https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c4 --- Comment #4 from Ludwig Nussel <lnussel@novell.com> 2010-11-30 11:07:20 CET --- (In reply to comment #3)
(In reply to comment #2)
I think even today cryptoloop is still the only way to allow users to mount encrypted images.
dm-crypt can be used as well. As far as I remember, the catch is that losetup uses the password directly as key (optionally padded with zeros). So you can use e.g. cryptsetup if you force it to use unhashed password and ECB scheme (apart from the cipher/blocksize combination). Yet it probably isn't worth the effort to write a wrapper for mount just because of this.
That's the upstream util-linux behavior. Our patch adds password hashing. cryptsetup can set up such cryptoloop images just fine indeed, that's what boot.crypto does when reading /etc/cryptotab which was meant for use with cryptoloop. However, the problem is not the crypto stuff but the boring fact that mount is setuid root and the 'user' option allows unprivileged users to mount fstab entries. That's not possible with cryptsetup and /etc/crypttab. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.