From: Andi Kleen <ak@suse.de>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: 2.6.3-mm1
Date: Thu, 19 Feb 2004 07:37:34 +0100 [thread overview]
Message-ID: <20040219073734.309e396d.ak@suse.de> (raw)
In-Reply-To: <20040218025549.4e7c56a1.akpm@osdl.org>
On Wed, 18 Feb 2004 02:55:49 -0800
Andrew Morton <akpm@osdl.org> wrote:
> Andi Kleen <ak@suse.de> wrote:
> >
> > Andrew Morton <akpm@osdl.org> writes:
> >
> > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.3/2.6.3-mm1/
> > >
> > > - Added the dm-crypt driver: a crypto layer for device-mapper.
> > >
> > > People need to test and use this please. There is documentation at
> > > http://www.saout.de/misc/dm-crypt/.
> > >
> > > We should get this tested and merged up. We can then remove the nasty
> > > bio remapping code from the loop driver. This will remove the current
> > > ordering guarantees which the loop driver provides for journalled
> > > filesystems. ie: ext3 on cryptoloop will no longer be crash-proof.
> > >
> > > After that we should remove cryptoloop altogether.
> > >
> > > It's a bit late but cyptoloop hasn't been there for long anyway and it
> > > doesn't even work right with highmem systems (that part is fixed in -mm).
> >
> > Is it guaranteed that this thing will be disk format compatible to cryptoloop?
> > (mainly in IVs and crypto algorithms)
>
> Allegedly. Of course, doing this will simply retain crypto-loop's security
> weaknesses.
>
> > While 2.3 and 2.4 have broken the on disk format of crypto loop several
> > times (each time to a new "improved and ultimately perfect format")
> > I don't think that's acceptable for a mature OS anymore.
>
> Well I guess people are free to do that sort of thing with out-of-kernel
> patches.
>
> One question which needs to be adressed is whether dm-crypt adequately
> addresses crypto-loop's security weaknesses, and if so, how one should set
> it up to do so.
AFAIK the two big security weaknesses in most version of cryptoloop are:
(note that some versions have it fixed with various hacks)
- Weak IV
- Extremly bad key management
The first can be addressed in an crypto API module e.g. with an hashed IV, but it needs a
stable IV format from dm-crypto (that is one of the things I asked for)
The second one is more a user space problem. However to solve it you need metadata.
It would be much nicer if it was possible to store it on the block device directly
(with a special losetup flag for compatibility). Otherwise you get into nasty
chicken and egg problems with fully encrypted systems.
Supporting metadata can be quite simple - e.g. a standard header on the first blocks that
has a length and a number of records with unique IDs. And the kernel driver would need
to skip over these headers.
-Andi
next prev parent reply other threads:[~2004-02-18 11:09 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040217232130.61667965.akpm@osdl.org.suse.lists.linux.kernel>
2004-02-18 10:43 ` 2.6.3-mm1 Andi Kleen
2004-02-18 10:55 ` 2.6.3-mm1 Andrew Morton
2004-02-19 6:37 ` Andi Kleen [this message]
2004-02-18 13:45 ` 2.6.3-mm1 Joe Thornber
2004-02-19 11:52 ` 2.6.3-mm1 Andi Kleen
2004-02-18 23:27 ` 2.6.3-mm1 Andrew Morton
2004-02-19 17:54 ` 2.6.3-mm1 Andi Kleen
[not found] <1qujU-5xX-31@gated-at.bofh.it>
[not found] ` <1qCUf-4vn-41@gated-at.bofh.it>
[not found] ` <1qGuR-bb-25@gated-at.bofh.it>
[not found] ` <1qGO2-uG-13@gated-at.bofh.it>
[not found] ` <1qGO5-uG-21@gated-at.bofh.it>
[not found] ` <1qGY1-RT-29@gated-at.bofh.it>
[not found] ` <1qGY1-RT-27@gated-at.bofh.it>
[not found] ` <1qIn3-5yq-23@gated-at.bofh.it>
2004-02-19 21:58 ` 2.6.3-mm1 Bill Davidsen
2004-02-19 22:01 ` 2.6.3-mm1 Christophe Saout
2004-02-18 7:21 2.6.3-mm1 Andrew Morton
2004-02-18 7:43 ` 2.6.3-mm1 Andrew Morton
2004-02-18 9:25 ` 2.6.3-mm1 Andrew Morton
2004-02-18 13:42 ` 2.6.3-mm1 Rusty Russell
2004-02-18 18:50 ` 2.6.3-mm1 Andrew Morton
2004-02-18 11:13 ` 2.6.3-mm1 Sean Neakums
2004-02-18 11:14 ` 2.6.3-mm1 Jonathan Brown
2004-02-18 12:37 ` 2.6.3-mm1 Sean Neakums
2004-02-18 14:26 ` 2.6.3-mm1 Ramon Rey Vicente
2004-02-18 18:55 ` 2.6.3-mm1 Andrew Morton
2004-02-18 19:06 ` 2.6.3-mm1 Matthew Wilcox
2004-02-18 16:16 ` 2.6.3-mm1 Bill Davidsen
2004-02-18 20:04 ` 2.6.3-mm1 Brandon Low
2004-02-18 20:22 ` 2.6.3-mm1 Andrew Morton
2004-02-18 20:33 ` 2.6.3-mm1 Brandon Low
2004-02-18 20:52 ` 2.6.3-mm1 Andrew Morton
2004-02-18 20:52 ` 2.6.3-mm1 Brandon Low
2004-02-18 21:00 ` 2.6.3-mm1 Andrew Morton
2004-02-18 22:15 ` 2.6.3-mm1 Christophe Saout
2004-02-19 0:33 ` 2.6.3-mm1 Brandon Low
2004-02-19 12:39 ` 2.6.3-mm1 Christophe Saout
2004-02-18 17:50 ` 2.6.3-mm1 James Simmons
2004-02-22 2:46 ` 2.6.3-mm1 William Lee Irwin III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040219073734.309e396d.ak@suse.de \
--to=ak@suse.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox