Oliver Tennert schrieb:
On Fri, 21 Apr 2006, Henne Vogelsang wrote:
The advantage you get however if you switch to dm-crypt is: actively maintained code plus additional features and enhanced security.
In reality dm-crypt is as maintained as cryptoloop
Is it? I just have a look at cryptoloop.c and see the latest changes are dated 2003.
Not correct. Last change in drivers/block/cryptoloop.c happended 2005-09-02 by Herbert Xu. That one however was not crypto related. On the other hand, the last change in drivers/md/dm-crypt.c happened 2006-03-27 by Andrew Morton. Much more notable is that dm-crypt always leaked its key, a bug that was only fixed in January 2006. Such a bug is obviously not a sign of quality. And I wouldn't describe "always leaking the key" as enhanced security either. But it surely is an additionaly feature from the attacker's point of view. Regards, Carl-Daniel -- http://www.hailfinger.org/