CFS vs. loopback encryption (was Re: [open-source] File encryption)

Jerome Etienne jme at off.net
Mon Feb 11 20:55:20 EST 2002


for information, i released a text which describes a security hole in
the encrypted loop device for linux. Because of it an
attacker is able to modify the content of the encrypted device
without being detected. This text proposes to fix the hole by
authenticating the device.

the text can be found in http://www.off.net/~jme/loopdev_vul.html

> In article <56A53A20-175F-11D6-9052-000393471DA8 at pobox.com>,
> Nicholas Brawn  <ncb at pobox.com> wrote:
> >What are people's thoughts on CFS vs. loopback encryption? I've used CFS
> >in the past and found it quite useful, though as Matt said - a little
> >long in the tooth. Never really looked into loopback encryption (which
> >I'm aware is not something present across the majority of Unixes).
> 
> I use loopback encryption on Linux (loop-aes.sourceforge.net).
> I'm very happy with it.  I have it encrypting data with a passphrase
> and swap with a random key.
> 
>    - Ian


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list