Re: dm-crypt using kthread (was: Oopsing cryptoapi (orloop device?) on 2.6.*)

[Christophe Saout]

Am Mo, den 16.02.2004 schrieb Grzegorz Kulewski um 04:22:

> Did you heard / read about Herring?

No, what is it?

> I found .pdf somewhere (I think I still have it). It is better alternative 
> to ECB or CBC algorithms used in cryptoloop (if I understand good). Could 
> something like that be implemented in dm-crypt? Is it already?

I can do whatever cryptoapi offers (and isn't too complicated).

> Could somebody write dm-compress (compressing not encrypting)? Is it 
> technically possible (can device mapper handle different data size at 
> input, differet at output)? (I think there is compressing loop patch.)
> Could dm first compress data (even with weak algorithm), then encrypt, to 
> make statistical analysis harder?

Compression is something that is fine in the loop driver but when done
read-only (because it can be backed by something that isn't limited to
do I/O on sector boundaries) but very hard to do in the block layer,
especially read-write. It should really be done in a filesystem because
you have to do dynamic allocation and such things and you can't even
guarantee a certain disk size.

> And, to be sure, does dm-crypto add anything in the begining (ie. 
> header) or in other places to the stored data? Or it is the same data 
> (same size) but encrypted?  

No, it doesn't do anything. These things should be done entirely in
userspace.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/