Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [opensuse] cryptoloop
  • From: Henne Vogelsang <hvogel@xxxxxxxxxxxx>
  • Date: Fri, 21 Apr 2006 15:35:11 +0200
  • Message-id: <20060421133511.GM15857@xxxxxxxxxxxx>

On Friday, April 21, 2006 at 14:23:02, Oliver Tennert wrote:

> I understand that (Open)SUSE 10.1 ist going to be the test arena for SLES 10,
> or am I wrong?

You do. They are from the same codebase yes but SUSE Linux is no testbed
for SUSE Linux Enterprise 10!

> Now I have just read the Release Notes for SLES 10 RC1 and got struck by
> these lines:
> "Mounting Encrypted Partitions
> With SUSE Linux Enterprise Server 10 we switched to "cryptoloop" as the
> default
> encryption module. SUSE Linux Enterprise Server 9 used twofish256 using
> loop_fish2 with 256 bits. The old twofish is supported as twofish. Now we are
> using twofish256 using cryptoloop with 256 bits. The old twofish256 is
> supported as twofishSL92. The old twofish is supported as twofish.
> "
> Now, obviously SUSE ist going to switch from an absolutely not widespread
> solution to an obsolete solution, and furthermore announces this as a novelty
> for the next-generation enterprise distro. What is this? Every other Distro
> (Fedora, RedHat, Debian, Ubuntu et al.) is using dm-crypt and even going to
> integrate LUKS, only SUSE does not!
> I really do NOT understand that in any way. Does anybody else?

I do.

dm-crypt is far away from being the standard for encrypted filesystems.
It has the same problem with weak IV generation as cryptoloop. And ESSIV
is not very well analyzed yet (the things someone like David Wagner says
about it do not help either). It does not bring any significant
advantages over cryptoloop that justify the main problem we have with
making a switch. You have to provide an upgrade path. And with
enterprise products you have to provide an upgrade path for several
years (read 7). This means that the more often you switch the
implementation the more scenarios you have to cover in your upgrade path
and the likelier you will fail to provide one. [1]

On a sidenote: Everything you need to use dm-crypt is included since
several versions. Its just not default in YaST.

Please als note: All the current cryptofs implementations are far from
being complete (and good in a cryptographic sense). For instance they
dont provide fundamental cryptographic needs like providing integrity
(prevent corruption, reverting, swapping attacks) or prevention against

So in short, simply because its new and everybody else uses it its not
better in any way.


[1] Like we nearly did with the switch from loop_fish2 to cryptoloop in
9.2 where it was possible to shred certain crypto filesystems during the
installation and we had to make a hotfix letter for the box so people
where warned to not press certain keys (y, e, s and enter ;)

Henne Vogelsang, Core Services
"Rules change. The Game remains the same."
- Omar (The Wire)

< Previous Next >
Follow Ups