[Foresight-devel] Re: Disk encryption
Michael K. Johnson
johnsonm at rpath.com
Tue Mar 25 12:10:10 EDT 2008
On Mon, Mar 24, 2008 at 07:57:43PM -0500, Paul Cutler wrote:
> We currently have three issues open regarding adding disk encryption
> to Anaconda at time of installation, using three different encryption
> methods:
>
> https://issues.foresightlinux.org/browse/FL-313 : Use cryptsetup
>
> https://issues.foresightlinux.org/browse/FL-876 : LUKS + LVM
>
> https://issues.foresightlinux.org/browse/FL-1016 : dmcrypt
>
> Do we plan on adding encryption support at time of install? I know
> it's not a high priority right now, but we've had a few requests for
> it. And if so, do we have a preference for which one?
dmcrypt is the low-level support, the kernel backend used both by
cryptsetup.
LUKS (more particularly, cryptsetup-luks) is intended as a
replacement for cryptsetup; it works on volumes that have been set
up with cryptsetup (where there is no volume record for what keys
to use) but can also write a new style with a volume record in a
somewhat standardized format (with both Linux and Windows software
now available to read it). Some timing context: Fedora 4 switched
to LUKS.
See http://luks.endorphin.org/ for the upstream website for LUKS.
Because the *default* cipher block chaining mode is vulnerable
to some known attacks, it would be best to explicitly select the
encrypted salt-sector initialization vector mode instead.
More information about the Foresight-devel
mailing list