subject:"Crypto\-Swap questions"

Crypto-Swap questions

2004-01-21 Thread Johannes Graumann

Hello,

Following loosely this document:
http://www.sdc.org/~leila/usb-dongle/readme.html
I have set up (or tried) to encrypt my swap partition (/dev/hda2).
Here is what I did:
* create /usr/local/sbin/crypto-swap (modified!)
#!/bin/sh
# Run this script somewhere in your startup scripts _after_
# random number generator has been initialized and /usr has
# been mounted. (md5sum, uuencode, tail and head programs usually
# reside in /usr/bin/)  
+# insert cypher module into kernel
+   modprobe aes

# encrypted swap partition
SWAPDEVICE=/dev/hda2

# loop device name
LOOPDEV=/dev/loop6

MD=`dd if=${SWAPDEVICE} bs=4k count=10 2/dev/null | md5sum`
for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do
   dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 \ 
   conv=notrunc 2/dev/null
   sync
done
UR=`dd if=/dev/urandom bs=18 count=1 2/dev/null \  
|uuencode -m - | head -n 2 | tail-n 1`
+echo ${MD}${UR} | losetup -p 0 -e aes -k 256 ${LOOPDEV}${SWAPDEVICE}   -echo 
${MD}${UR} | losetup -p 0-e aes-256-cbc${LOOPDEV} ${SWAPDEVICE} 
MD=
UR=
dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2/dev/null   sync
mkswap ${LOOPDEV}
sync
swapon ${LOOPDEV}
-- chmod 700 /usr/local/sbin/crypto-swap
* wipe -k /dev/hda2
* crypto-swap -- works!
* edit /etc/init.d/checkroot.sh:
+ outcomment:
[ $VERBOSE != no ]  echo Activating swap.
swapon -a 2 /dev/null
+ REPLACE WITH:
[ $VERBOSE != no ]  echo Activating CRYPTO-swap.
/usr/local/sbin/crypto-swap

Upon inspection of dmesg I see the following:
Adding 1461904k swap on /dev/loop6. Priority:-1 extents:1
Looks good, no?
However, a little further I read:
Unable to find swap-space signature

'cat /proc/swaps' gives me this output:
Filename   TypeSizeUsedPriority
/dev/loop6 partition   1461904 0   -1

I would greatly appreciate if someone could give me any insight into
whether I now have encrypted swap or not.

Also: do people have benchmarks how much this procedure might slow
things down? Is the encryptionloop significantly slower than
diskwrite/read speed?

Thanks for any hints -

Joh


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Crypto-Swap questions

2004-01-21 Thread Peter Cordes

On Tue, Jan 20, 2004 at 10:53:10PM -0800, Johannes Graumann wrote:
 Is the encryptionloop significantly slower than
 diskwrite/read speed?

 No, but it uses CPU, and disk I/O doesn't (when using dma:  with IDE, use
hdparm -v /dev/hda  to check.  With SCSI, well, you bought it so you
wouldn't have to worry about crap like that. :)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , des.ca)

The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces! -- Plautus, 200 BC


signature.asc
Description: Digital signature

Crypto-Swap questions

2004-01-21 Thread Johannes Graumann

Hello,

Following loosely this document:
http://www.sdc.org/~leila/usb-dongle/readme.html
I have set up (or tried) to encrypt my swap partition (/dev/hda2).
Here is what I did:
* create /usr/local/sbin/crypto-swap (modified!)
#!/bin/sh
# Run this script somewhere in your startup scripts _after_
# random number generator has been initialized and /usr has
# been mounted. (md5sum, uuencode, tail and head programs usually
# reside in /usr/bin/)  
+# insert cypher module into kernel
+   modprobe aes

# encrypted swap partition
SWAPDEVICE=/dev/hda2

# loop device name
LOOPDEV=/dev/loop6

MD=`dd if=${SWAPDEVICE} bs=4k count=10 2/dev/null | md5sum`
for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do
   dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 \ 
   conv=notrunc 2/dev/null
   sync
done
UR=`dd if=/dev/urandom bs=18 count=1 2/dev/null \  
|uuencode -m - | head -n 2 | tail-n 1`
+echo ${MD}${UR} | losetup -p 0 -e aes -k 256 ${LOOPDEV}${SWAPDEVICE}   -echo 
${MD}${UR} | losetup -p 0-e aes-256-cbc${LOOPDEV} ${SWAPDEVICE} 
MD=
UR=
dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2/dev/null   sync
mkswap ${LOOPDEV}
sync
swapon ${LOOPDEV}
-- chmod 700 /usr/local/sbin/crypto-swap
* wipe -k /dev/hda2
* crypto-swap -- works!
* edit /etc/init.d/checkroot.sh:
+ outcomment:
[ $VERBOSE != no ]  echo Activating swap.
swapon -a 2 /dev/null
+ REPLACE WITH:
[ $VERBOSE != no ]  echo Activating CRYPTO-swap.
/usr/local/sbin/crypto-swap

Upon inspection of dmesg I see the following:
Adding 1461904k swap on /dev/loop6. Priority:-1 extents:1
Looks good, no?
However, a little further I read:
Unable to find swap-space signature

'cat /proc/swaps' gives me this output:
Filename   TypeSizeUsedPriority
/dev/loop6 partition   1461904 0   -1

I would greatly appreciate if someone could give me any insight into
whether I now have encrypted swap or not.

Also: do people have benchmarks how much this procedure might slow
things down? Is the encryptionloop significantly slower than
diskwrite/read speed?

Thanks for any hints -

Joh

Crypto-Swap questions

Re: Crypto-Swap questions

Crypto-Swap questions

3 matches

Site Navigation

Mail list logo

Footer information