grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: truecrypt support in grub ?


From: Alon Bar-Lev
Subject: Re: truecrypt support in grub ?
Date: Thu, 16 Apr 2009 21:42:18 +0300

Correct.

Stronger encryption is offered by loop-aes [1], and it also has a
simper on-disk format.

The main problem an encryption solution should address is where the
keys are stored.

A password only based encryption is considered weak.

Placing the keys on external media, such as USB Mass storage device is
better, protecting the key on the USB Mass storage device is even
better.

Placing keys on cryptographic hardware is almost the best solution...

The best solution is to have a cryptographic device with no
extractable keys on the SATA/IDE bus...

The main problem is that to support all these sequences and devices in
a boot loader is somewhat difficult.

I use decrypted boot partition with loop-aes and cryptographic hardware [2].

When the Linux kexec method will be actually usable, I may consider to
kexec a kernel within the encrypted partition. The problem is how to
guarantee a clean hand-over.

Alon

[1] http://loop-aes.sourceforge.net/
[2] http://wiki.tuxonice.net/EncryptedSwapAndRoot


On 4/16/09, phcoder <address@hidden> wrote:
> Is there any info about the truecrypt booting process too? This is more
> important than being able to read truecrypted files because I don't think
> that anyone wants to boot linux from truecrypt when luks is faster, better
> integrated and provides similar set of features
>  I don't see it on the link you provided. Whirlpool is based on tweaked
> rijndael which is already a part of your patch. And LRW and xts are used
> (and recommended) for luks too.
>  Michael Gorven wrote:
>
> > On Thursday 16 April 2009 18:27:33 phcoder wrote:
> >
> > > Why don't you help us with that? Install truecrypt, dump mbr and mbr
> > > gap. Disassemble mbr and send an explanation of what it does in plain
> > > english here
> > >
> >
> > There seems to be a decent specification[1] of the TrueCrypt format on
> their website. It would probably need an additional hash (Whirlpool) and
> cipher modes (XTS and LRW).
> >
> > Michael
> >
> > [1] http://www.truecrypt.org/docs/technical-details
> >
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Grub-devel mailing list
> > address@hidden
> > http://lists.gnu.org/mailman/listinfo/grub-devel
> >
>
>
>  --
>
>  Regards
>  Vladimir 'phcoder' Serbinenko
>
>
>  _______________________________________________
>  Grub-devel mailing list
>  address@hidden
>  http://lists.gnu.org/mailman/listinfo/grub-devel
>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]