Error correction with aes-looback / cryptoloop?

Lennart Sorensen lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Wed Feb 27 15:40:20 UTC 2008


On Tue, Feb 26, 2008 at 09:49:10PM -0500, Mike Oliver wrote:
> I have a laptop on which I would like to put my
> $HOME directory on an encrypted partition, in case
> someone were to steal it in an airport or something.
> I've been experimenting with using an encrypted
> loop device using the cryptoloop module and AES128
> encryption.
> 
> It seems to work fine, but I'm not so happy about the
> thought that a one-bit HDD error could make me lose the
> entire partition.  I was wondering if anyone knows whether
> any of the available encryption options use error
> correction, so as to greatly mitigate this possibility?
> I would happily accept a 10% file size increase for
> this purpose.

Your harddisk already has series error correction.

Also cryptoloop almost certainly encrypts blocks at a time, so a bit
error would only break one block, which isn't that different from
loosing a sector or block in any unencrypted filesystem.  It would be
way too inefficient if the entire partition was one continuous encrypted
block since every change would then require reencrypting the whole thing
all over from the point of the change.

Why AES128 and not 256?

--
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list