Id Est <[EMAIL PROTECTED]> writes:
> (i'm sending this to [EMAIL PROTECTED] on the off chance that somebody
> other than spammers may read it, but i'm not feeling very hopeful. this
> list has really really gone downhill lately. is there a secret closed
> list that i don't know about?)
>
>
> ECD stands for Encrypted CDrom, and it allows a linux user to make and
> read strongly-encrypted CDROMs. ECD consists of patches to the mount/
> umount/mkisofs utilities, and to the linux 2.2.14 kernel. ECD uses the
> Blowfish algorithm to encrypt/decrypt.
What advantage does this have over the encrypted loopback patches?
With those, making an encrypted CDROM should go something like this:
# losetup -e blowfish /dev/loop0 /dev/cdrom
# (Write to the CDROM however you want.)
# losetup -d /dev/loop0
The last line kills the key. To read it, replace the second step with mount
and specify a mount point.
Now for the advantages and disadvantages of the loopback system as it
stands now:
* There's no way to tell that a filesystem is encrypted,
because the entire stream was encrypted. Without the key,
it looks like jibberish. (I'd consider this an advantage.)
* The kernel loopback system changes randomly which breaks
the patches. The last viable patch was for 2.2.14. There
are no patches for 2.3 and 2.4, which is on the horizon,
and by the looks of things I doubt we'll ever see them.
* It system allows for encrypted swap.
* Making non-persistant encrypted partitions is easy. All
that has to be done is a minor hack to the userspace
utilities which read /dev/random for the key when a specific
command line option is specified.
* The patches are messes.
* Userspace support could be much better.
Perhaps someone outside of the Freeh States of America should fix up
the kerneli code. It's easy to apply patches, and if they're kept up
to date, are available, and are advertised it might go a long way to
securing a lot of filesystems.
