Next Previous Contents

2. Introduction

The process uses the device '/dev/loop*' (where * can be 0-7 on most installations) to mount a loopback filesystem. The same process can be used without encryption to store a linux filesystem on a non-linux partition. There is a HOWTO on this at the LDP site mentioned previously.

Different types of encryption can be used, including XOR, DES, twofish, blowfish, cast128, serpent, MARS, RC6, DFC, and IDEA. The program 'losetup' (loopback setup) is what associates your encrypted file with a filesystem and it's cipher type. According to Alexander Kjeldaas, who maintains kerneli.org and the international crypto patches, DES and losetup are currently incompatible. This is due to differences in the way the two handle parity bits. There are no plans to support DES as it is much more insecure than the other ciphers.

Twofish, blowfish, cast128, and serpent are all licensed free for any use. The others may or may not have licensing restrictions. Several of them are candidates for the AES standard. The finalists will provide royalty free use of their ciphers worldwide.

This document uses the serpent algorithm because it is strong yet remarkably fast, and it's freely distributable under the GPL. According to it's documentation, serpent uses a 128-bit block cipher designed by Ross Anderson, Eli Biham and Lars Knudsen. It provides users with the highest practical level of assurance that no shortcut attacks will be found. The documentation on serpent as well as the source code can be found at:

http://www.cl.cam.ac.uk/~rja14/serpent.html

Also, this document assumes that the ciphers are compiled directly into the kernel. You may install them as modules, but the technique is not discussed in this document. You will have to edit the file '/etc/conf.module'; the process is discussed in detail in the kernel compilation HOWTO referenced previously.


Next Previous Contents