Max Vozeler writes ("Bug#614808: O: loop-aes - loop-AES encryption modules"):
> loop-aes has an active and helpful upstream maintainer
> and quite a few users.Why are these people not using dm-crypt and luks ? Or, why is this code not using dm-crypt rather than an out-of-tree module ? These are serious questions, not rhetorical ones. If there's a good answer, fine. Otherwise perhaps we should think about a compatibility wrapper or something. Looking at the Description: > loop-AES can be used to encrypt disk partitions, removable media, > swap space and other devices. This is the functionality of dm-crypt. > It provides measures to strengthen > the encryption: Passphrase seeds, multiple hash iterations, MD5 IV > and use of alternating encryption keys. With dm-crypt these things can be done in userspace, and cryptsetup's LUKS facilities would seem to be adequate to meet these objectives. (Assuming by "alternating" we mean "alternative".) > Encryption keys can be stored in a GnuPG-encrypted keyfile, which > allows the passphrase to be changed without re-encryption. Keyfiles > can also be encrypted asymmetrically for multi-user access. cryptsetup does not have these features but surely they can be made to work with dm-crypt. > This package includes the cipher modules blowfish, twofish and > serpent in addition to the default cipher (AES). Aren't these ciphers in the mainline kernel yet ? Can loop-aes's on-disk bulk data format be emulated with dm-crypt ? Ian. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
