loop-AES is a fast and transparent file system and swap
encryption package. loop-AES can be used to encrypt disk partitions,
removable media, swap space and other devices. It provides measures to
strengthen the encryption including passphrase seeds, multiple hash
iterations, MD5 IV and alternating encryption keys.
It provides loadable Linux kernel module (loop.o or loop.ko on
2.6 kernels) that has AES cipher built-in. The AES cipher can be used
to encrypt local file systems and disk partitions.
Loop device encrypts data but does not authenticate
ciphertext. In other
words, it provides data privacy, but does not guarantee that data has
not been tampered with. Admins setting up encrypted file systems should
ensure that neither ciphertext, nor tools used to access ciphertext
(kernel + kernel modules, mount, losetup, and other utilities) can be
trojaned or tampered.
loop-AES does not modify the kernel in any way. This means
that users can still use kernels
which have been patched. The tool worls with works with 2.0.x, 2.2.x,
2.4.x (2.4.7 or later) and 2.6.x kernels.
- Pre-boot authentication
- Custom authentication
- Multiple keys
- Passphrase strengthening
- Hardware acceleration
- Any filesystem supported by the operating system
- Entire disk
- Swap space
- AES cipher is used in CBC (cipher block chaining) mode
- Includes the cipher modules blowfish, twofish and serpent
in addition to the default cipher (AES).
- Three key setup modes are supported; single-key,
multi-key-v2 and multi-key-v3 modes
- Encryption keys are kept in kernel RAM while loop is active
- File system soft block sizes
- Compatibility with other loop encryption implementations
- Encryption keys can be stored in a GnuPG-encrypted keyfile,
which allows the passphrase to be changed without re-encryption
- The key (with all the parameters - key length, algorithm
etc) resides on your encryption partition at the first blocks of your
to Disk Encryption Home Page
Last Updated Saturday, May 26 2012 @ 09:00 AM EDT