Re: [dev] Disk encryption

From: Markus Wichmann <>
Date: Thu, 16 Jun 2022 08:55:04 +0200

On Wed, Jun 15, 2022 at 07:59:34PM -0500, T Taylor Gurney wrote:
> Are you familiar with loop-AES?

Not specifically, but I had heard of loop-device based encryption
before. The manpage for losetup states that support for such was removed
in favor of dm-crypt.

> My understanding is that the project provides a replacement "loop.ko"
> kernel module that gives loop devices support for block-level
> encryption. But then userspace still does not know how to set up
> encrypted loop devices, set encryption-related mount options, etc., so
> they also offer patches for the losetup and mount programs to make
> this functionality available.

Sorry, I thought losetup already had the support. In any case, you can
write your own losetup; it is not the most complicated program in the
world. And for the root, you wouldn't need the support in the mount
program at all. Just set up the loop right, then mount the loop.

But then, with dm-crypt, it is mostly just setting up the devmapper,
then mounting it.

I also dislike the "loop" mount option, as it entangles another two
commands for the sake of convenience, where a simple shell script would
have sufficed.

> To me it sounds much nicer than the complexity of dm-crypt+LUKS. It
> pre-dates them as well. I wonder why it has been kept out of the
> kernel tree all this time. It's an old project but I'm not familiar
> with the history.
> Taylor

My guess is that the cryptoloop solution was judged to be too limited in
the past, and now that dm-crypt exists, it is also superfluous.

I'm also weary of "rolling your own crypto". Unless you are a
cryptographer, I have never heard that go well. Hell, I have heard that
go bad even with cryptographer support. The simplest decisions can come
back to bite you. Do you calculate the MAC over the plaintext or the
ciphertext? Turns out, if you choose the plaintext here, you are
vulnerable to a padding oracle attack.

So that's why I would probably just go with LUKS or Truecrypt and tank
the added complexity. It is probably there for a reason, and I might not
understand the reason but it may be important, anyway.

Received on Thu Jun 16 2022 - 08:55:04 CEST

This archive was generated by hypermail 2.3.0 : Thu Jun 16 2022 - 09:12:08 CEST