Hi,

losetup just deals for you with the different loop* devices, if they are encrypted or not is your choice:

a) not encrypted:

get and mount cd image:

dd if=/dev/cdrom of=/tmp/cd.iso losetup /dev/loop0 /tmp/cd.iso mount /dev/loop0 /mnt

b) encrypted partition:

losetup /dev/loop0 /dev/hda4 --encryption aes -k 256 --phash sha512 (for example) <enter your password> mke2fs /dev/loop0 mount /dev/loop0 /mnt

Which algorithm is securest ? That is a good question. First you should notice, that encryption in loop devices is block- based (des,3des,blowfish,aes etc), but runs in ECB- Mode. ECB: electronic code book -> every plaintext block has its permanent ciphertext block using the same key. When you encrypt/ decrypt data streams, the subsequent plaintext block is encrypted using the key AND eg. XORed by the preceding ciphertext block, aka IV (initialization vector), CBC (cipher block chaining). This makes it much more difficult for an evil decrypter to get/ guess the key. But using filesystems on top of the loop device the encryption engine does not know what the subsequent or preceding blocks are, so your nice algorithm runs in ECB- Mode. I would recommend you to check your data for your protective needs, even in corporate environements some of the available algorithms should fit them. Maybe its a good choice to compile a new kernel patched with the new crypto API, then there are several additional algorithms available. In the given example you can see AES (we hope it has no (more) design flaws) using 256 key-bits, SHA-1 hash (yes, NSA helped it to see the light) with 512 bit hash size. Once supplied your password, it is stored in memory, because every request to that new loop device must be served by the encryption code, that's the deal.

You can encrypt every block device, even try this with swap (but watch performance impacts). The geometry of loop-devices doesnt allow individual partitions, bcs there is only 1 cyl reported (fdisk /dev/loop0). Even when you are paranoid it is not proved, that they arent behind you actually. So: setup loop0 using AES etc, setup loop1 on top of loop0 using full keysize blowfish, setup loop2 on top of loop1 using ...<insert paranoia level here> and finaly mount loop[0...15] to /mnt . I like: AES, blowfish, twofish, GOST, long SHA-1, RIPEMD-160 .

When you fear serious attacks against your person to "get the secret key extracted", consider using deniable crypto filesystems. eg there is a second key decrypting your disk containing Goethe's works in icelandic.

Best regards,

Sandro Littke.

On Sun, 2003-06-01 at 13:45, Markus Hochmann wrote:

Hello,

I would like to know something about the encrypted devices (losetup) [1] : -Which algorithmus is the securest? -How do I get to know how many bits are used for encryption? -How secure is this at all? (Password in RAM/ on swap?; BF-attack?; very big partitions ~100GB) -Can the swap be randomly encrypted? (So nobody can read it after restart.)

Greets, Markus

[1] german: http://www.suse.de/de/private/support/howto/crypto/ english: http://sdb.suse.de/en/sdb/html/jsj_crypto_filesystem_mini_howto.html