From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fb1729@posteo.de>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id iaLf0T7UEjlt for <dm-crypt@saout.de>;
 Wed, 22 Jan 2014 14:31:44 +0100 (CET)
Received: from mx02a.posteo.de (mx02a.posteo.de [89.146.194.168])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 22 Jan 2014 14:31:44 +0100 (CET)
Message-ID: <52DFC83D.6060902@posteo.de>
Date: Wed, 22 Jan 2014 14:31:41 +0100
From: Falko <fb1729@posteo.de>
MIME-Version: 1.0
References: <52DEDFA2.3050305@posteo.de>
 <CAMw1ynSYYKW+akBEbYvGdJVc9x9hfF75u17j9210CW1xamVRcg@mail.gmail.com>
 <CAMw1ynQJQF-F45w-72DaqSXq74kqseie-PnfejexY0AvDhm6rA@mail.gmail.com>
In-Reply-To: <CAMw1ynQJQF-F45w-72DaqSXq74kqseie-PnfejexY0AvDhm6rA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Cascading encryption how-to?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Claudio Moretti <flyingstar16@gmail.com>
Cc: "dm-crypt@saout.de" <dm-crypt@saout.de>

Thank you.

I also found this
http://thread.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3357/focus=3358.

Regards
Falko

On 22.01.2014 00:56, Claudio Moretti wrote:
> (sorry, hit the wrong button)
> 
> It was proposed in a brainstorming session[1] in 2008, but AFAIK it's never been
> implemented.
> 
> I also found this[2] in which Milan said it's possible by creating LUKS over a
> LUKS device, but it's hell in terms of performance and you need to open every
> single device by itself (e.g. for aes-serpent-twofish you'd have to issue 3
> separate luksOpen commands).
> 
> Since it creates performance issues, it might be best for you to create a regular
> LUKS device for - say  your root filesystem and then, if you need it and your OS
> supports it, you can try
> 
> a) using /etc/crypttab to "luksOpen" a part of that already encrypted partition (I
> haven't tried, but it might be possible), or
> b) use Truecrypt to unlock encrypted files you keep somewhere.
> 
> Cheers,
> 
> Claudio
> 
> [1] http://code.google.com/p/cryptsetup/wiki/LUKSSpec20BrainStorming#Cascade_Ciphers
> [2] http://comments.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3020
> 
> 
> On Tue, Jan 21, 2014 at 11:50 PM, Claudio Moretti <flyingstar16@gmail.com
> <mailto:flyingstar16@gmail.com>> wrote:
> 
>     It was proposed in a brainstorming session[1]
> 
> 
>     On Tue, Jan 21, 2014 at 8:59 PM, Falko <fb1729@posteo.de
>     <mailto:fb1729@posteo.de>> wrote:
> 
>         Hey there,
> 
>         I was wondering how I set up cascading encryption like in Truecrypt (e.g.
>         aes-twofish or even twofish-serpent-aes...). I tried this: cryptsetup -v -c
>         serpent-twofish-xts-plain64 -s 512 -h sha512 --verify-passphrase -y
>         --use-random
>         luksFormat /dev/sdx which, of course, didn't work :o). I couldn't find
>         anything in
>         the man or internet either - only that it should be possible :o).
> 
>         Thanks
> 
>         Kind regards
> 
>         fb
>         _______________________________________________
>         dm-crypt mailing list
>         dm-crypt@saout.de <mailto:dm-crypt@saout.de>
>         http://www.saout.de/mailman/listinfo/dm-crypt
> 
> 
>