LiveCD to include sha256 support?

PGF Junk Mail Account JunkMail at petergfrazier.com
Fri Feb 23 12:43:57 PST 2007


I am relatively unfamiliar with enabling sha256; I believe that sha256 has
to be build into the kernel.  Once it is present in the .../kernel/crypto
dir LUKS partitions will be able to be formatted (with the essiv option)
and/or opened directly from the liveCD... 

Setting up encrypted partitions is pretty straight forward with LUKS...
google them, download the tar, compile.... should be ready to go...

Issue commands like:

dd if=/dev/urandom of=/dev/sdcX bs=1

then [after eight or so days...] [dd is optional for testing purposes]

cryptsetup --verbose --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat
/dev/sdcX

[it is the "aes-cbc-essiv:sha256" command that necessitates the need for
sha256 support in the liveCD]

then

cryptsetp luksOpen /dev/sdcX sdcx

[without sha256 support in the liveCD, this command will also fail]

then 

mkfs.xfs /dev/mapper/sdcX

then

mkdir /mnt/sdcX

then
 
mount -t xfs -o nobarrier /dev/mapper/sdcX /mnt/sdcX

the "nobarrier" command helps if you are using it on a hw array, otherwise
you shouldn't need it.

...mess around with it... anything you write to it is encrypted.  If this
doesn't do it for you (maybe typing in a pass phrase every time is boring...
who knows) then you can easily use a secondary storage device (ie USB key)
to hold the access key...  setting that up is easy, but the directions on
the luks wiki are misleading... 

As is already known dd and luksFormat [in the above example] are destructive
commands; they will destroy data on sdcX.

Let me know if you need more info...

Peter

-----Original Message-----
From: livecd-bounces at linuxfromscratch.org
[mailto:livecd-bounces at linuxfromscratch.org] On Behalf Of Alexander E.
Patrakov
Sent: Thursday, February 22, 2007 0 37
To: Development of LFS LiveCD
Subject: Re: LiveCD to include sha256 support?

PGF Junk Mail Account wrote:

> I am very interested in seeing sha256 support in the LFS livecd...

Then please give me a pointer how to implement and test it. I have never 
used encrypted storage before.

Also note that this feature will be available only in the 6.2 series of the 
LiveCD, not 6.3-pre. In order to be able to update the kernel to 2.6.20.1 
(as the LFS SVN book demands), I have to drop all patches (reiser4 and 
loop-aes).

-- 
Alexander E. Patrakov
-- 
http://linuxfromscratch.org/mailman/listinfo/livecd
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page




More information about the livecd mailing list