-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > May I quote from the readme of loop-aes: > > Recommended key setup mode is multi-key-v3, which is based on gpg > encrypted key files. In this mode, the passphrase is protected against > optimized dictionary attacks via salting and key iteration of > gpg. Passphrase length should be 20 characters or more. > > Obviously you are not using this mode and thus you get the same > ciphertext.
Eeerrr... sorry to say but I think you missed something. Loop-aes works like this: 1. disk content is encrypted/decrypted on the fly with symmetric cipher algorithm AES. 2. Disk keys are stored in a gpg encrypted file. Multiple users may be access to the disk keys, each with own passphrase. That is based on the well known method: "encrypt content with a random session key and symmetric cipher then encrypt session key multiple times for each addressee". (Actually this does not increase the security because any of authorized users can extract plain disk keys from the gpg file so ability to use personal passphrases is just a convenient feature.) 3. Disk keys do not change(!). I can restore a lost key file from an USB stick a year after generating the encrypted block device then I can mount it again. 4. Key file and various keys are handled automatically by losetup and mount commands. 5. Command 'aespipe' do the same thing as 'loop' kernel module and losetup/mount do. (Compatibility level is 100%.) Its primary use to encrypt an existing filesystem _in_place_. (No need to copy the content from one block device to other. If you are not afraid of power outage. ;-) Ian! I suggest to make your own _test_ then tell us what is the result. :) Moreover in case of any doubt you can contact Jari Ruusu. Subscribe linux-crypto mailing list. Regards Gabor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFIlrtEd2oiOrtquzgRAnFlAKCRlJPYbSG8NeQeM+En+h3EZZwpGwCgpDXK x9Hlt5aIOy40mhp0wJnH3zY= =2OeU -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users