* [dm-crypt] Cascading encryption how-to? @ 2014-01-21 20:59 Falko 2014-01-21 23:50 ` Claudio Moretti 0 siblings, 1 reply; 4+ messages in thread From: Falko @ 2014-01-21 20:59 UTC (permalink / raw) To: dm-crypt Hey there, I was wondering how I set up cascading encryption like in Truecrypt (e.g. aes-twofish or even twofish-serpent-aes...). I tried this: cryptsetup -v -c serpent-twofish-xts-plain64 -s 512 -h sha512 --verify-passphrase -y --use-random luksFormat /dev/sdx which, of course, didn't work :o). I couldn't find anything in the man or internet either - only that it should be possible :o). Thanks Kind regards fb ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Cascading encryption how-to? 2014-01-21 20:59 [dm-crypt] Cascading encryption how-to? Falko @ 2014-01-21 23:50 ` Claudio Moretti 2014-01-21 23:56 ` Claudio Moretti 0 siblings, 1 reply; 4+ messages in thread From: Claudio Moretti @ 2014-01-21 23:50 UTC (permalink / raw) To: Falko; +Cc: dm-crypt@saout.de [-- Attachment #1: Type: text/plain, Size: 702 bytes --] It was proposed in a brainstorming session[1] On Tue, Jan 21, 2014 at 8:59 PM, Falko <fb1729@posteo.de> wrote: > Hey there, > > I was wondering how I set up cascading encryption like in Truecrypt (e.g. > aes-twofish or even twofish-serpent-aes...). I tried this: cryptsetup -v -c > serpent-twofish-xts-plain64 -s 512 -h sha512 --verify-passphrase -y > --use-random > luksFormat /dev/sdx which, of course, didn't work :o). I couldn't find > anything in > the man or internet either - only that it should be possible :o). > > Thanks > > Kind regards > > fb > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > [-- Attachment #2: Type: text/html, Size: 1176 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Cascading encryption how-to? 2014-01-21 23:50 ` Claudio Moretti @ 2014-01-21 23:56 ` Claudio Moretti 2014-01-22 13:31 ` Falko 0 siblings, 1 reply; 4+ messages in thread From: Claudio Moretti @ 2014-01-21 23:56 UTC (permalink / raw) To: Falko; +Cc: dm-crypt@saout.de [-- Attachment #1: Type: text/plain, Size: 1770 bytes --] (sorry, hit the wrong button) It was proposed in a brainstorming session[1] in 2008, but AFAIK it's never been implemented. I also found this[2] in which Milan said it's possible by creating LUKS over a LUKS device, but it's hell in terms of performance and you need to open every single device by itself (e.g. for aes-serpent-twofish you'd have to issue 3 separate luksOpen commands). Since it creates performance issues, it might be best for you to create a regular LUKS device for - say your root filesystem and then, if you need it and your OS supports it, you can try a) using /etc/crypttab to "luksOpen" a part of that already encrypted partition (I haven't tried, but it might be possible), or b) use Truecrypt to unlock encrypted files you keep somewhere. Cheers, Claudio [1] http://code.google.com/p/cryptsetup/wiki/LUKSSpec20BrainStorming#Cascade_Ciphers [2] http://comments.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3020 On Tue, Jan 21, 2014 at 11:50 PM, Claudio Moretti <flyingstar16@gmail.com>wrote: > It was proposed in a brainstorming session[1] > > > On Tue, Jan 21, 2014 at 8:59 PM, Falko <fb1729@posteo.de> wrote: > >> Hey there, >> >> I was wondering how I set up cascading encryption like in Truecrypt (e.g. >> aes-twofish or even twofish-serpent-aes...). I tried this: cryptsetup -v >> -c >> serpent-twofish-xts-plain64 -s 512 -h sha512 --verify-passphrase -y >> --use-random >> luksFormat /dev/sdx which, of course, didn't work :o). I couldn't find >> anything in >> the man or internet either - only that it should be possible :o). >> >> Thanks >> >> Kind regards >> >> fb >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > [-- Attachment #2: Type: text/html, Size: 2942 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Cascading encryption how-to? 2014-01-21 23:56 ` Claudio Moretti @ 2014-01-22 13:31 ` Falko 0 siblings, 0 replies; 4+ messages in thread From: Falko @ 2014-01-22 13:31 UTC (permalink / raw) To: Claudio Moretti; +Cc: dm-crypt@saout.de Thank you. I also found this http://thread.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3357/focus=3358. Regards Falko On 22.01.2014 00:56, Claudio Moretti wrote: > (sorry, hit the wrong button) > > It was proposed in a brainstorming session[1] in 2008, but AFAIK it's never been > implemented. > > I also found this[2] in which Milan said it's possible by creating LUKS over a > LUKS device, but it's hell in terms of performance and you need to open every > single device by itself (e.g. for aes-serpent-twofish you'd have to issue 3 > separate luksOpen commands). > > Since it creates performance issues, it might be best for you to create a regular > LUKS device for - say your root filesystem and then, if you need it and your OS > supports it, you can try > > a) using /etc/crypttab to "luksOpen" a part of that already encrypted partition (I > haven't tried, but it might be possible), or > b) use Truecrypt to unlock encrypted files you keep somewhere. > > Cheers, > > Claudio > > [1] http://code.google.com/p/cryptsetup/wiki/LUKSSpec20BrainStorming#Cascade_Ciphers > [2] http://comments.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3020 > > > On Tue, Jan 21, 2014 at 11:50 PM, Claudio Moretti <flyingstar16@gmail.com > <mailto:flyingstar16@gmail.com>> wrote: > > It was proposed in a brainstorming session[1] > > > On Tue, Jan 21, 2014 at 8:59 PM, Falko <fb1729@posteo.de > <mailto:fb1729@posteo.de>> wrote: > > Hey there, > > I was wondering how I set up cascading encryption like in Truecrypt (e.g. > aes-twofish or even twofish-serpent-aes...). I tried this: cryptsetup -v -c > serpent-twofish-xts-plain64 -s 512 -h sha512 --verify-passphrase -y > --use-random > luksFormat /dev/sdx which, of course, didn't work :o). I couldn't find > anything in > the man or internet either - only that it should be possible :o). > > Thanks > > Kind regards > > fb > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de <mailto:dm-crypt@saout.de> > http://www.saout.de/mailman/listinfo/dm-crypt > > > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-01-22 13:31 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-01-21 20:59 [dm-crypt] Cascading encryption how-to? Falko 2014-01-21 23:50 ` Claudio Moretti 2014-01-21 23:56 ` Claudio Moretti 2014-01-22 13:31 ` Falko
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox