tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd(4) ciphers


On 30/09/2013 09:37, Jan Danielsson wrote:
> On 9/30/13 9:22 AM, Taylor R Campbell wrote:
> [---]
>> The best two candidates that come to mind are Serpent, which fails
>> only (c) and (d), and Threefish, which seems like a good candidate.
> [---]
>> Thoughts?
>    Yes, oh, yes.
>    But personally, I think that having a good/working root-on-cgd
> solution should be a far higher priority.

Just in case you missed it, and I don't claim it is good (and should
document it) but I have committed a working implementation of
root-on-cgd a few months ago. It uses init.chroot, which I would like to
replace with pivot_root at the very least. See:
(most of the problems mentioned here were addressed in the meantime)
(one commit for init, three for amd64, then one more for i386)

I am using this daily on an amd64 laptop, no problem there.


Home | Main Index | Thread Index | Old Index