://loop-aes.sourceforge.net/loop-AES/loop-AES-v2.2c.tar.bz2
md5sum 439a25bd1e85e8053bf0cf3c504279ed

http://loop-aes.sourceforge.net/loop-AES/loop-AES-v2.2c.tar.bz2.sign

--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD

2004-10-25 16:55:39

by Jari Ruusu

[permalink] [raw]

Subject: Re: Announce loop-AES-v2.2c file/swap crypto package

Jari Ruusu wrote:
> - Added random key setup option to mount and losetup. This can be used to
> encrypt /tmp with random keys.

As some of you may have noticed, new example 4 of loop-AES README file was
fucked up. One important step was missing from example 4 instructions, and
if those instructions were followed literally, /tmp partition most likely
ended up being unwritable by non-root users.

Below is the fix in patch form, and URL of full corrected README file:

http://loop-aes.sourceforge.net/loop-AES.README

--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD

--- ../loop-AES-v2.2c/README Sun Oct 24 19:19:00 2004
+++ ./README Mon Oct 25 19:15:39 2004
@@ -1,4 +1,4 @@
-Written by Jari Ruusu <[email protected]>, October 24 2004
+Written by Jari Ruusu <[email protected]>, October 25 2004

Copyright 2001,2002,2003,2004 by Jari Ruusu.
Redistribution of this file is permitted under the GNU Public License.
@@ -616,7 +616,10 @@

/dev/hda555 /tmp ext2 defaults,loop=/dev/loop2,encryption=AES128,phash=random 0 0
^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^ ^
-Third, run "mount /tmp" command and you are done.
+Third, run "mount /tmp" and "chmod a+rwxt /tmp" commands.
+
+Fourth, make sure that "chmod a+rwxt /tmp" command is run by init scripts
+somewhere after "mount -a" command is run.

Encryption keys and plaintext data on above type mount vanish on unmount or
power off. Using journaled file system in such case does not make much