A weak cryptoloop implementation in Linux?
Posted Dec 12, 2004 22:56 UTC (Sun) by markus76
In reply to: A weak cryptoloop implementation in Linux?
Parent article: A weak cryptoloop implementation in Linux?
first of all, really "true cryptographically-random strings" would be directly derived from radioactive decay (which is purely random by nature), not from something inside a computer which is pseudo-random at best.
setting up several layers of encrypted block-devices is not the idea of cryptoloop both from a plain user's point of view and the ppl who introduced it into mainline kernels. it may work, but it is clumsy and unefficient.
nobody said one could lose data when using mainline cryptoloop, it's just a Bad Idea to do so. at least for data you want to be secure, anyway, and what is the point of using cryptoloop if your data is not secure? btw, when jari speaks of _equivalent_ to back door he means _equivalent_ to back door and not back door itself. should be obvious, but i got the impression that ppl increasingly start reacting to some kind of pavlov's bell instead of using their brain in the first place (no offense intended, just venting needed).
mainline cryptoloop is just not to be recommended if you want your data secure. a certain researcher in cryptography (whom i won't mention here, since he's got too much public attention already about just the same "trivial" topic we speak about) also points out these disadvantages of cryptoloop when it comes to security, he's given talks about it on security conferences, wrote articles, .... - what more info do you need?
if you want your data secure and want to stick with cryptoloop for the fun of it, that's fine with me. but don't try to evangelise mere users to believe cryptoloop is subject to some kind of bashing contest! it is not! let ppl make up their own minds, their data is their stuff, and turf.
cryptoloop is not a bad idea basically speaking, but it really needs to be fixed if it is to be used for the stuff is was made for: securing your data and not giving crypto(loop) a bad name.
to post comments)