Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Encrypted Root File System, Swap, etc...
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 11, 12, 13  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Warped_Dragon
Tux's lil' helper
Tux's lil' helper


Joined: 16 Sep 2004
Posts: 143
Location: Canada Eh?

PostPosted: Thu Dec 09, 2004 6:31 pm    Post subject: Reply with quote

EDIT: Nevermind.... *sigh* forgot to *load* the loop-aes module......



Ok... first, sorry for dragging up an old thread, but I need a wee bit of help, and the gentoo forums have enough threads as it is ;)

I'm trying this out on my laptop ("this" being encrypting the entire filesystem and using a cd to boot). I've downloaded the latest loop-aes and compiled it, set up my kernel as the loop-aes readme specifies, compiled util-linux and gnupg with the patches that came with loop-aes.

Now, I've hit a bit of a stumbling block. Running "make tests" to ensure the loop-aes kernel module compiled correctly dies really soon. Why? There are no loop devices in my /dev directory. None. Nada. That's a problem, I'm thinking.... how do I go about adding them? My guess would be enabling loop devices in the kernel.... except that I'm not supposed to do that. I'm using 2.6.9-gentoo-r9 and udev, by the way.

Once I get this solved, I think I should be able to do this.

Oh, and another question. Since I had to compile my own util-linux and gnupg, how would I stop emerge from upgrading them (thus undoing my patched versions), and from recompiling the (or, what it thinks is the) current installed version, say on an emerge -e? I put them both in /etc/portage/package.mask, but I'm wondering if theres anything else to do as well. Removing them from my worldfile doesn't seem like a smart plan, as something will surely try to remerge them as dependencies....
_________________
I could put my system specs in my sig, but I'm not a plonker, so...
Back to top
View user's profile Send private message
xbmodder
Guru
Guru


Joined: 25 Feb 2004
Posts: 404

PostPosted: Sun Dec 12, 2004 12:33 am    Post subject: Reply with quote

with AES 256
Tiotest results for 4 concurrent io threads:
,----------------------------------------------------------------------.
| Item | Time | Rate | Usr CPU | Sys CPU |
+-----------------------+----------+--------------+----------+---------+
| Write 40 MBs | 1.2 s | 34.517 MB/s | 0.5 % | 65.1 % |
| Random Write 16 MBs | 0.2 s | 69.030 MB/s | 1.3 % | 117.9 % |
| Read 40 MBs | 0.2 s | 182.866 MB/s | 0.0 % | 173.2 % |
| Random Read 16 MBs | 0.1 s | 180.306 MB/s | 5.8 % | 183.4 % |
`----------------------------------------------------------------------'
Tiotest latency results:
,-------------------------------------------------------------------------.
| Item | Average latency | Maximum latency | % >2 sec | % >10 sec |
+--------------+-----------------+-----------------+----------+-----------+
| Write | 0.172 ms | 465.666 ms | 0.00000 | 0.00000 |
| Random Write | 0.069 ms | 170.724 ms | 0.00000 | 0.00000 |
| Read | 0.049 ms | 112.693 ms | 0.00000 | 0.00000 |
| Random Read | 0.035 ms | 40.625 ms | 0.00000 | 0.00000 |
|--------------+-----------------+-----------------+----------+-----------|
| Total | 0.094 ms | 465.666 ms | 0.00000 | 0.00000 |
`--------------+-----------------+-----------------+----------+-----------'


none
Tiotest results for 4 concurrent io threads:
,----------------------------------------------------------------------.
| Item | Time | Rate | Usr CPU | Sys CPU |
+-----------------------+----------+--------------+----------+---------+
| Write 40 MBs | 0.8 s | 52.141 MB/s | 0.8 % | 113.5 % |
| Random Write 16 MBs | 0.2 s | 88.695 MB/s | 1.1 % | 97.1 % |
| Read 40 MBs | 0.2 s | 192.995 MB/s | 2.9 % | 183.8 % |
| Random Read 16 MBs | 0.1 s | 178.302 MB/s | 2.3 % | 188.3 % |
`----------------------------------------------------------------------'
Tiotest latency results:
,-------------------------------------------------------------------------.
| Item | Average latency | Maximum latency | % >2 sec | % >10 sec |
+--------------+-----------------+-----------------+----------+-----------+
| Write | 0.139 ms | 295.947 ms | 0.00000 | 0.00000 |
| Random Write | 0.040 ms | 17.762 ms | 0.00000 | 0.00000 |
| Read | 0.056 ms | 105.013 ms | 0.00000 | 0.00000 |
| Random Read | 0.035 ms | 39.161 ms | 0.00000 | 0.00000 |
|--------------+-----------------+-----------------+----------+-----------|
| Total | 0.081 ms | 295.947 ms | 0.00000 | 0.00000 |
`--------------+-----------------+-----------------+----------+-----------'



both mounted on loops
not my root file system
a 100 MB ext3 file system

/proc/cpuinfo

processor : 0
vendor_id : AuthenticAMD
cpu family : 6
model : 8
model name : AMD Athlon(tm) MP 2400+
stepping : 1
cpu MHz : 2000.991
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mp mmxext 3dnowext 3dnow
bogomips : 3940.35

processor : 1
vendor_id : AuthenticAMD
cpu family : 6
model : 8
model name : AMD Athlon(tm) Processor
stepping : 1
cpu MHz : 2000.991
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mp mmxext 3dnowext 3dnow
bogomips : 3997.69

/proc/meminfo
MemTotal: 904452 kB
MemFree: 162224 kB
Buffers: 127052 kB
Cached: 292444 kB
SwapCached: 608 kB
Active: 405572 kB
Inactive: 290488 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 904452 kB
LowFree: 162224 kB
SwapTotal: 5012228 kB
SwapFree: 5009580 kB
Dirty: 62012 kB
Writeback: 0 kB
Mapped: 340320 kB
Slab: 30464 kB
Committed_AS: 402428 kB
PageTables: 2044 kB
VmallocTotal: 122804 kB
VmallocUsed: 25060 kB
VmallocChunk: 96176 kB






-----------------------------------------------------------
anything else post!
Back to top
View user's profile Send private message
echto
Tux's lil' helper
Tux's lil' helper


Joined: 30 Jun 2002
Posts: 107

PostPosted: Fri Mar 04, 2005 2:55 am    Post subject: Reply with quote

Tape! Tar the data, pipe it to gpg, and write it to tape. :) Then keep the keys on a usb drive in your pocket. 8)


alexander_g_1 wrote:
hi all,

what a lovely thread, thanx for this one!! :-)

my question for today is:

if i encrypt let's say f.e. /dev/hda und /dev/hdb (which is 200 gig altogether).....what would be the best method to do a full desaster recovery backup (encrypted) just in case one of the hdd's goes defect with the time ?

200 gig getting burned on 700 mb cd's would be to time consuming of course.

any ideas ?

Best Regards,

Alexander
Back to top
View user's profile Send private message
JloR
n00b
n00b


Joined: 29 Jun 2004
Posts: 43
Location: Denmark

PostPosted: Wed Jul 12, 2006 2:16 pm    Post subject: Reply with quote

Resurrecting an ooold thread :) One of the best in here though, imo.


I'm playing around with this, bought an 80gb hitachi disk for the laptop for this single purpose.. And I've read through most of the pages here, a few in the beginning and a few in the end.
But would I be wrong to assume that you no longer need to manually download and compile loop-aes and util-linux? Don't the newer loop-aes ebuilds do the patching for you?

loop-aes-3.1d depends on util-linux being built with the crypt feature in it.



I realize this might be a silly question, but I am slightly confused. And if I could get around the manual compile and patching, I would be happy happy - mainly because I wouldn't want to redo this every time I recompile a kernel.
_________________
-- Jakob L. O. Rosenlund
Back to top
View user's profile Send private message
ozric
n00b
n00b


Joined: 13 Oct 2006
Posts: 28
Location: Örebro, Sweden

PostPosted: Sun Oct 15, 2006 3:49 pm    Post subject: Reply with quote

Well I for one can't seem to make it. Does this procedure work with kernel 2.6.x?

In fact, I think I'm going crazy. Good thing I seem to learn something every time I mess up my system though :oops:

Can someone perhaps recomend a newer guide for loop-aes and encrypting the root partition (if its even needed, chances are that I am just not understanding this enough to make it werk)?

edit: Never mind, the problem for me was just pure lameness. I actually read the loop-aes readme, followed those instructions rather than Chadders' ones and it worked like a charm. Using Knoppix as a rescue system was very useful though, so thanks for that tip, Chad-man.
Back to top
View user's profile Send private message
selig
Guru
Guru


Joined: 31 Jul 2005
Posts: 425
Location: Prague, Czech Republic

PostPosted: Wed Dec 06, 2006 12:54 pm    Post subject: Reply with quote

Instead of compiling the loop-aes from the official package by hand, you can now use the ebuild. "emerge loop-aes" is sufficient. Other than that, I think this howto is still OK. But I would recommend not to leave the keys lying around on hard disk, take them with you on a floppy disk, USB stick or similar removable media. That way your data will be protected twice, because you need both the passphrase and encrypted key to be able to access the system. I will try and benchmark different ciphers today, but so far I like "serpent" the most.
Back to top
View user's profile Send private message
selig
Guru
Guru


Joined: 31 Jul 2005
Posts: 425
Location: Prague, Czech Republic

PostPosted: Fri Dec 15, 2006 1:33 pm    Post subject: Reply with quote

From what I have tried AES seems to be the fastest option (on my Pentium4-m 1.7GHz I get about 9MB/s for AES256 encryption), but the harddrive in my notebook is slow anyway, so I opted for Serpent 192 (about 7MB/s encryption on my hardware).
If you are using a journalling filesystem and you are journalling only filesystem metadata you can probably use an external journal to increase speed. (I am doing that and it works nicely) By journalling all data you get a security compromise, because someone could read the actual data from the journal (usually 32-128MB, which is not negligible). I do not think having access to metadata modifications provides a big security risk. It probably provides the potential attacker with some plaintext, which could maybe lower the security of AES encryption (its number of rounds is not too high..). On the other hand, AES is faster so you do not have to use tricks with external journal with it. I trust Serpent. :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 11, 12, 13
Page 13 of 13

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum