Re: PLiSS cryptofilesystem with SuSE 9.1?

From: Christian Boettger (boettger.christian_at_arcor.de)
Date: 07/26/04

Next message: Security Alert: "SSRT4773 rev.0 HP-UX xfs and stmkfont remote unauthorized access"

Previous message: jrendaa: "testing"
In reply to: Stefan Weinzierl: "PLiSS cryptofilesystem with SuSE 9.1?"
Next in thread: Christian Boettger: "Re: PLiSS cryptofilesystem with SuSE 9.1?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 26 Jul 2004 12:07:16 +0200

Hi Stefan,

only a (very) few answers:

Stefan Weinzierl schrieb:
>
> So far, so well. The problem is only that the SuSE-modul for generating such
> cryptofiles supports that approach not as yet. So I can't presently
> establish my system fully automaticly. For example I have to move the
> respective entrys made by OS from the cryptotab to the fstab by hand. But
> not enough with that. SuSE 9.1 changes under some conditions (e.g. during
> creating a new filecontainer) the respective entrys on its own. But, if the
> changed entrys are replaced again by the former entries, the old entries
> will not work any more :-(( .
>
>
> So it happened to me that the original entry in fstab:
>
>
>>/tmp/encrypted_file /home/stefan ext3
>>loop,encryption=twofish256,noauto,user,acl,user_xattr
>
>
> was replaced by the following entry
>
>
>>/tmp/encrypted_file /home/stefan ext3
>>acl,user_xattr,loop=/dev/loop0,encryption=twofish256,
>>phash=sha512,itercountk=100
>
>
> PLiSS Cryptofilesystem mit SuSE 9.1?
> *ALT* *NEW*
>
> phash=sha512
> *REMARK:* What, the f.., is that?

This means that from now on the hash function sha512 is used. The
differens to the standard sha1 funtion is the length (512 bit to 128 bit)

>
> *ALT* *NEW*
>
> itercountk=100
>
> *REMARK:* See above.
>
> *ALT* *NEW*
>
> noauto,user
>
> *REMARK:* Wonderful! How careful! The people of SuSE are apparently of the
> opinion that only root should mount a cryptofilesystem, and impose their
> point of view on everybody, who don't shares their convictions.
>
> TIA
> Stefan

maybe you should disable the automount function for using encrypted
partititions and encr. containers.

Chris

ps: there is a really good howto for encrypted filesystems

Next message: Security Alert: "SSRT4773 rev.0 HP-UX xfs and stmkfont remote unauthorized access"

Previous message: jrendaa: "testing"
In reply to: Stefan Weinzierl: "PLiSS cryptofilesystem with SuSE 9.1?"
Next in thread: Christian Boettger: "Re: PLiSS cryptofilesystem with SuSE 9.1?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]