Encryption

Robert Connolly robert at linuxfromscratch.org
Thu Feb 10 11:00:01 PST 2005


Is that previous patch for the book still good? Or are there tweaks. I'd like 
to add it.

robert

On February 10, 2005 10:37 am, pinotj at club-internet.fr wrote:
> >De: "T_B" <T_B at sympatico.ca>
> >Date: Wed, 9 Feb 2005 19:42:04 -0500
> >A: hlfs-dev at linuxfromscratch.org
> >Sujet: Re: Encryption
>
> [...]
>
> >Jerome:  I have been experimenting with loop-AES as well with HLFS.
> >Initially I used the technique you describe, but after analyzing the swap
> >partition, I found that there are vast amounts of swap file structure
> > within the swap partition, even though the data is encrypted.  So I
> > modified my initrd scripts to allocate a random key for the swap
> > partition, mount it and then do a mkswap to /dev/loop<n>.  That way every
> > thing is fully encrypted from one end of the partition to the other.
>
> That's very interesting, I always wondered how the kernel did to encrypt by
> himself the swap, without the need to specify a key. I didn't know he could
> leak some structural informations.
> How did you figure that out ? By using some forensic tools ?
>
> >Also I have my other partitions encrypted as well, except for a small boot
> >partition that has the kernel, initrd.gz and grub directory.  The initrd
> >accesses a Sony Puppy USB device that requires my fingerprint to fetch the
> >keys needed to boot the system.  After booted, the USB device is removed.
>
> Yeah, I was having this kind of idea. Actually, there is a lot of example
> in the README file of the loop-AES package. How did you encrypt your root
> partition, with aespipe ?
> It needs additional software that give some compiling issues with the
> current hlfs toolchain (uClibc).
>
> >So, there are others out here experimenting.
>
> I thought so, that's why I was surprised not to have answer about my first
> mail. I think I'm just too much eager :-)
>
> Happy hacking,
>
> --
> Jerome Pinot
> http://ngc891.blogdns.net/



More information about the hlfs-dev mailing list