From: Andi Kleen <ak@suse.de>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: 2.6.3-mm1
Date: Thu, 19 Feb 2004 07:37:34 +0100 [thread overview]
Message-ID: <20040219073734.309e396d.ak@suse.de> (raw)
In-Reply-To: <20040218025549.4e7c56a1.akpm@osdl.org>
On Wed, 18 Feb 2004 02:55:49 -0800
Andrew Morton <akpm@osdl.org> wrote:
> Andi Kleen <ak@suse.de> wrote:
> >
> > Andrew Morton <akpm@osdl.org> writes:
> >
> > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.3/2.6.3-mm1/
> > >
> > > - Added the dm-crypt driver: a crypto layer for device-mapper.
> > >
> > > People need to test and use this please. There is documentation at
> > > http://www.saout.de/misc/dm-crypt/.
> > >
> > > We should get this tested and merged up. We can then remove the nasty
> > > bio remapping code from the loop driver. This will remove the current
> > > ordering guarantees which the loop driver provides for journalled
> > > filesystems. ie: ext3 on cryptoloop will no longer be crash-proof.
> > >
> > > After that we should remove cryptoloop altogether.
> > >
> > > It's a bit late but cyptoloop hasn't been there for long anyway and it
> > > doesn't even work right with highmem systems (that part is fixed in -mm).
> >
> > Is it guaranteed that this thing will be disk format compatible to cryptoloop?
> > (mainly in IVs and crypto algorithms)
>
> Allegedly. Of course, doing this will simply retain crypto-loop's security
> weaknesses.
>
> > While 2.3 and 2.4 have broken the on disk format of crypto loop several
> > times (each time to a new "improved and ultimately perfect format")
> > I don't think that's acceptable for a mature OS anymore.
>
> Well I guess people are free to do that sort of thing with out-of-kernel
> patches.
>
> One question which needs to be adressed is whether dm-crypt adequately
> addresses crypto-loop's security weaknesses, and if so, how one should set
> it up to do so.
AFAIK the two big security weaknesses in most version of cryptoloop are:
(note that some versions have it fixed with various hacks)
- Weak IV
- Extremly bad key management
The first can be addressed in an crypto API module e.g. with an hashed IV, but it needs a
stable IV format from dm-crypto (that is one of the things I asked for)
The second one is more a user space problem. However to solve it you need metadata.
It would be much nicer if it was possible to store it on the block device directly
(with a special losetup flag for compatibility). Otherwise you get into nasty
chicken and egg problems with fully encrypted systems.
Supporting metadata can be quite simple - e.g. a standard header on the first blocks that
has a length and a number of records with unique IDs. And the kernel driver would need
to skip over these headers.
-Andi
next prev parent reply other threads:[~2004-02-18 11:09 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040217232130.61667965.akpm@osdl.org.suse.lists.linux.kernel>
2004-02-18 10:43 ` 2.6.3-mm1 Andi Kleen
2004-02-18 10:55 ` 2.6.3-mm1 Andrew Morton
2004-02-19 6:37 ` Andi Kleen [this message]
2004-02-18 13:45 ` 2.6.3-mm1 Joe Thornber
2004-02-19 11:52 ` 2.6.3-mm1 Andi Kleen
2004-02-18 23:27 ` 2.6.3-mm1 Andrew Morton
2004-02-19 17:54 ` 2.6.3-mm1 Andi Kleen
[not found] <1qujU-5xX-31@gated-at.bofh.it>
[not found] ` <1qCUf-4vn-41@gated-at.bofh.it>
[not found] ` <1qGuR-bb-25@gated-at.bofh.it>
[not found] ` <1qGO2-uG-13@gated-at.bofh.it>
[not found] ` <1qGO5-uG-21@gated-at.bofh.it>
[not found] ` <1qGY1-RT-29@gated-at.bofh.it>
[not found] ` <1qGY1-RT-27@gated-at.bofh.it>
[not found] ` <1qIn3-5yq-23@gated-at.bofh.it>
2004-02-19 21:58 ` 2.6.3-mm1 Bill Davidsen
2004-02-19 22:01 ` 2.6.3-mm1 Christophe Saout
2004-02-18 7:21 2.6.3-mm1 Andrew Morton
2004-02-18 7:43 ` 2.6.3-mm1 Andrew Morton
2004-02-18 9:25 ` 2.6.3-mm1 Andrew Morton
2004-02-18 13:42 ` 2.6.3-mm1 Rusty Russell
2004-02-18 18:50 ` 2.6.3-mm1 Andrew Morton
2004-02-18 11:13 ` 2.6.3-mm1 Sean Neakums
2004-02-18 11:14 ` 2.6.3-mm1 Jonathan Brown
2004-02-18 12:37 ` 2.6.3-mm1 Sean Neakums
2004-02-18 14:26 ` 2.6.3-mm1 Ramon Rey Vicente
2004-02-18 18:55 ` 2.6.3-mm1 Andrew Morton
2004-02-18 19:06 ` 2.6.3-mm1 Matthew Wilcox
2004-02-18 16:16 ` 2.6.3-mm1 Bill Davidsen
2004-02-18 20:04 ` 2.6.3-mm1 Brandon Low
2004-02-18 20:22 ` 2.6.3-mm1 Andrew Morton
2004-02-18 20:33 ` 2.6.3-mm1 Brandon Low
2004-02-18 20:52 ` 2.6.3-mm1 Andrew Morton
2004-02-18 20:52 ` 2.6.3-mm1 Brandon Low
2004-02-18 21:00 ` 2.6.3-mm1 Andrew Morton
2004-02-18 22:15 ` 2.6.3-mm1 Christophe Saout
2004-02-19 0:33 ` 2.6.3-mm1 Brandon Low
2004-02-19 12:39 ` 2.6.3-mm1 Christophe Saout
2004-02-18 17:50 ` 2.6.3-mm1 James Simmons
2004-02-22 2:46 ` 2.6.3-mm1 William Lee Irwin III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040219073734.309e396d.ak@suse.de \
--to=ak@suse.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.