Am Freitag, 21. April 2006 14:43 schrieb Lars Hecking:
Now, obviously SUSE ist going to switch from an absolutely not widespread solution to an obsolete solution, and furthermore announces this as a novelty for the next-generation enterprise distro. What is this? Every other Distro (Fedora, RedHat, Debian, Ubuntu et al.) is using dm-crypt and even going to
gentoo :)
integrate LUKS, only SUSE does not!
I really do NOT understand that in any way. Does anybody else?
I certainly don't - cryptoloop is not only obsolete, but has serious problems. Which is why I hacked dm-crypt support into 9.2, and I'm pretty sure it transfers to 10.0/10.1. Email me if you're interested in scripts and instructions, I meant to publish it all on ILUG but didn't find the time yet.
I am very interested though I must say that I am even more interested in not only integrating dm-crypt (which is more or less trivial) but also LUKS as THE default encrypted volume format as well. Moreover, the most non-trivial part is integrationg LUKS in a way to encrypt the root fs, too, which needs patching the initrd. Now, what I do not understand is: how come such a transition decision is made? It has nothing to do with (software) evolution, nor is it intelligent design. Therefore, it must be a MANAGEMENT DECISION. Why cryptoloop is bogus can be read here: http://lwn.net/Articles/67216/ And behold! The article is more than 2 years old! The security weaknesses of using CBC mode with a plain IV generation scheme is best explained on Clemens Frühwirth's homepage (the LUKS maintainer), so there's no need to repeat them here. Not to speak of the fact that afaik cryptoloop is not maintained any more (afaik the former maintainer has ironically been Clemens Frühwirth). So all in all, switching to cryptoloop NOW is complete nonsense. Best regards Oliver
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
-- If you make people think they're thinking, they'll love you; but if you really make them think they'll hate you. -- __ ________________________________________creating IT solutions Dr. Oliver Tennert Senior Solutions Engineer CAx Professional Services science + computing ag phone +49(0)7071 9457-598 Hagellocher Weg 71-75 fax +49(0)7071 9457-411 D-72070 Tuebingen, Germany O.Tennert@science-computing.de www.science-computing.de