Active Topics
-
Longtime users: What device(s) are you using today? (52)
to General by Wikiwide - 1 day, 5 hrs ago -
Registering (1)
to General by Halftux - 1 day, 20 hrs ago -
Applications Wishlist (55)
to Maemo 7 / Leste by sixwheeledbeast - 2 days, 22 hrs ago -
Error after installing Leste on sdcard (2)
to Maemo 7 / Leste by insanelysexy - 4 days, 22 hrs ago -
Using LM2596 DC-DC for N900 (7)
to General by insanelysexy - 6 days, 15 hrs ago - more...
| The Following 12 Users Say Thank You to jebba For This Useful Post: | ||
|
2010-01-12
, 04:19
|
|
Posts: 74 |
Thanked: 142 times |
Joined on Oct 2009
@ Chicago, US
|
#2
|
Nice. How is the file system performance when using this (relative to no encryption)?
|
|
2010-01-12
, 04:37
|
|
Posts: 40 |
Thanked: 18 times |
Joined on Dec 2009
|
#3
|
Originally Posted by pinsh
That script he has on the linked page just sets up a loopback device and then encrypts that. I don't think it's really intended to be used to encrypt your entire filesystem. (First question that springs to mind is, why? protect the open source n900 firmware?)
Nice. How is the file system performance when using this (relative to no encryption)?
but really I think he intends it to be used to store the naked pictures your girlfriend MMS's you or the photos you've been saving of that girl you've been stalking on facebook.
you know, stuff you don't use all the time.
| The Following User Says Thank You to t7g For This Useful Post: | ||
|
|
2010-01-12
, 07:40
|
|
Posts: 45 |
Thanked: 54 times |
Joined on Oct 2009
@ Uppsala,Sweden
|
#4
|
On the line
dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE
why not /dev/random instead? Isn't that more secure?
dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE
why not /dev/random instead? Isn't that more secure?
|
|
2010-01-12
, 07:42
|
|
Posts: 22 |
Thanked: 6 times |
Joined on Dec 2009
@ Utrecht, the Netherlands
|
#5
|
Thanks. The n900 really could use some encryption software. I hope eventually there will be some easy-to-use application for the end user to at least create password-protected vaults.
|
|
2010-01-12
, 13:32
|
|
Posts: 355 |
Thanked: 566 times |
Joined on Nov 2009
@ Redstone Canyon, Colorado
|
#6
|
Originally Posted by davost
I don't think so, it also requires more entropy. If you come up with a good doc explaining why it's better, let me know. Many docs I see use /dev/zero, so this is definitely an improvement over that.
On the line
dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE
why not /dev/random instead? Isn't that more secure?
|
|
2010-01-12
, 13:34
|
|
Posts: 355 |
Thanked: 566 times |
Joined on Nov 2009
@ Redstone Canyon, Colorado
|
#7
|
Originally Posted by pinsh
I just got it set up, I haven't had a chance to benchmark it. It would be interesting to see how AES performs versus twofish as well.
Nice. How is the file system performance when using this (relative to no encryption)?
Encrypted root filesystem (e.g. the *entire* system is encrypted), would be cool, but likely quite difficult with Maemo.
 |
|
2010-01-12
, 13:37
|
|
Posts: 415 |
Thanked: 182 times |
Joined on Nov 2007
@ Leeds UK
|
#8
|
Originally Posted by davost
urandom is non blocking, so using random maybe "more secure" but you are likely to suffer file system freezes using random - not something you would want.
On the line
dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE
why not /dev/random instead? Isn't that more secure?
random is generally used for cert generation and one off stuff like that
__________________
Life on the edge....always waiting to fall
Life on the edge....always waiting to fall
Last edited by deadmalc; 2010-01-12 at 21:03. Reason: !probably, maybe - maybe not (I am too lazy to check)
| The Following 3 Users Say Thank You to deadmalc For This Useful Post: | ||
|
|
2010-01-12
, 13:42
|
|
Posts: 22 |
Thanked: 8 times |
Joined on Nov 2009
|
#9
|
Originally Posted by davost
/dev/random blocks until more entropy can be gathered
On the line
dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE
why not /dev/random instead? Isn't that more secure?
On the N900, producing even 1 kilobyte of random data with /dev/random takes ages (it just sits there waiting for environment "noise")
/dev/urandom takes less a second to fill 1 MB of random data
Unless you are exchanging above top secret government documents, /dev/urandom is good enough.
| The Following 3 Users Say Thank You to Relativistic For This Useful Post: | ||
|
|
2010-01-12
, 20:58
|
|
Posts: 451 |
Thanked: 334 times |
Joined on Sep 2009
|
#10
|
Originally Posted by t7g
Maybe not the whole filesystem, though root could feasibly be encrypted...
That script he has on the linked page just sets up a loopback device and then encrypts that. I don't think it's really intended to be used to encrypt your entire filesystem.
Anyhow, I've been testing Jebba's packages and kernel, and they work really well for cryptsetup encryption.
Basically, I use it to encrypt the whole SD card, therefore protecting everything that's on it. That's where your data is to be stored, that's the best protection you can have and it's OTF, you just mount it and then use it as normal. You can do the same for the free space on the internal drive.
BTW, anyone tried mounting encrypted partitions via fstab/crypttab on boottime on the N900 with this?
I'm thinking of trying, but had to reflash a couple of times this past day, due to setting this up, and am not sure I wanna reflash again, in case it coughs up some prob when booting. Though it shouldn't and should probably boot... Any thoughts on this? Or rather anyone tried yet?
See:
http://wiki.maemo.org/User:Jebba/Cryptsetup
Have fun.
-Jeff Moe
http://wiki.maemo.org/User:Jebba
http://www.lulzbot.com