-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Monday 2007-11-26 at 00:10 +0100, Jan Tiggy wrote:
Carlos E. R. schrieb:
[...]
Ah, I see you did something similar later. You also need twofish there.
Thx Carlos
I've sorted it out with your help.
We have been talking about encrypted filesystems in the opensuse-security
mail list. You might be interested in reading about it in the archive,
some interesting docs and sites have come out.
If you use fstab entries with the encryption options there (like option
"encryption=twofish256"), it will use the old "cryptoloop" method (<=
10.2). To use the new "dm-crypt" method (10.3) you need to use
/etc/cryptotab or /etc/crypttab (they are different). In both cases you
can manually mount/umount a partition using "/etc/init.d/boot.crypto
start" or "stop":
using cryptotab:
/etc/init.d/boot.crypto start /crypto_mount_point
using crypttab:
/etc/init.d/boot.crypto start /crypto_partition_or_image_file
It is not possible to mount encrypted filesystems by the new "dm-crypt" by
using the command "mount" alone or entries in fstab; mount does not
support it (yet?). A device mapper "thing" has to be created previously
using cryptsetup.
And, a kernel bug has come out affecting "cryptoloop": if you are
affected, the encrypted filesystem freezes with no error logged, just that
the apps writing there freeze and can not be halted. Requires hard power
off :-(
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFHUBuNtTMYHG2NR9URAkV4AJ4trqEtWTgX12bVqNZN8Qb0mnivCACcD/nh
CbHqe+/u9fBvI4P1tHDVf1I=
=vmUB
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
