pinotj at club-internet.fr pinotj at club-internet.fr
Thu Feb 10 07:37:10 PST 2005

>De: "T_B" <T_B at sympatico.ca>
>Date: Wed, 9 Feb 2005 19:42:04 -0500
>A: hlfs-dev at linuxfromscratch.org
>Sujet: Re: Encryption


>Jerome:  I have been experimenting with loop-AES as well with HLFS.
>Initially I used the technique you describe, but after analyzing the swap
>partition, I found that there are vast amounts of swap file structure within
>the swap partition, even though the data is encrypted.  So I modified my
>initrd scripts to allocate a random key for the swap partition, mount it and
>then do a mkswap to /dev/loop<n>.  That way every thing is fully encrypted
>from one end of the partition to the other.

That's very interesting, I always wondered how the kernel did to encrypt by himself the swap, without the need to specify a key.
I didn't know he could leak some structural informations.
How did you figure that out ? By using some forensic tools ?

>Also I have my other partitions encrypted as well, except for a small boot
>partition that has the kernel, initrd.gz and grub directory.  The initrd
>accesses a Sony Puppy USB device that requires my fingerprint to fetch the
>keys needed to boot the system.  After booted, the USB device is removed.

Yeah, I was having this kind of idea. Actually, there is a lot of example in the README file of the loop-AES package.
How did you encrypt your root partition, with aespipe ?
It needs additional software that give some compiling issues with the current hlfs toolchain (uClibc). 

>So, there are others out here experimenting.

I thought so, that's why I was surprised not to have answer about my first mail. I think I'm just too much eager :-)

Happy hacking,

Jerome Pinot

More information about the hlfs-dev mailing list