dm-crypt is a software that uses device-mapper to provide encrypted storage on Linux.
dm-crypt's configuration interface is flexible and straightforward. Users can specify their desired symmetric cipher, key size, and iv generation mode. This allows for the creation of a new block device in /dev that will encrypt writes and decrypt reads. The user can mount their file system on this device as usual, and without the key, they cannot access their data.
Compared to cryptoloop, dm-crypt boasts a much cleaner code and better suits the need for a block device. Additionally, the on-disk format is compatible, making the transition from cryptoloop to dm-crypt seamless. In the future, users will be able to specify other iv generation modes for enhanced security. However, this will require a full reencryption of the file system.
Support for dm-crypt is available in the official kernel 2.6.4 and can be found on kernel.org. It's recommended to use the mirrors for downloads. Users should note that there is a HIGHMEM cryptoapi bug in kernels before 2.6.4-rc2. It's crucial to upgrade to the latest kernel to avoid encountering this issue.
In summary, dm-crypt is an excellent option for those looking to encrypt their blocks devices. It's easy to use, flexible, and has a clean codebase, making it an ideal choice for Linux users.
Version 0.1: N/A