70 lines
2.8 KiB
HTML
70 lines
2.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Loopback Encrypted Filesystem HOWTO: Introduction</TITLE>
|
|
<LINK HREF="Loopback-Encrypted-Filesystem-HOWTO-3.html" REL=next>
|
|
<LINK HREF="Loopback-Encrypted-Filesystem-HOWTO-1.html" REL=previous>
|
|
<LINK HREF="Loopback-Encrypted-Filesystem-HOWTO.html#toc2" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Loopback-Encrypted-Filesystem-HOWTO-3.html">Next</A>
|
|
<A HREF="Loopback-Encrypted-Filesystem-HOWTO-1.html">Previous</A>
|
|
<A HREF="Loopback-Encrypted-Filesystem-HOWTO.html#toc2">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s2">2. Introduction</A></H2>
|
|
|
|
<P>The process uses the device '/dev/loop*' (where * can be 0-7 on
|
|
most installations) to mount a loopback filesystem. The same
|
|
process can be used without encryption to store a linux
|
|
filesystem on a non-linux partition. There is a HOWTO on this at
|
|
the LDP site mentioned previously.
|
|
<P>Different types of encryption can be used, including XOR, DES,
|
|
twofish, blowfish, cast128, serpent, MARS, RC6, DFC, and IDEA.
|
|
The program 'losetup' (loopback setup) is what associates your
|
|
encrypted file with a filesystem and it's cipher type. According
|
|
to Alexander
|
|
Kjeldaas, who maintains kerneli.org and the international crypto
|
|
patches, DES
|
|
and losetup are currently incompatible. This is due to
|
|
differences in the way
|
|
the two handle parity bits. There are no plans to support DES as
|
|
it is much
|
|
more insecure than the other ciphers.
|
|
<P>Twofish, blowfish, cast128, and serpent are all licensed free for
|
|
any use.
|
|
The others may or may not have licensing restrictions. Several
|
|
of them are
|
|
candidates for the AES standard. The finalists will provide
|
|
royalty free use
|
|
of their ciphers worldwide.
|
|
<P>This document uses the serpent algorithm because it is strong yet
|
|
remarkably fast, and it's freely distributable under the GPL.
|
|
According to
|
|
it's documentation, serpent uses a 128-bit block cipher designed
|
|
by Ross
|
|
Anderson, Eli Biham and Lars Knudsen. It provides users with the
|
|
highest
|
|
practical level of assurance that no shortcut attacks will be
|
|
found. The
|
|
documentation on serpent as well as the source code can be found
|
|
at:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
<A HREF="http://www.cl.cam.ac.uk/~rja14/serpent.html">http://www.cl.cam.ac.uk/~rja14/serpent.html</A></CODE></BLOCKQUOTE>
|
|
<P>Also, this document assumes that the ciphers are compiled
|
|
directly into the
|
|
kernel. You may install them as modules, but the technique is
|
|
not discussed
|
|
in this document. You will have to edit the file
|
|
'/etc/conf.module'; the
|
|
process is discussed in detail in the kernel compilation HOWTO
|
|
referenced previously.
|
|
<P>
|
|
<HR>
|
|
<A HREF="Loopback-Encrypted-Filesystem-HOWTO-3.html">Next</A>
|
|
<A HREF="Loopback-Encrypted-Filesystem-HOWTO-1.html">Previous</A>
|
|
<A HREF="Loopback-Encrypted-Filesystem-HOWTO.html#toc2">Contents</A>
|
|
</BODY>
|
|
</HTML>
|