

Create AES256 encrypted loop devices (.img files) under Linux - thefox
https://github.com/TheFox/blackbox

======
thyrsus
When would one use this?

When I install Fedora, it gives me the opportunity to encrypt any file system
other than /boot. Since this requires you to enter the password at boot,
that's good for a laptop, probably bad for a server.

You need root privilege to mount a loopback file system. Either (a) you've got
the root password (b) the admin has given sufficient sudo privileges or (c)
you use pam_mount to mount the encrypted filesystem (probably as your home
directory). Am I missing other scenarios?

The trouble with the pam_mount scenario is that the key for the file system
needs to be based on your login password. Either your account creation process
involves telling the admin your password, or someone's built a collection of
self service tools I'm unaware of. Changing your password also means building
a new encrypted filesystem, which again involves giving the admin the new
password, or invoking self service tools I'm unaware of.

If there are other scenarios in which to use this kind of encrypted file
system, I'd appreciate hearing about them.

------
thyrsus
The script initializes the image from /dev/zero, which means that an attacker
can tell which blocks of the filesystem image are data and which are empty.
Unless you really can't afford to wait the minute or so for it to finish, use
/dev/urandom - or /dev/random, if you've got access to sufficient entropy (did
you pay extra for a hardware random number generator?).

------
rlpb
This uses cryptoloop, which SHOULD NOT BE USED IF YOU WANT STRONG SECURITY.
See: <http://mareichelt.de/pub/texts.cryptoloop.php>

You can do better with LUKS or Truecrypt. LUKS comes with most distributions.
It comes with a handy wrapper called "cryptsetup" which does the setup for
you.

------
beoba
The link is for a perl script which is effectively a frontend for 'losetup',
whose manpage describes how to create and mount images.

~~~
thwarted
And I was under the impression that losetup is deprecated and LUKS/cryptsetup
is the preferred method now. I used to use a script similar to the OP with
losetup, but LUKS is better, at least from a UX standpoint, because you can
multiple passphrases and it integrates with device mapper.

------
nonUser
Why do we need a script for this task? Yet another newbie script on HN...

------
sp332
I'd use AES128, it's more secure (well, so far anyway). There's a weakness in
the AES256 algorithm that makes it weaker then AES128. Not weak enough that I
would really be worried , but if you have the choice...

~~~
nonUser
schneier has more on that:
[http://www.schneier.com/blog/archives/2009/07/another_new_ae...](http://www.schneier.com/blog/archives/2009/07/another_new_aes.html)

------
jerf
A coworker of mine pointed me to EncFS, which I think is generally a better
idea because you don't commit to sizing in advance:
<http://www.arg0.net/encfs>

I have been satisfied with its performance used as the backing store for
virtual machine images, though not having a dual-core may be problematic.

~~~
jerf
Would have edited if I could, but I'd also point out that EncFS is immune to
all the problems thyrsus cited. It only requires FUSE privs, which are
generally pretty easy to give.

------
thefox
Thx for your feedback.

