2. Enabling strong crypto in your system

2.1. Installing Linux-2.4.22

There are two main projects which add strong crypto support in the kernel: CryptoAPI and loop-aes. This howto uses loop-aes, since it has an extremely fast and highly optimized implementation of Rijndael in assembly language, and therefore provides maximum performance if you have an IA-32 (x86) CPU.

First of all, download and unpack the kernel sources:

ftp://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2

You also have to download and unpack:

http://loop-aes.sourceforge.net/loop-AES/loop-AES-v1.7e.tar.bz2

Then you must patch the kernel:

linux-2.4.22 $ patch -Np1 -i ../loop-AES-v1.7e/kernel-2.4.22.diff

Next, configure your kernel; make sure the following options are set:

    Block devices  --->

        <*> Loopback device support
        [*]   AES encrypted loop device support (NEW)

        <*> RAM disk support
        (4096)   Default RAM disk size (NEW)
        [*]   Initial RAM disk (initrd) support

Setup the keyboard map:

linux-2.4.22 $ dumpkeys | loadkeys -m - > drivers/char/defkeymap.c

Compile the kernel, install it and reboot.

2.2. Installing util-linux-2.12pre

The losetup program, which is part of the util-linux package, must be patched and recompiled in order to add strong cryptography support.

Download and unpack:

http://ftp.cwi.nl/aeb/util-linux/util-linux-2.12pre.tar.gz

cd into util-linux-2.12pre and apply this patch:

$ patch -Np1 -i ../loop-AES-v1.7e/util-linux-2.12pre.diff

To use passwords that are less than 20 characters, enter:

$ CFLAGS="-O2 -DLOOP_PASSWORD_MIN_LENGTH=12"; export CFLAGS

If security is important, please do not enable passwords shorter than 20 characters. Security is not free, one has to 'pay' in form of long passwords.

Compile losetup and install it as root:

$ ./configure && make lib mount

# cp mount/losetup /sbin
# rm -f /usr/share/man/man8/losetup.8.gz
# cp mount/losetup.8 /usr/share/man/man8