You are not logged in.

#26 2010-01-05 00:02:24

soloport
Member
Registered: 2005-03-01
Posts: 442

Re: LUKS vs. Truecrypt

bender02 wrote:

No, cryptoloop != loop-aes
- cryptoloop has some security issues (i can't find the link at the moment, but I remember reading this); and *is* in the mainline kernel
- loop-aes is a different beast, it's written by an encryption freak (so no known vulnerabilities), it was *not* accepted into the mainline kernel (I think the reason was some "political" issues), and you really need to compile your own kernel (on most distros, arch included) and then compile a patched loop driver.

Here's one place to start. smile

Offline

#27 2010-04-18 14:15:26

ItsMeAgainMartha
Member
Registered: 2010-04-18
Posts: 1

Re: LUKS vs. Truecrypt

Ranguvar wrote:

Cryptoloop has many security problems, yes, don't use it if you can help it.

moljac024, you not only assume a very above-average understanding of the latest crypto techniques on the adversary's part, you also assume that they _can_ 'rubber hose' (some governments aren't _that_ bad yet), etc... I talked about this before.

Considering the date you wrote "not that bad Yet" your saying yet gives me the sense you were at that time a bit paranoid about our coming government.
I agreed with you at that time. Now you/my paranoia about our government has come true in the worst paranoid's nightmare.
Our new socialists in do not want anyone anywhere to disagree with them. You must do as told and shut the @#%# up!
I now routinely use anoymous mail, Tor with a heavily sterilized localhost proxy web server, it has been stripped of any domain or other identifying info. I use a  stripped down sterilized browser that lies about what version and make it is for anything except fun, tech and otherwise benign browsing.

We are now living in the beginning of a true story that reads like the beginning of a really bad apoplectic science fiction horror movie. The horror is "it's real."
I have built a huge storage of frozen foods driven by a home made, solar powered gas absorption refrigeration system. It's not a waste of money and effort either as it saves me huge amounts in energy.
I rob from it to AC my house as well.
I have built and use a home made freeze dryer and I'm constantly making freeze dried foods.
All of you here should be technically able to do the above, and you should have already prepared for a long term lack of food.
Remember the stories of the stores after the hurricanes? I do I lived it.
I was very poorly prepared for it but at least I was prepared. Some people died due to lack of preparedness.
In our case it was for only three weeks but it was bad. Think what it would be like if it were for months, years or the rest of your life, "assuming you live through the first few weeks."
People this country is deep deep STUFF!
Rubber hose! You bet I'm aware of how that works and how to avoid it.
I use encryption on a couple of Tb Raid-10 systems that I have stuff on that I don't want anyone to see but me. My wife is allowed to see it but only if I unlock it.
My method of encryption shall remain anonymous but LUKS and Trucrypt are OK.
My need for rubber hose protection is to protect others, not myself.
By the time it gets to the rubber hose I'm a lost cookie anyway!

So folks, it's time to wake up and smell the Roses or is it the Stink Weeds?
It's in the fan and the worst is yet to come!
Look at the food prices and if you can remember this time last year look at the difference.
Look at the quality or lack there of of fresh vegetables and fruit.
The veggies suck, the fruit is mostly inedible and lost about three days until it starts to turn bad.
So if you are paranoid about what you read and store for further reading on your PC then by all means cover your, @$$!
I have made many other preparations other than food, power, medicine tools and seeds, "lot's of seeds" not the crap you buy at the seed store that if hybrid and are like mules, "sterile" but seeds that grow plants that will bare good seed crops as well as the fruit of the crop, but that's another story.

FYI I'm using Tor right now with stripped down false reporting browser and sterilized proxy.
My browser talks to localhost squid then localhost Tor then..............................
My email address is temporary.
It was gained via Tor and I'm leaving now.
I won't be back and I won't use this user name ever again.


July 4, 1776 USA Born!
November 20, 2008 USA Deceased!
January 20, 2009 USSA Born!

Offline

#28 2010-04-18 15:09:33

rwd
Member
Registered: 2009-02-08
Posts: 646

Re: LUKS vs. Truecrypt

right..

Offline

#29 2010-04-19 23:57:46

Stalafin
Member
From: Berlin, Germany
Registered: 2007-10-26
Posts: 617

Re: LUKS vs. Truecrypt

ItsMeAgainMartha wrote:
Ranguvar wrote:

Cryptoloop has many security problems, yes, don't use it if you can help it.

moljac024, you not only assume a very above-average understanding of the latest crypto techniques on the adversary's part, you also assume that they _can_ 'rubber hose' (some governments aren't _that_ bad yet), etc... I talked about this before.

Considering the date you wrote "not that bad Yet" your saying yet gives me the sense you were at that time a bit paranoid about our coming government.
I agreed with you at that time. Now you/my paranoia about our government has come true in the worst paranoid's nightmare.
Our new socialists in do not want anyone anywhere to disagree with them. You must do as told and shut the @#%# up!
I now routinely use anoymous mail, Tor with a heavily sterilized localhost proxy web server, it has been stripped of any domain or other identifying info. I use a  stripped down sterilized browser that lies about what version and make it is for anything except fun, tech and otherwise benign browsing.

[snip]

July 4, 1776 USA Born!
November 20, 2008 USA Deceased!
January 20, 2009 USSA Born!

They are coming for you! Soon...!


EDIT: Forgot to [snip]!

Last edited by Stalafin (2010-04-19 23:58:20)

Offline

#30 2010-04-20 02:43:44

smakked
Member
From: Gold Coast , Australia
Registered: 2008-08-14
Posts: 420

Re: LUKS vs. Truecrypt

ItsMeAgainMartha wrote:

SNIP!

WHAT THE FUUUUU!


Certified Android Junkie
Arch 64

Offline

#31 2010-04-20 02:51:29

skottish
Forum Fellow
From: Here
Registered: 2006-06-16
Posts: 7,942

Re: LUKS vs. Truecrypt

Alright, after we're done encrypting our bananas, we should get back on topic.

Offline

#32 2010-04-21 16:16:21

Ranguvar
Member
Registered: 2008-08-12
Posts: 2,518

Re: LUKS vs. Truecrypt

Yeaaaahh...
Wow.

Offline

#33 2010-04-23 22:10:42

gaunt
Member
Registered: 2009-12-13
Posts: 62

Re: LUKS vs. Truecrypt

ItsMeAgainMartha wrote:

SNIP!

I feel like I just watched the last cowboy ride off into the sunset.



Back on topic, is there any way to encrypt an already present partition without the back-up-erase-encrypt-copy-erase strategy?  I'd like to lock down my /home (which is most of my drive), but would rather not have to back everything up.

Offline

#34 2010-04-25 20:31:36

Ranguvar
Member
Registered: 2008-08-12
Posts: 2,518

Re: LUKS vs. Truecrypt

gaunt wrote:
ItsMeAgainMartha wrote:

SNIP!

I feel like I just watched the last cowboy ride off into the sunset.



Back on topic, is there any way to encrypt an already present partition without the back-up-erase-encrypt-copy-erase strategy?  I'd like to lock down my /home (which is most of my drive), but would rather not have to back everything up.

The only way to do so would be an approach that doesn't wrap around the partition itself, then, like EncFS or eCryptfs.

Offline

#35 2010-09-21 17:58:40

soloport
Member
Registered: 2005-03-01
Posts: 442

Re: LUKS vs. Truecrypt

gaunt wrote:

Back on topic, is there any way to encrypt an already present partition without the back-up-erase-encrypt-copy-erase strategy?  I'd like to lock down my /home (which is most of my drive), but would rather not have to back everything up.

The loop-aes suite includes aespipe.  Using dd and aespipe an existing partition can be encrypted.

Q: Does this activity put data on the partition at risk? A: Yes. CAUTION: Back up everything.

Encrypt the partition as follows (e.g. USB drive mounted on /mnt):

dd if=/dev/sda3 bs=64k | aespipe -e AES128 -K /mnt/aes-keys.gpg | dd of=/dev/sda3 bs=64k conv=notrunc

Now the partition can be associated with a loop device (losetup: loop-aes patched util-linux-ng) and the device can be mounted:

LOOPDEV=`losetup -f`
echo "myS3cr3Tgpgk3yP4sphr4s3;)" | losetup -p 0 -e AES128 -K /mnt/aes-keys.gpg $LOOPDEV /dev/sda3
mount $LOOPDEV /home
echo $LOOPDEV > /var/run/losetup.home

Un-mount the partition and detach the loop device as follows:

LOOPDEV=`cat /var/run/losetup.home`
umount $LOOPDEV
losetup -d $LOOPDEV

The partition can be decrypted in a similar way:

dd if=/dev/sda3 bs=64k | aespipe -d AES128 -K /mnt/aes-keys.gpg | dd of=/dev/sda3 bs=64k conv=notrunc

For the above to work the standard Arch Linux kernel must be rebuilt so that CONFIG_BLK_DEV_LOOP is not set and loop.ko driver built and loaded.  (See loop-aes instructions.)

Offline

#36 2010-09-21 19:17:07

codycarey
Member
Registered: 2009-08-21
Posts: 154

Re: LUKS vs. Truecrypt

Burn the necromancer!

Offline

Board footer

Powered by FluxBB