This is an old revision of the document!

Table of Contents

Encrypted partitions for DNS-323

It is possible to use losetup and friends to have encrypted partitions on your DNS 323. Currently, this is only possible for the 1.03 firmware, unless you fancy compiling your own kernel modules.

Setting Up

Firstly, you will need to have installed debian under a chroot. Then, install the “loop-aes-utils” package on it.

Next, you need to get the missing kernel modules. These should be placed in /mnt/HD_a2/modules/`uname -a`/, eg /mnt/HD_a2/modules/2.6.12.6-arm1/

Edit your funplug script, and add in the following near the top: 

 # Load extra modules
 cd /mnt/HD_a2/modules/`uname -a`/
 for i in */*.ko; do insmod $i; done

Going Forward

You're now ready to get started with losetup, see http://www.faqs.org/docs/Linux-HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html

To see what crypto drivers you have, do cat /proc/crypto . Most of the crypto drivers will have a small key size than default, so you will almost certainly need to specify something small than losetup would expect, eg losetup -e twofish56 /dev/loop0 /dev/md1 rather than just -e twofish

Crypto speeds

These speeds were found by writing /dev/zero to a 10mb crypto device, and reading it back again. They were run 3 times and averaged. 

aes          - 128 bit - 1.5 MB/s write - 2.1 MB/s read 
blowfish-32  -  32 bit - 2.3 MB/s write - 4.8 MB/s read 
blowfish-48  -  48 bit - 2.3 MB/s write - 4.8 MB/s read 
blowfish-448 - 448 bit - 2.2 MB/s write - 4.7 MB/s read 
blowfish     - 128 bit - 2.2 MB/s write - 4.7 MB/s read 
des3_ede     - 192 bit - 0.6 MB/s write - 1.3 MB/s read
serpent      - 128 bit - 1.9 MB/s write - 4.1 MB/s read
twofish      - 128 bit - 2.1 MB/s write - 4.2 MB/s read
xor          -   1 bit - 2.7 MB/s write - 5.5 MB/s read
twofish-256  - 256 bit - 2.1 MB/s write - 4.2 MB/s read

Navigation
[Edit]
Personal Tools