gmane.linux.cryptography

ADMIN: end of nl.linux.org, lists will move

Rik van Riel — 2010-12-15T00:03:54

The university IT department which has graciously hosted
nl.linux.org for the last several years is about to stop
existing.

I will be moving many of the nl.linux.org services to
my own systems and will preserve the four mailing lists
that still see occasional traffic.

Those mailing lists will be hosted on the kernelnewbies.org
mailman instance starting this Friday. The only thing you
may need to change are your mail filters.

loop-aes and 2.6.37

Felix Blanke — 2010-11-04T21:48:53

Hi,

is there a working version of loop-aes for the new 2.6.37 kernel? :)


Regards,
Felix

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

SSE2 optimizations for Serpent in XTS mode.

netguru — 2010-10-07T19:34:07

Hello everyone,

Recently i was looking at libbotan's changelog, and i found that using
SSE2 parallell processing for serpent was quite a speed improvement.

Same  in  the neat little DiskCryptor program, wich uses the same kind
of optimization for serpent in XTS mode.

There  is  no  point in using SSE2 in CBC and other modes wich require
sequential  processing, but in XTS's (and a few other modes) case this
really makes a big difference.

Is  there anyone capable and or willing to implement this in the linux
kernel  ?  Maybe  in  the  form of a patch or a module ? Dont have the
sources  from  the  diskcryptor implementation, but libbotan does sure
have one as well.

Regards...




-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

September 2010 Review

markus reichelt — 2010-10-06T20:06:43

Well, I'm going to give it some more months. Let's see where this
goes. (Needless to say, feel free to chime in, anything linux crypto
related is welcome. Just go for it.)

 - loop-AES-v3.4b file/swap crypto package was released on 2010-09-23:
   http://www.spinics.net/lists/crypto/msg04992.html

   quoting its release log:
    - Worked around block layer interface breakage on linux-2.6.36-rc
      kernels.
    - Added workaround for device open/close reference count race.
      This race caused random loop-AES "make tests" failures with
      "ioctl: LOOP_CLR_FD: Device or resource busy" error message.
      The workaround is in util-linux patch (new mount/umount/losetup/
      swapon binaries). Thanks to Julien Moutinho for reporting/testing
      this problem. 

 - Version 0.4.2 of loop-AES FAQ was released on 2010-10-06:
   #43 added, #17 adapted, #33 adapted to loop-AES-v3.4b, new patches added
   - FAQ 43: make tests fails: Device busy
     - solution given via release of loop-AES-v3.4b
   - FAQ 33: Why does loop-AES still ask for a password instead of a
     passphrase?
     - new patches for loop-AES-v3.4b
   - FAQ 17: Which distros include loop-AES?
     - Gentoo [version unclear - contributed info, thanks]


Better late than never - Vidalia - August 2010 catch-up:

 - Vidalia 0.2.10 released on Aug 26 2010
   https://trac.vidalia-project.net/milestone/Vidalia%200.2.10
   quoting its release log:

   - Drop remote GeoIP lookups. Instead, the default behavior now is to
     use the country-level GeoIP database that ships with Tor to map an
     IP address to a country code, and then map the country code to latitude
     and longitude with a separate database built into Vidalia. 
   - Add a -DUSE_GEOIP build option to enable building with MaxMind's
     GeoIP C library for using a local city-level or country-level
     database instead of Tor's database.
     See README.geoip for details on use. 
   - Only update a stream's displayed target address in the network map if
     no hostname was given in the stream's NEW status event. Fix suggested
     by Robert Hogan. (Ticket #608) 
   - Update the menubar icon at the same time as the dock icon on OS X.
     Previously, we had a blank icon in the menubar. (Ticket #610) 
   - Updated several translations.

   prebuilt packages for Slackware 13.1 are available at
   http://mareichelt.de/pub/mine/slackware/builds/vidalia/pkg/13.1/

   Please note that the Slackware buildscript will make good use of
   the newly introduced -DUSE_GEOIP option via the upcoming release.

Aug 2010 Review < at > http://www.spinics.net/lists/crypto/msg04989.html

Announce loop-AES-v3.4b file/swap crypto package

Jari Ruusu — 2010-09-23T14:43:43

loop-AES changes since previous release:
- Worked around block layer interface breakage on linux-2.6.36-rc kernels.
- Added workaround for device open/close reference count race. This race
  caused random loop-AES "make tests" failures with "ioctl: LOOP_CLR_FD:
  Device or resource busy" error message. The workaround is in util-linux
  patch (new mount/umount/losetup/swapon binaries). Thanks to Julien
  Moutinho for reporting/testing this problem.


bzip2 compressed tarball is here:

    http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.4b.tar.bz2
    md5sum 5552e8a2572c5fa416a28493f9e0ec8f

    http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.4b.tar.bz2.sign

Workaround for device open/close reference count race, for older util-linux
versions:

    http://loop-aes.sourceforge.net/updates/util-linux-sync_fix-20100920.diff.bz2
    http://loop-aes.sourceforge.net/updates/util-linux-sync_fix-20100920.diff.bz2.sign

loop-aes doesn't compile with 2.6.36

Felix Blanke — 2010-09-23T09:21:42

Hi,

I didn't find any bugtracker for loop-aes that's why I'm posting here.

loop-aes-3.4a doesn't compile with 2.6.36-r5 (didn't tried other 2.6.36 versions).

Build log is attached which comes from the command:

    make LINUX_SOURCE=/usr/src/linux-2.6.36-rc5


Thanks for your help!



Regards,
Felix
rm -r -f *.ko tmp-d-kbuild 
mkdir tmp-d-kbuild
echo 'obj-m:=' >>tmp-d-kbuild/Makefile
cd tmp-d-kbuild && ln -s ../loop.c-2.6.patched patched-loop.c && ln -s ../glue.c ../aes.h ../md5.h .
echo 'obj-m += loop.o' >>tmp-d-kbuild/Makefile
cd tmp-d-kbuild && ln -s ../aes-amd64.S ../md5-amd64.S ../md5-2x-amd64.S .
echo 'loop-y:=patched-loop.o glue.o aes-amd64.o md5-amd64.o md5-2x-amd64.o' >>tmp-d-kbuild/Makefile
echo 'EXTRA_CFLAGS:=      -DAMD64_ASM' >>tmp-d-kbuild/Makefile
cd /usr/src/linux-2.6.36-rc5 && make SUBDIRS=/root/tmp/loop-AES-v3.4a/tmp-d-kbuild modules 
make[1]: Entering directory `/usr/src/linux-2.6.36-rc5'
  CC [M]  /root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.o
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c: In function ‘loop_get_buffer’:
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:588: error: ‘BIO_RW_BARRIER’ undeclared (first use in this function)
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:588: error: (Each undeclared identifier is reported only once
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:588: error: for each function it appears in.)
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:588: error: ‘BIO_RW_AHEAD’ undeclared (first use in this function)
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:590: error: ‘BIO_RW_NOIDLE’ undeclared (first use in this function)
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:624: error: ‘BIO_RW_SYNCIO’ undeclared (first use in this function)
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c: In function ‘loop_make_request_real’:
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:941: error: ‘BIO_RW_BARRIER’ undeclared (first use in this function)
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c: In function ‘loop_thread’:
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:1217: error: ‘BIO_RW_NOIDLE’ undeclared (first use in this function)
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c: In function ‘loop_set_fd’:
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:1510: error: too many arguments to function ‘blk_queue_ordered’
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:1529: error: too many arguments to function ‘blk_queue_ordered’
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c: In function ‘loop_clr_fd’:
/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.c:1650: error: too many arguments to function ‘blk_queue_ordered’
make[2]: *** [/root/tmp/loop-AES-v3.4a/tmp-d-kbuild/patched-loop.o] Error 1
make[1]: *** [_module_/root/tmp/loop-AES-v3.4a/tmp-d-kbuild] Error 2
make[1]: Leaving directory `/usr/src/linux-2.6.36-rc5'
make: *** [all] Error 2

August 2010 Review

markus reichelt — 2010-09-04T15:48:45

Ok, to hopefully bring a bit of life to this list again, here's what
happened in August 2010:

 - Botan 1.8.10 (stable) was released on 2010-08-31:
   http://botan.randombit.net/download.html

   quoting its release log:
   - Switch default PKCS #8 encryption algorithm from 3DES to AES-256
   - Increase default hash iterations from 2048 to 10000 in PBES1 and
     PBES2
   - Use small tables in the first round of AES
   - Add PBKDF typedef and get_pbkdf for better compatability with 1.9
   - Add version of S2K::derive_key taking salt and iteration count
   - Enable the /proc-walking entropy source on NetBSD
   - Fix the doxygen makefile target

   prebuilt packages for Slackware 13.1 are available at
   http://mareichelt.de/pub/mine/slackware/builds/Botan/pkg/13.1/

 - Version 0.4.1 of loop-AES FAQ was released on 2010-08-14:
   (link in footer), #42 added:
   Temporary system freezes while writing to crypto partitions. What about it?

Util-linux 2.18 loop-aes patch ?

netguru — 2010-07-05T18:23:40

Any chance this one can be done ? 2.17.2 fails on 2.18...

Regards...


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Botan (C++ crypto library)

markus reichelt — 2010-06-29T21:07:15

Hi,

good news for Slackware users among us interested in Botan[1], there
is now an approved BuildScript on slackbuilds.org:
http://slackbuilds.org/result/?search=Botan

I offer pre-compiled and signed[2] packages at my public SlackBuilds
repository:
http://mareichelt.de/pub/mine/slackware/builds/Botan/pkg/13.1/

The reason I got to know about Botan was this message to the
cryptography mailinglist I found while zapping thru that list:
http://www.mail-archive.com/cryptography< at >metzdowd.com/msg10874.html
The linked article of interest is:
http://www.randombit.net/bitbashing/programming/serpent_in_simd.html

Jari, maybe you find that article inspiring too :)


[1] http://botan.randombit.net/
[2] http://mareichelt.de/pub/mine/slackware/slackbuilds.asc

passware 9.x

2010-04-25T20:05:15

Hello everyone!

Recently I found reports about a software called Passware which can read keys of popular security software like BitLocker, Truecrypt, PGP and GPG.
Site http://blogs.pcmag.com/securitywatch/2009/12/new_passware_can_crack_pgp_and.php says:
[...]
Passware 9.5 can also recover passwords for PGP archives, virtual disks, and keyring files (both PGP and GnuPG), and instantly reset Administrator passwords for Windows 7 with a bootable CD or flash drive.
[...]
Retrieving clear text keys from memory dumps isn't new, so my interest is to know if a strategy is in place to make an end to this. How about a patch for GPG not to store its keys in RAM Chips any more?

Kind regards
Peter

Util linux 2.17, loop-aes patch

netguru — 2010-01-19T19:11:08

Hello people,

i   was   wondering   wether   there  will  be  a  working  patch  for
util-linux-2.17  anytime soon. I have ported it over to 2.17, and will
happily  supply the patch for those interested. I cannot guarantee its
a  100  % Ok though. I feel more comfortable with the official patches
from maintainers :-)

Regards...


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

need simple loop-aes advice

Jules Bellster — 2010-01-09T15:51:41

Hello,

I have been using loopaes on my old laptop for several years without any
problem. I boot from a USB stick to mount an encrypted root partition.

Earlier this week I upgraded to a different laptop -- same manufacturer and
same "generation", the main noticeable difference being that it supports USB 2. I simply installed the hard drive into the new machine and on my
*unencrypted* system everything works.

However I can no longer mount the root partition when the hard drive is in
the new machine. I boot from the USB stick, and everything seems normal until a point:
[...]
Delaying /dev/sda mount for 15 seconds...
sci 0:0:0:0: Direct-Access SanDisk Cruzer Micro
sd 0:0:0:0: [sda] 250879 512-byt hardware sectors (128MB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda]
Assuming drive cache: write through
sd 0:0:0:0: [sda] 250879 512-byt hardware sectors (128MB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Assuming drive cache: write through
sda:...delay complete, continuing
<6>usb 1-4: reset high speed USB device using ehci_hcd and address 2
usb 1-4: reset high speed USB device using ehci_hcd and address 2

At this point, the passphrase prompt does not show up but if I type
characters they are echoed on the screen. Pressing Ctr-Alt-Del reboots the
system.

At first I thought I didn't have usb 2 support built into my kernel on the
usb disk, but I was mistaken (I do). I also experimented (after having put the hard drive back into my old laptop) with rebuilding the initrd image on the flash drive to add longer delays (both the "general" [can't remember the exact name] delay as well as the MOUNT_DELAY) and that didn't solve things.

Any advice on how to fix
this would be great. I can still perfectly access
my system, as long as I move the hard drive into the old laptop. Do I have to completely rebuild the usb key on the new system?

thanks in advance

jules

answers and questions

rodger ellis — 2009-11-26T15:40:27

Found answer its

media/hda2
2 questions
1. gparted does not see it as mounted nor formatted
2. how do i install a OS into the partition


rodger

what am I doing wrong

rodger ellis — 2009-11-26T14:28:12

I have privatix on a usb and trying to create a partition on  /dev/had2
which is  my hardisk.


privatix:~# losetup -e AES256 -K /etc/fskey-hdd.gpg /dev/loop0 /dev/hda2
Password: 
Error: gpg key file decryption failed

EXPORT symbol statements in loop.c-2.6

Leisner, Martin — 2009-10-28T15:41:43

In this stanza:
extern void loop_compute_sector_iv(sector_t, u_int32_t *);
EXPORT_SYMBOL(loop_compute_sector_iv);
extern void loop_compute_md5_iv_v3(sector_t, u_int32_t *, u_int32_t *);
EXPORT_SYMBOL(loop_compute_md5_iv_v3);
extern void loop_compute_md5_iv(sector_t, u_int32_t *, u_int32_t *);
EXPORT_SYMBOL(loop_compute_md5_iv);
extern void md5_transform_CPUbyteorder(u_int32_t *, u_int32_t const *);
EXPORT_SYMBOL(md5_transform_CPUbyteorder);
extern void md5_transform_CPUbyteorder_C(u_int32_t *, u_int32_t const
*);
EXPORT_SYMBOL(md5_transform_CPUbyteorder_C);

Isn't it more standard if the EXPORT_SYMBOL appear next to the function
definition?
Why would they be exported?  Who uses them other than the loopAES
module?

marty

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Is there a plan to support AES-NI in loop-aes?

Matthias Schniedermeyer — 2009-10-22T16:24:47

Hi


I think the subject about covers it.

I recently bought a Intel SSD (X25-E). With my current machine (Core2Duo 
E6850, 3.2 GHz) i get about 130MB/s of the possible 230MB/s when i 
compare a linear dd of the loop-device vs. raw block-device.

The real appeal of a new Nehalem-type CPU (like a Core i7-860) would be 
the possibility that AES-NI delivers Full-Encryption with very small to 
neglible performance impact on the SSD.




Bis denn

Regarding FAQ #20: performance with loop-aes and lvm

Thomas Braun — 2009-10-17T16:51:57

Hi,

as I am building a new server I want to use loop-aes (like the last years) for 
all partitions on it.
My current idea is to use for the HDDs (4-5) the following structure :
RAID6->lvm->loop-aes->xfs.

If I understood the FAQ entry number 20 from 
http://mareichelt.de/pub/texts.loop-aes.php#faq20 correctly this works 
without any problem. Actually I have already tested this setup in a virtual 
machine.

Regarding performance the post, 
http://mail.nl.linux.org/linux-crypto/2008-11/msg00033.html, suggest to use 
the command line 'lvcreate -i N' to create the logical volumne.

Reading the lvcreate manpage gives:
###########
-i, --stripes Stripes
              Gives the number of stripes.  This is equal to the number of 
physical volumes to scatter the logical volume.
###########

Without much thought I tried to use the --stripes option on my RAID6 in the VM 
but it failed with the message:
###########
Number of stripes (5) must not exceed number of physical volumes (1)
###########

So what does this mean?
Do I have to switch to a different RAID level (e.g. RAID10) to get a more 
multicore-using loop-aes system?
As far as I understand every loop-device has one process/thread/whatever to do 
the encryption, right? Therefore on a multicore system you should have more 
loop devices in use to get more troughput ?

Thanks for your time,
Thomas

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Shutdown failure and empty boot.log with encrypted system

Frederick Gazerblezeebe — 2009-10-11T20:42:40

My system is functioning from an encrypted root, with separate /usr,
/usr/local, /var, and /home partitions also encrypted.  The system details
are

intel core2duo cpu
Fedora 11 (completely up-to-date)
2.6.31-rc5-git5 from kernel.org
loop-AES-3.2g (compiled as module)
aespipe-v2.3e
util-linux-ng-2.15.1
build-initrd.sh configured USEPIVOT=2.

I have two issues:  The first is since encrypting /, the file
/var/log/boot.log is no longer written.  Is this a problem with my specific
setup or is this how it behaves for everyone else?

The second is that after encrypting the remaining partitions, the system
will not shut down properly, hanging at the point it attempts to umount /var
and /usr.  Warnings that these partitions are busy and cannot be umounted
are printed to the screen and repeatedly hitting CTRL-ALT-DEL simply repeats
the warning. At this point I'm unable to get to a shell prompt so I'm kind
of stuck as far as live troubleshooting goes and I'm forced to power down
via the On/Off button.

I don't know if it's relevant, but as written in another post, the system
was unable to boot with an /etc/rc#.d/S00losetup init script forcing me to
instead add the losetup commands for the additional partitions to
/etc/rc.d/rc.sysinit.  The entries in fstab are as described in the loop-aes
README:

/dev/sda1   /boot            ext3    defaults        1 2
/dev/loop2  /                   ext4    defaults        0 1
/dev/loop3  /home          ext4    defaults        0 2
/dev/loop5  /usr              ext4    defaults        0 2
/dev/loop6  /var              ext4    defaults        0 2
/dev/loop7  /usr/local      ext4    defaults        0 2
/dev/sda8   swap            swap    sw,loop=/dev/loop0,encryption=AES128   0
0

Ideas?  Can I provide other information that would be helpful with
troubleshooting?

Also, this seems like the right place to ask, but if there is a more
appropriate forum/mailing list for me to post these questions just let me
know.

Thanks.

FG

Announce loop-AES-v3.2h file/swap crypto package

Jari Ruusu — 2009-10-11T13:11:07

loop-AES changes since previous release:
- Worked around block layer interface breakage on linux-2.6.32-rc kernels.

bzip2 compressed tarball is here:

    http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.2h.tar.bz2
    md5sum 060bec1ae3c5ba98d63c7d64d906faaf

    http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.2h.tar.bz2.sign

Mounting additional encrypted filesystems from within an encrypted root

Fred Gazerblezeebe — 2009-10-08T14:29:47

My system is functioning from an encrypted root and I now want to
encrypt the rest of the filesystems; /usr, /usr/local, and /var. System
info as follows:

intel core2duo cpu
Fedora 11
2.6.31-rc5-git5 from kernel.org
loop-AES-3.2g (compiled as module)
aespipe-v2.3e
util-linux-ng-2.15.1

build-initrd.sh configuration:
      * USEPIVOT=2
      * BOOTDEV=/dev/sda1
      * BOOTTYPE=ext3
      * CRYPTROOT=/dev/sda2
      * ROOTTYPE=ext4
      * CIPHERTYPE=AES128
      * GPGKEYFILE=rootkey.gpg
      * SOURCEROOT=/
      * DESTINATIONROOT=/mnt/build
      * DESTINATIONPREFIX=boot
      * UTF8KEYBMODE=1
      * LOADNATIONALKEYB=1
      * USEGPGKEY=1

After encrypting /var, the system fails to boot past the point
where /var should be mounted, which is being attempted via the
script /etc/rc5.d/S01losetup.sh (a symbolic link
to /etc/init.d/losetup.sh), containing

#!/bin/sh
echo "<SUPPRESSED>" | losetup -p0 -e aes128 \
-K /etc/keys/varkey.gpg /dev/loop6 /dev/sda6

The /etc/fstab entry for /var is:

/dev/loop6  /var   ext4   defaults  0 2

I am instead dropped to a system prompt with / left in ro mode.
Attempting to execute /etc/init.d/losetup.sh manually gives "Error: gpg
file decryption failed".  Attempting losetup directly 

/root[30]%losetup -e aes128 -K /etc/keys/varkey.gpg /dev/loop6 /dev/sda6

prompts for the passphrase as expected, but entering it yields the same
error that decryption failed.  So I tried using gpg directly

/root[35]% gpg --decrypt /etc/keys/varkey.gpg
gpg: cannot open '/dev/tty' no such device or address'

which is perhaps the source of the problem, but /dev/tty is actually
there

/root[36]% mknod /dev/tty c 5 0
mknod: `/dev/tty': File exists
/root[37]% ls -l /dev/tty
crw-rw-rw-. 1 root tty 5, 0 2009-10-08 06:09 /dev/tty

At this point I'm more or less stumped.  Suggestions? Any other
information needed that would help with troubleshooting?

Thanks,

FG





-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

ESSIV vs XTS

dave — 2009-10-03T04:01:17

I am wondering which mode of operation I should use with LUKS.
I plan on either cbc-essiv or xts-benbi.
The reason i ask as that the XTS kernel module is still flagged as
excremental. If it was not I would simply use XTS-benbi.
Note that TrueCrypt uses the XTS module, and the developers of it have
probably looked at XTS.c (hopefully). Can anyone shed some light on this
subject?


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/