loop-aes is faster. Ask the mailing lists if you want someone to explain the reasons. loop-aes has other neat crypto projects like aespipe as well. In genereal I agree with the framework, I however don't think that I trust it yet. If it's better, I will hear a great deal about it and I imagine, jari would merge or do something like that.
It only requires that you patch util-linux which kerneli also requires. So your choice is to use loop-aes or kerneli with the main difference being a single up to date patch (for each new kernel) with loop-aes or you can be confused why kerneli doesn't even have patches for the last FOUR kernels in the 2.4.x branch.
Kerneli isn't a worth while choice anymore and it hasn't been as long as jari has been working on the AES(blowfish, serpent,twofish,etc) support. I suggest you stop trolling and use it;-p
Wow, you just have no idea about this do you? I don't mean to sound rude but you are really talking about something you don't know. This isn't so nice as it's trashing a very good product of the free software movement.
Let me demonstrate, http://loop-aes.sourceforge.net/ciphers.README says: (snip) 1. General information These cipher modules are intended to be used in combination with loop-AES version v1.7b or later and linux kernel versions 2.2 or later.
New versions are announced at linux-crypto mailing list:
http://mail.nl.linux.org/linux-crypto/
http://marc.theaimsgroup.com/?l=linux-crypto (sni p) 4. Cipher names that are available to losetup and mount programs
And just to make it really clear, you can still use other stuff: (snip) 6. Compatibility with other loop encryption implementations
To use (big-endian-)serpent, AES, twofish, or blowfish disk images encrypted using kerneli.org 512-byte-IV version (which uses RIPE-MD160 as password hash), use commands like... (snip)
So if you want to keep going on about something you don't know, feel free. Loop-aes is faster (it's written in assembler for speed and in C so that it's portable) and it even supports everything you asked for. So with that said, if you have an interest in it now, great! If not and you just want to argue, it's not really worth the time. Try to do some research and then you won't be spreading so much fud. Unless that's really all you're interested in, then by all means, go ahead and make a jack ass out of yourself.
What a load of shit. loop works just fine and if you want crypto use the fucking loop-aes.sf.net package for loop.o. It's near perfect. You can do everything and more with it.
Planting non GMO WHEAT in someone elses field to arouse awareness!
And the fire that killed who? Who started that fire? I haven't even heard the persn reporting state that fact. Hanging banners is a dangerous job but death by fire? What?
And blocking access to the oil with non violent means.
So you think we should beat up ghandi (forget for a moment that he is dead) next time he steps into town with a non violent protest?
Or is the past ok with non violent protest because it's the past? What is the difference with MLK and other non violent protests?
As for your second point, I'd like to see Greenpeace held accountable for their actions (which often do more to damage their case than anything else). At the very least they should be forced to change their name to something more honest.
Care to back that up? What actions are those that you speak of? Non-violence of people counting animals in the forest? And what would you suggest as a name for them?
Run on more than one platform: x86 Linux can't run on PPC. PPCLinux can't run on x86. Even if you recompile from source to avoid the endian problem, you still won't have much luck.
What the fuck are you talking about? The kernel is written in C. There are certian patches that Ben H has for the PowerPC platform that don't apply to x86 and vice versa (ie device drivers, etc) but you can compile a copy of any modern kernel on a mac and boot it with zero problems.
And what are you talking about endian problems for? That's not a problem unless you rip a PCM audio stream and then copy it to another platform before encoding it.
Seriously. Where do you get this stuff?
Yes, Linux has versions for more platforms than OS X, but weren't we talking about tasks that you would run on a specific server? Moving the OS to another platform is not something you are likely to attempt.
First off, linux doesn't have versions for more platforms. The kernel supports different platforms. It's just a feature of the kernel.
If I had a mac, I would switch to linux in a second. It's not as hardened as linux is, it's not as beaten on. It's got an upgrade cycle that's going nuts with binary compatibility. It's insanity.
When one has an opinion on an event that hasn't happened to them yet but has a culture to influence them, they are speculating. Their response will vary but ultimatly, they have no idea if they will have anything happen to them.
If you were to look at the sky and see a light. Culture would influence you as well. It might tell you that this is a god, a star, a craft, etc
One thing that sets the second example apart from the first is that the first is speculation based on events that we cannot relay back, as where the second is something that one can relate as an event that has/had/is occur/ing/ed.
The cisco client is the most secure from what a good friend of mine explained tonight. The way that the clients are "locked" is not a normal VPN setup, the exception being cisco.
Anyway it's like 3am or something but the point is that it's possible to get a client to install the cert because of the yes mentality of windows, the screen shot shows it.
As long as your not using a VPN that doesn't check host keys, one that doesn't alert you to changed keys, ssh1 or an SSL type of VPN, sure.
It's trival to set up a man in the middle attack for a client if you control the server.
Think about it like this: A new employee shows up and gets his laptop. He signs on for the first time and get's a host key changed (even if the key was already stored on the laptop by the IT dept.)
What does he do? Go make a fool out of himself? (I would go talk to the IT guys, would your new hire?)
I would guess (and I have seen it happen) people would just allow it to happen.
If the attacker has even a $100 budget he can even route the traffic over to the real network and then the person won't ever know.
It's possible, it was done at black hat last year. I had a long discussion with the guys that did it, it was impressive, social engineering through technical means.
Assuming that your clients ARE never allowed to click "accept anyway?" when it comes to SSL certs.
You might be correct.
I think that this is *more* secure than something as simple as just WEP. But with that said, I think you really should check out the black hat demo from last year.
The point is that the client chooses to associate with the rouge network.
I am not talking about breaking 1024bit PKI, that's foolish. I am talking about breaking the implementation that involves humans.
If I can get a client to send me the right information, I can then pretend to be the client when I talk to the real server.
Slashdot Mirror
Just reminding ;-)
Better watch out, remember what happened to the last guy that said that!
In california, he got a year in prison.
And he started serving, what, last week?
Uh No.
Part of the point here is that it's not a law the applies to anyone but an ISP.
It's a strong arm that may be followed up with a legal document.
The main thing to remember is that, it's an unlawful threat, so it SHOULDN'T be followed up.
No no, dying is before it's dead.
Be INC. killed the BeOS.
Be is dead, so is the BeOS.
Which sucks because I have a fucking BeBox sitting in my closet.
It's not FreeBSD.
3 07.html
Read this http://www.nblug.org/pipermail/talk/2002-June/001
You still need the patch, look at cryptoapi.org.
loop-aes is faster. Ask the mailing lists if you want someone to explain the reasons. loop-aes has other neat crypto projects like aespipe as well. In genereal I agree with the framework, I however don't think that I trust it yet. If it's better, I will hear a great deal about it and I imagine, jari would merge or do something like that.
As of 2.4.22 yes cryptoapi is in the kernel. You still have to patch userland tools. However, cryptoapi isn't as useful as loop-aes.
It only requires that you patch util-linux which kerneli also requires. So your choice is to use loop-aes or kerneli with the main difference being a single up to date patch (for each new kernel) with loop-aes or you can be confused why kerneli doesn't even have patches for the last FOUR kernels in the 2.4.x branch.
;-p
Kerneli isn't a worth while choice anymore and it hasn't been as long as jari has been working on the AES(blowfish, serpent,twofish,etc) support. I suggest you stop trolling and use it
Wow, you just have no idea about this do you?
i p)
...
I don't mean to sound rude but you are really talking about something you don't know.
This isn't so nice as it's trashing a very good product of the free software movement.
Let me demonstrate, http://loop-aes.sourceforge.net/ciphers.README says:
(snip)
1. General information
These cipher modules are intended to be used in combination with loop-AES
version v1.7b or later and linux kernel versions 2.2 or later.
Latest version of this package can be found at:
http://loop-aes.sourceforge.net/
http://members.surfeu.fi/ce6c8edf/ (limited downloads)
New versions are announced at linux-crypto mailing list:
http://mail.nl.linux.org/linux-crypto/
http://marc.theaimsgroup.com/?l=linux-crypto
(sn
4. Cipher names that are available to losetup and mount programs
loop_twofish.o twofish128 twofish160 twofish192 twofish256
loop_blowfish.o blowfish128 blowfish192 blowfish256
loop_serpent.o serpent128 serpent192 serpent256
(snip)
And just to make it really clear, you can still use other stuff:
(snip)
6. Compatibility with other loop encryption implementations
To use (big-endian-)serpent, AES, twofish, or blowfish disk images encrypted
using kerneli.org 512-byte-IV version (which uses RIPE-MD160 as password
hash), use commands like
(snip)
So if you want to keep going on about something you don't know, feel free. Loop-aes is faster (it's written in assembler for speed and in C so that it's portable) and it even supports everything you asked for. So with that said, if you have an interest in it now, great! If not and you just want to argue, it's not really worth the time. Try to do some research and then you won't be spreading so much fud. Unless that's really all you're interested in, then by all means, go ahead and make a jack ass out of yourself.
What a load of shit.
loop works just fine and if you want crypto use the fucking loop-aes.sf.net package for loop.o.
It's near perfect. You can do everything and more with it.
Yea those fucking terrorists!
Planting non GMO WHEAT in someone elses field to arouse awareness!
And the fire that killed who?
Who started that fire? I haven't even heard the persn reporting state that fact.
Hanging banners is a dangerous job but death by fire? What?
And blocking access to the oil with non violent means.
So you think we should beat up ghandi (forget for a moment that he is dead) next time he steps into town with a non violent protest?
Or is the past ok with non violent protest because it's the past? What is the difference with MLK and other non violent protests?
As for your second point, I'd like to see Greenpeace held accountable for their actions (which often do more to damage their case than anything else). At the very least they should be forced to change their name to something more honest.
Care to back that up?
What actions are those that you speak of? Non-violence of people counting animals in the forest?
And what would you suggest as a name for them?
Can you point me to how you have set this up?
I would really like to setup something like that for my backup server with loop-aes hacked in there.
It would rock my world if you could point this out to me.
Run on more than one platform: x86 Linux can't run on PPC. PPCLinux can't run on x86. Even if you recompile from source to avoid the endian problem, you still won't have much luck.
What the fuck are you talking about?
The kernel is written in C.
There are certian patches that Ben H has for the PowerPC platform that don't apply to x86 and vice versa (ie device drivers, etc) but you can compile a copy of any modern kernel on a mac and boot it with zero problems.
And what are you talking about endian problems for? That's not a problem unless you rip a PCM audio stream and then copy it to another platform before encoding it.
Seriously. Where do you get this stuff?
Yes, Linux has versions for more platforms than OS X, but weren't we talking about tasks that you would run on a specific server? Moving the OS to another platform is not something you are likely to attempt.
First off, linux doesn't have versions for more platforms. The kernel supports different platforms. It's just a feature of the kernel.
If I had a mac, I would switch to linux in a second. It's not as hardened as linux is, it's not as beaten on. It's got an upgrade cycle that's going nuts with binary compatibility. It's insanity.
That logic doesn't hold water.
When one has an opinion on an event that hasn't happened to them yet but has a culture to influence them, they are speculating. Their response will vary but ultimatly, they have no idea if they will have anything happen to them.
If you were to look at the sky and see a light. Culture would influence you as well. It might tell you that this is a god, a star, a craft, etc
One thing that sets the second example apart from the first is that the first is speculation based on events that we cannot relay back, as where the second is something that one can relate as an event that has/had/is occur/ing/ed.
So your dead wrong.
So I have a question, how can you represent every atom, gluon and quark with an address? That would be an infinite loop, no?
Thanks for saying that so I didn't have to.
Yes. But this is my feeling for this matter and hold s no merit.
Why don't you ask someone there if they mind someone else making that choice for them?
Their government is totally different from ours in the sense of a strong religious background that is the foundation of law making.
So you don't live in america?
Because our morality and legal system certianly has it's roots with christ.
Are they actually saying that someone inducing thought into their culture from the west might cause an uproar?
*Gasp*
That questioning the truth is a bad thing?
Could you post one?
I would Love to see it, it would make my day.
Well I agree and disagree.
I agree that yu can do it with 5-8 millon packets, it just takes about 1050 weak IV packets.
I disagree that it's not possible to brute force the key, such software is out there.
http://216.239.33.100/search?q=cache:H4yZmoxSGLIJ: www.blackhat.com/presentations/bh-usa-02/baird-lyn n/bh-us-02-lynn-802.11attack.ppt+black+hat+2002+ai r+jack&hl=en&ie=UTF-8 Is an alright source for this but pretty barren.
The cisco client is the most secure from what a good friend of mine explained tonight. The way that the clients are "locked" is not a normal VPN setup, the exception being cisco.
Anyway it's like 3am or something but the point is that it's possible to get a client to install the cert because of the yes mentality of windows, the screen shot shows it.
I agree, a vpn is a good way to secure it.
As long as your not using a VPN that doesn't check host keys, one that doesn't alert you to changed keys, ssh1 or an SSL type of VPN, sure.
It's trival to set up a man in the middle attack for a client if you control the server.
Think about it like this:
A new employee shows up and gets his laptop.
He signs on for the first time and get's a host key changed (even if the key was already stored on the laptop by the IT dept.)
What does he do?
Go make a fool out of himself? (I would go talk to the IT guys, would your new hire?)
I would guess (and I have seen it happen) people would just allow it to happen.
If the attacker has even a $100 budget he can even route the traffic over to the real network and then the person won't ever know.
It's possible, it was done at black hat last year.
I had a long discussion with the guys that did it, it was impressive, social engineering through technical means.
Point and click means an easier attacker.
Assuming that your clients ARE never allowed to click "accept anyway?" when it comes to SSL certs.
You might be correct.
I think that this is *more* secure than something as simple as just WEP. But with that said, I think you really should check out the black hat demo from last year.
The point is that the client chooses to associate with the rouge network.
I am not talking about breaking 1024bit PKI, that's foolish. I am talking about breaking the implementation that involves humans.
If I can get a client to send me the right information, I can then pretend to be the client when I talk to the real server.
Makes sense?