This release includes some code cleanup and compatibility changes. The '-p' option was added to vncryptctl: it can now read passphrases from any file descriptor.
Now you can encrypt your vnode-based md devices.
You have to recompile your kernel with
device md
options MD_CRYPT
or do
kldload md
kldload mdcrypt
Timeout feature not implemented, but otherwise this patch is compatible with vncrypt (both disks and keyfiles).
Please report any problems.
You can download patch from http://tolok.net/mdcrypt-1.0.diff.gz
A new algorithm was added: AES (Rijndael) in "multi-key" mode. Each disk sector encrypted with its own key, derived from one master key.
A user-level decryption utility was added and can be used for testing bf-cbc encryption mode.
NOTE: this version will compile only with recent 4-STABLE kernels since the blowfish interface in the kernel was changed in late March.
blowfish interface changed is -STABLE kernels on last week. Patch commited to CVS.
I've commited new encryption mode support. It encrypts each disk block on unique key, generated from master key and block number. Possibly it will make linear/differential cryptoanalysis more difficult.
Version 1.0 will be released after i write regression tests for all three modes to ensure they are work correctly.
If someone can translate russian docs to english, your are welcome. Me english is not good enough for this, as you can see :)... read more
vncrypt 1.0-beta2 released. A new encryption module added for AES (Rijndael) in CBC mode, some design docs added (in Russian only)
First beta of vncrypt is avaliable. Features includes blowfish encryption, inactivity timeouts, optional user-configurable devices.
Software works stable, but some important documentation is missing.