[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerneli patch and aes over loopback

To: mailing-list - linux-crypto <linux-crypto@nl.linux.org>
Subject: Re: kerneli patch and aes over loopback
From: Pavel Minev Penev <kal_pav@sz.techno-link.com>
Date: Sun, 2 Jun 2002 16:36:29 +0300
In-Reply-To: <1015814006.421.37.camel@milet>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Mail-Followup-To: mailing-list - linux-crypto <linux-crypto@nl.linux.org>
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <1015814006.421.37.camel@milet>
Reply-To: linux-crypto@nl.linux.org
Sender: linux-crypto-bounce@nl.linux.org
User-Agent: Mutt/1.3.23i

On Mon, Mar 11, 2002 at 03:33:21AM +0100, m96 wrote:
> 1) is there is a way to specify the aes encryption with whatever key
> length over the command line? like:
> 
> losetup -e aes128 /dev/loop0 crypto
> 
> because this gives the error:
> 
> The cipher does not exist, or a cipher module needs to be loaded into
> the kernel
> ioctl: LOOP_SET_STATUS: Invalid argument
> 
> but my /proc/crypto/cipher/ shows:
> 
> -r--r--r--    1 root     root            0 Mar 11 03:28 aes-cbc
> -r--r--r--    1 root     root            0 Mar 11 03:28 aes-ecb
> 
> 
> if i only give the following line losetup asks me which key length i
> want to use:
> 
> losetup -e aes /dev/loop0 crypto 
> Available keysizes (bits): 128 192 256 
> Keysize:
> 
> this way i can't use the '-p' option of losetup to get the passwd over
> file descriptor. and that's bad.....

Yes. You should use
`losetup -e cipher -k keysize /dev/loopDEV path_to_underlying_file`.
See losetup(8). You pass the cipher name to the "-k" option, and there
is no cipher named "aes128".

> 2) is there a way to find out if the given passwd is correct or not
> before trying to mount the fs and notice that mounting fails because of
> bad passwd? something like....
> 
> mount: wrong fs type, bad option, bad superblock on /dev/loop0,
>        or too many mounted file systems

I hope there isn't. And there shouldn't be -- the puprpose of
cryptography is to make your data accessable only to those who know the
password, if there was a way to tell if a password is invalid, there
would have been a way to brute force your encrypted partition
(a character in a password usually give about 5 bits of data, and thus
an 8-character password gives 5*8 = 40 bits which is breakable, and far
less secure than a 256-bit crypto key).

> 3) is there a way to change the passwd? because for example if the user
> has the same passwd as the login passwd and now someone find out the
> passwd. what now???? is the only solution for this creating a new crypto
> file and copying all it's content from one to an other?

I'm sure there is, but I don't know it.

Success,
-- 
Pav
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: kerneli patch and aes over loopback
  - From: Jean-Luc Cooke <jlcooke@certainkey.com>

Prev by Date: Re: new article/howto for cryptoapi
Next by Date: Re: kerneli patch and aes over loopback
Prev by thread: Re: new article/howto for cryptoapi
Next by thread: Re: kerneli patch and aes over loopback
Index(es):
- Date
- Thread