Carlos E. R. wrote:
Ah! Before I forget: I wrote to '/etc/sysconfig/kernel' this line:
MODULES_LOADED_ON_BOOT="cryptoloop twofish"
I think this should work to load those two modules instead of using boot.local
It will, but it will be over-written on upgrade. The point about /etc/boot.local is that it is (supposed to be!) protected when upgrading (and is also easy to backup / restore manually). Same applies to a number of other files with similar names (I think this is specific to OpenSuSE ?)
My procedure is simpler. First I create an empty file:
nimrodel:~ # nice dd if=/dev/zero of=crypta_f_dvd \ bs=1MB count=4700 ...
I didn't think to randomize it, as I suppose the encryption thing will do its work. The file has the exact size of a DVD image. Then I encrypt it via loop:
As a general principle, you should use a fresh (different) random set for each such encrypted file / disc, so that an attacker has less to go on when trying to crack it (e.g. by comparing encrypted files & looking for correlations). The extra security is probably rather irrelevant here...
And I create the XFS filesystem on the loop device:
Just out of interest - why XFS?
The problem nowdays is that DVDs are too small for making backups of a 300 GiB HD :-(
Quite so. Even HD DVDs (when they finally become mainstream) are tiny in comparison. -- Cheers Richard (MQ) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org