From: Falko <fb1729@posteo.de>
To: Claudio Moretti <flyingstar16@gmail.com>
Cc: "dm-crypt@saout.de" <dm-crypt@saout.de>
Subject: Re: [dm-crypt] Cascading encryption how-to?
Date: Wed, 22 Jan 2014 14:31:41 +0100 [thread overview]
Message-ID: <52DFC83D.6060902@posteo.de> (raw)
In-Reply-To: <CAMw1ynQJQF-F45w-72DaqSXq74kqseie-PnfejexY0AvDhm6rA@mail.gmail.com>
Thank you.
I also found this
http://thread.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3357/focus=3358.
Regards
Falko
On 22.01.2014 00:56, Claudio Moretti wrote:
> (sorry, hit the wrong button)
>
> It was proposed in a brainstorming session[1] in 2008, but AFAIK it's never been
> implemented.
>
> I also found this[2] in which Milan said it's possible by creating LUKS over a
> LUKS device, but it's hell in terms of performance and you need to open every
> single device by itself (e.g. for aes-serpent-twofish you'd have to issue 3
> separate luksOpen commands).
>
> Since it creates performance issues, it might be best for you to create a regular
> LUKS device for - say your root filesystem and then, if you need it and your OS
> supports it, you can try
>
> a) using /etc/crypttab to "luksOpen" a part of that already encrypted partition (I
> haven't tried, but it might be possible), or
> b) use Truecrypt to unlock encrypted files you keep somewhere.
>
> Cheers,
>
> Claudio
>
> [1] http://code.google.com/p/cryptsetup/wiki/LUKSSpec20BrainStorming#Cascade_Ciphers
> [2] http://comments.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3020
>
>
> On Tue, Jan 21, 2014 at 11:50 PM, Claudio Moretti <flyingstar16@gmail.com
> <mailto:flyingstar16@gmail.com>> wrote:
>
> It was proposed in a brainstorming session[1]
>
>
> On Tue, Jan 21, 2014 at 8:59 PM, Falko <fb1729@posteo.de
> <mailto:fb1729@posteo.de>> wrote:
>
> Hey there,
>
> I was wondering how I set up cascading encryption like in Truecrypt (e.g.
> aes-twofish or even twofish-serpent-aes...). I tried this: cryptsetup -v -c
> serpent-twofish-xts-plain64 -s 512 -h sha512 --verify-passphrase -y
> --use-random
> luksFormat /dev/sdx which, of course, didn't work :o). I couldn't find
> anything in
> the man or internet either - only that it should be possible :o).
>
> Thanks
>
> Kind regards
>
> fb
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de <mailto:dm-crypt@saout.de>
> http://www.saout.de/mailman/listinfo/dm-crypt
>
>
>
prev parent reply other threads:[~2014-01-22 13:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-21 20:59 [dm-crypt] Cascading encryption how-to? Falko
2014-01-21 23:50 ` Claudio Moretti
2014-01-21 23:56 ` Claudio Moretti
2014-01-22 13:31 ` Falko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52DFC83D.6060902@posteo.de \
--to=fb1729@posteo.de \
--cc=dm-crypt@saout.de \
--cc=flyingstar16@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.