| 1 |
On Tuesday 10 January 2006 07:13, Cláudio Henrique |
| 2 |
<rapaduraatomica@×××××.com> wrote about 'Re: [gentoo-user] LUKS': |
| 3 |
> On 1/9/06, Richard Fish <bigfish@××××××××××.org> wrote: |
| 4 |
> > > If I used on any of my HDs, will I be able to update them? |
| 5 |
> > |
| 6 |
> > What do you mean? |
| 7 |
> |
| 8 |
> I mean updating my system (emerge -u world) once I put it on a |
| 9 |
> cyphered partition. |
| 10 |
|
| 11 |
Encrypted block devices are accessed just like normal block devices, once |
| 12 |
the encryption keys are in memory. You are only asked for your passphrase |
| 13 |
once, each time the block device is created [1]. Generally, this will |
| 14 |
only be during boot. |
| 15 |
|
| 16 |
> I was worried if the algorithm would make all the blocks |
| 17 |
> dependents on each other. So, if I loose onde block, I'd be loosing |
| 18 |
> all the others. |
| 19 |
|
| 20 |
That's not necessary, since each sector has a separate initialization |
| 21 |
vector. PlumbIV and CBC (along with the patent-encumbered CMC and EME) do |
| 22 |
make the blocks within a sector dependent on one another, which is good |
| 23 |
for resisting certain types of attacks. |
| 24 |
|
| 25 |
> What about the performance, is it too different from plain partition |
| 26 |
> usage? |
| 27 |
|
| 28 |
I never noticed the difference when I was using aes-loop on a 2GHz laptop. |
| 29 |
That said, it will depend on the algorithm you choose and the CPU you have |
| 30 |
available. Also, I /think/ aes-loop was supposed to be faster than |
| 31 |
dm-crypt, but I believe the kernel's implementation of aes (and maybe |
| 32 |
other ciphers) has gotten faster since the last benchmarks I saw. |
| 33 |
|
| 34 |
-- |
| 35 |
Boyd Stephen Smith Jr. |
| 36 |
bss03@××××××××××.com |
| 37 |
ICQ: 514984 YM/AIM: DaTwinkDaddy |
| 38 |
|
| 39 |
[1] This choice of wording might be confusing. I am referring to when the |
| 40 |
block device is assigned a minor number and the dm mapping loaded into the |
| 41 |
kernel: creation of the block device. I am not referring to the |
| 42 |
initialization of the LUKS "superblock", when the passphrase and algorithm |
| 43 |
are chosen. |
| 44 |
|
| 45 |
-- |
| 46 |
gentoo-user@g.o mailing list |
Archives