On Mon, Mar 24, 2008 at 07:57:43PM -0500, Paul Cutler wrote: > We currently have three issues open regarding adding disk encryption > to Anaconda at time of installation, using three different encryption > methods: > > https://issues.foresightlinux.org/browse/FL-313 : Use cryptsetup > > https://issues.foresightlinux.org/browse/FL-876 : LUKS + LVM > > https://issues.foresightlinux.org/browse/FL-1016 : dmcrypt > > Do we plan on adding encryption support at time of install? I know > it's not a high priority right now, but we've had a few requests for > it. And if so, do we have a preference for which one?
dmcrypt is the low-level support, the kernel backend used both by cryptsetup. LUKS (more particularly, cryptsetup-luks) is intended as a replacement for cryptsetup; it works on volumes that have been set up with cryptsetup (where there is no volume record for what keys to use) but can also write a new style with a volume record in a somewhat standardized format (with both Linux and Windows software now available to read it). Some timing context: Fedora 4 switched to LUKS. See http://luks.endorphin.org/ for the upstream website for LUKS. Because the *default* cipher block chaining mode is vulnerable to some known attacks, it would be best to explicitly select the encrypted salt-sector initialization vector mode instead. _______________________________________________ Foresight-devel mailing list Foresight-devel@lists.rpath.org http://lists.rpath.org/mailman/listinfo/foresight-devel
