Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [opensuse] cryptoloop
  • From: Oliver Tennert <O.Tennert@xxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 21 Apr 2006 15:42:29 +0200
  • Message-id: <200604211542.30809.tennert@xxxxxxxxxxxxxxxxxxxx>
Am Freitag, 21. April 2006 15:23 schrieb Carl-Daniel Hailfinger:
> And back at the time it was said that dm-crypt had the same problems.
> Maybe these problems have been solved, maybe not.

There are two kinds of problems:

a) problems regarding the cryptoloop implementation
b) problems regarding the encryption mode

a) is solved because there is dm-crypt which may be used on-disk compatible
with cryptoloop, but has the advantage that is actively maintained and using
the device-mapper infrastructure.

as of b) when dm-crypt is used with plain IV mode, the encryption weakness
still remain of course. The point is that it offers enhanced security (not
PERFECT security of course!) because it offers other IV generation schemes,

> At the time SUSE
> switched to cryptoloop, dm-crypt was still broken. So exchanging
> an out-of-tree disk encryption solution with an in-tree solution
> that worked was the best option back then.

dm-crypt is as intree as cryptoloop is. The difference is: cryptoloop is not
maintained any more, whereas dm-crypt is. Moreover, have a look at the kernel
cryptoloop help text:

"WARNING: This device is not safe for journaled file systems like
ext3 or Reiserfs. Please use the Device Mapper crypto module
instead, which can be configured to be on-disk compatible with the
cryptoloop device."

> Since you refered to a quote from Jari Ruusu about the insecurity of
> cryptoloop, please try to find a quote from Rari Ruusu where he
> praises LUKS or dm-crypt. You won't find any. Instead you will find
> some quotes from Jari Ruusu where he criticizes them, too.

Maybe Jari Ruusi is not praising dm-crypt. But to be honest, Jari Ruusu has
always been developing a competing project (loop-AES), so he may be biased.

The insecurity of cryptoloop is not founded on his statements alone, although
his arguments are right by themselves. I may be allowed to refer you again to
Clemens Fr├╝hwirth's homepage which is full of documentation about the
weaknesses of plain IV scheme.

I may also refer to the one of the forthcoming issues of the German ct
magazine where the subject is dwelt upon, too.

> So according to your own arguments, SUSE should NOT ship LUKS or dm-crypt.

I cannot follow this logic. According to you, as dm-crypt is not proven to be
secure, one should switch to something which is proven to be certainly be
insecure and unmaintained?

Best regards


Going to church does not make a person religious, nor does going to
school make a person educated, any more than going to a garage makes a
person a car.
________________________________________creating IT solutions

Dr. Oliver Tennert
Senior Solutions Engineer
CAx Professional Services
science + computing ag
phone +49(0)7071 9457-598 Hagellocher Weg 71-75
fax +49(0)7071 9457-411 D-72070 Tuebingen, Germany

< Previous Next >
Follow Ups