BWi: CryptSetup ...

Duck Tape | Page Index | Recent Changes | Recently Commented | Users | Access deniedRegistration | Login:  Password:  

modprobe dm-crypt
modprobe twofish
cryptsetup -c twofish-cbc-essiv:sha256 luksFormat /dev/sda7
cryptsetup luksOpen /dev/sda7 crypt
mkfs.ext3 /dev/mapper/crypt
tune2fs -u berkus -L crypt -o user_xattr,acl -O dir_index /dev/mapper/crypt
mount /dev/mapper/crypt /mnt/crypt
umount /mnt/crypt
cryptsetup luksClose crypt

cryptsetup luksOpen /dev/sda7 crypt
mount /dev/mapper/crypt /mnt/crypt
umount /mnt/crypt
cryptsetup luksClose crypt

Note that we specified “ESSIV”, which is not the default. It is important to specify ESSIV mode for all encrypted filesystems, as without ESSIV your system will be vulnerable to very serious watermark and known plaintext attacks (see the section on why DM crypt below).


http://www.shimari.com/dm-crypt-on-raid/

The boot up handler script

Using pam_mount to mount dm-crypt devices on **login**


/etc/security/pam_mount.conf.xml entry for a LUKS filesystem on a file loop device:
<volume user="berkus" fstype="crypt"

path="/home/crypt.loop" mountpoint="/home/crypt"
options="loop,cipher=twofish" # NB!
fskeycipher="aes-256-ecb" fskeypath="/home/crypt.key" />

 
There are no files on this page. [Display files/form]
There is no comment on this page. [Display comments/form]
2007-12-26 23:34:56 | Owner: Berkus Madfire | Settings | Watch this page | Print version | Search:
Powered by WackoWiki R4.2