[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2.4.x crypto incompatible with 2.2.x crypto
Dan Hollis wrote:
> Anyone determined yet why 2.4.x blowfish loopback crypto can't read 2.2.x
> blowfish loopback crypto?
>
> Is it a bug with the IV or a bug with keysize or what?
>
> (I'm using CONFIG_BLK_DEV_LOOP_USE_REL_BLOCK on 2.2.x, so that's not the
> problem)
This is known problem with Alexander Kjeldaas' international crypto patch.
IV computation is based on block size of the underlying filesystem and
transfer size being exactly one block. In most cases (but not always) 2.2
kernels do that, so it mostly works for 2.2 kernels. However, 2.4 kernels
often prefer PAGE_CACHE_SIZE size transfers, so your data is nuked.
If you don't want to play russian roulette with your data, you should
consider using loop-AES package. loop-AES package does AES enryption with
128, 192 and 256 bit keysizes, and is immune to variations in transfer size
and does not depend on filesystem block size.
http://members.surfeu.fi/ce6c8edf/loop-AES-v1.1b.tar.bz2
md5sum 61e521a383ce9a90c3f7b98bcf789813
http://members.surfeu.fi/ce6c8edf/loop-AES-v1.1b.tar.bz2.sign
http://members.surfeu.fi/ce6c8edf/PGP-public-key.asc
1024/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/