Google
  Web www.spinics.net

Re: Kubuntu 7.10 64bit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Rudolf Deilmann <rudolf.deilmann@xxxxxxxxx> wrote:
> It's an documented feature of bash:
> http://www.network-theory.co.uk/docs/bashref/Redirections.html
> there is even another way to do the same ;)
> PLAIN=$(cat /upscript.gpg | gpg --decrypt --no-tty --quiet \
>        --passphrase-fd 8 8< <(echo "$PASS"))
> I wonder, why it doesn't work on your system. Perhaps, your script is
> still executed by dash.

Feature of bash or not, the fact is it didn´t work. My impression was just it looks a bit awkward. Scripts can be structured in many ways. Concerning the loopcrypt script I can only offer you to send an example and I will copy & paste it with no modification. Today I installed KDE 4.0 additionally, just to take a look at it. I´m not going to lose precious data if this installation gets damaged.

> there is another useful thing, that is easy to configure:
> /etc/initramfs-tools/conf.d/resume
> suspend-to-disk is possible (of course, the swap parition must be
> encrypted with the same 65 keys every time) 
> You only need to map the swap-partition to /dev/loopX
> in /etc/initramfs-tools/scripts/local-top/loopcryptup and add this
> new device to /etc/initramfs-tools/conf.d/resume
> (I haven't tested it with an actual version of ubuntu till now, because
> I don't need it. In previous releases, you also need to change a line
> in /etc/acpi/hibernate.sh, if you want to use /dev/loopX instead of
> UUID,... )

Hibernation was the top feature in Win2k. My box runs for so many hours, I´m glad to log on to a fresh session every now and then. Laptop users might appreciate this. For swap encryption I decided to use this:

/etc/rcS.d/S09losetup
---
#!/bin/sh

/sbin/losetup -e AES256 -H random/1777 -s XXX /dev/loop1 /dev/hdb
mkswap /dev/loop1
---

In this way a fresh key is used at each boot. The space where once the partition table was is now used for swap, too.
I ran swap with up to 4 layers of encryption. The main point is, all ciphers apart from AES are slow. Since AES was optimized for AMD64 it is the best choice. 4 mixed 256-bit layers (aes, twofish, serpent, aes) end up somewhere little above 10 MB/sec. which makes no sense. Single core machines are no match for this.

Best regards
Peter
-- 
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Add to Google