Re: aes.c questions in 2.6.0-test9
From: rblah (deepcover_at_mpx.com.au)
Date: 01/07/04
- Next message: rblah: "Re: looking for easy reference site for building linux firewall."
- Previous message: Jem Berkes: "Local vulnerability in linux kernel <= 2.4.23"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 07 Jan 2004 09:01:54 +0000
<tongue in mouth>
Sudden random thought... a good way to circumvent the US's export
restrictions? Just change a define value in a kernel header file ;)
</tongue in mouth>
thrugoodmarshall wrote:
> I am trying to create and use an encrypted file system with
> linux-2.6.0-test9.
>
> I have built my kernel with the appropriate support, mounted a device
> on a loop, created a fs, and mounted the fs, following instructions in
> various documentation:
>
> # losetup -e aes /dev/loop1 /dev/sda1
> password:
> # mke2fs /dev/loop1
> # mount -t ext2 /dev/loop1 /mnt/crypto
>
> And, voila! A filesystem appears over at /mnt/crypto.
>
> unmount the filesystem and decomission the loop:
> # umount /mnt/crypto
> # losetup -d /dev/loop1
>
> Now, I attempt to specify the keysize and repeat the process:
>
> # losetup -e aes256 /dev/loop1 /dev/sda1
> password:
> ioctl: LOOP_SET_STATUS: Invalid argument
>
> First question & related followups:
> What is the syntax to specify the keysize for the aes module in linux?
> And, where might I find this documented? I did not find anything in
> /usr/src/linux/Documentation or on the web / NGs. Util-linux does
> have an example in man losetup(8), but does not specify the syntax of
> keysize.
>
> Inspecting aes.c for comments, I noticed the following lines:
>
> #define AES_MIN_KEY_SIZE 16
> #define AES_MAX_KEY_SIZE 32
>
> #define AES_BLOCK_SIZE 16
>
>
> It looks to me like the module as shipped with the kernel allows a
> maximum keysize of 32 (bits?).
>
> Second question & related:
> Is AES_MAX_KEY_SIZE in aes.c where you specify the maximum keysize (in
> bits?) that aes will use?
> Can I change the maximum key size simply by modifying that line and
> rebuilding?
>
> I understand from reading the docmentation that a keysize of 128 is
> pretty secure, and a keysize of 256 is truly paranoid. Unless there
> is an intolerable performance hit, I intend to use the "truly
> paranoid" option!
>
> Thank you for any assistance you can suggest!
- Next message: rblah: "Re: looking for easy reference site for building linux firewall."
- Previous message: Jem Berkes: "Local vulnerability in linux kernel <= 2.4.23"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
