[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] dm-crypt ebuild/initscript
From:       Justin Whitney <ripple () ripple ! be>
Date:       2004-02-28 19:22:11
Message-ID: 1077996131.6609.3.camel () localhost
[Download RAW message or body]

no not yet, I put the patch on hold anyway, it's probably going to turn
out to be easier in the long run to modify or fork dmsetup to do the
hashing itself, otherwise getting hashalot to cooperate with dmsetup
securely is a bit of a pain.

Justin

On Sat, 2004-02-28 at 10:15 -0800, Max Kalika wrote:

> Quoting Justin Whitney <ripple@ripple.be>:
> 
> > I submitted a patch to device-mapper-1.00.07 that makes dmsetup lock its
> > pages.  This should prevent swaps between 'hashalot | dmsetup', so with
> > a few changes to the dm-crypt init script, people should be able to
> > encrypt their block devices leaving swap unencrypted, and not have to
> > worry about their key leaking to swap.  checkout the following if
> > interested.
> > 
> > http://bugs.gentoo.org/show_bug.cgi?id=43162
> 
> Is this something the dm upstream folk are aware of?
> 
> -- 
> max kalika
>  .. public key:   http://www.gentoo.org/~max/max.asc
>  .. fingerprint:  2D59 74B5 8785 3C22 74F2 87B0 6DD4 E810 CBC3 AB79


--
gentoo-dev@gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]