Re: 2.6.3-mm1

From: Andi Kleen
Date: Thu Feb 19 2004 - 03:16:31 EST


On Wed, 18 Feb 2004 15:27:45 -0800
Andrew Morton <akpm@xxxxxxxx> wrote:

> Andi Kleen <ak@xxxxxxx> wrote:
> >
> > On Wed, 18 Feb 2004 13:45:58 +0000
> > Joe Thornber <thornber@xxxxxxxxxx> wrote:
> >
> > > On Thu, Feb 19, 2004 at 07:37:34AM +0100, Andi Kleen wrote:
> > > > Supporting metadata can be quite simple - e.g. a standard header on the first blocks that
> > > > has a length and a number of records with unique IDs. And the kernel driver would need
> > > > to skip over these headers.
> > >
> > > The target already takes an offset into the device, so you have what you want.
> >
> > Ok fine. The only requirement would be compatible IVs then.
> >
>
> Would it be correct to say that until someone does this development,
> dm-crypt has the same vulnerabilities as cryptoloop? Or is there some

It all depends on what the crypto API module and the user space utils implement.
That is why calling it dm-crypt is misleading, dm-filter or somesuch would be
better.

> different way of using dm-crypt which is incompatible with cryptoloop, but
> is more secure?

More secure will be incompatible.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/