Carlos E. R. wrote: > Ah! Before I forget: I wrote to '/etc/sysconfig/kernel' this line: > > MODULES_LOADED_ON_BOOT="cryptoloop twofish" > > I think this should work to load those two modules instead of using boot.local
It will, but it will be over-written on upgrade. The point about /etc/boot.local is that it is (supposed to be!) protected when upgrading (and is also easy to backup / restore manually). Same applies to a number of other files with similar names (I think this is specific to OpenSuSE ?) > My procedure is simpler. First I create an empty file: > > nimrodel:~ # nice dd if=/dev/zero of=crypta_f_dvd \ > bs=1MB count=4700 ... > I didn't think to randomize it, as I suppose the encryption thing will do its > work. The file has the exact size of a DVD image. Then I encrypt it via loop: As a general principle, you should use a fresh (different) random set for each such encrypted file / disc, so that an attacker has less to go on when trying to crack it (e.g. by comparing encrypted files & looking for correlations). The extra security is probably rather irrelevant here... > And I create the XFS filesystem on the loop device: Just out of interest - why XFS? > The problem nowdays is that DVDs are too small for making backups of a 300 > GiB > HD :-( Quite so. Even HD DVDs (when they finally become mainstream) are tiny in comparison. -- Cheers Richard (MQ) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]