[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cryptoloop on 2.4.22 won?t work

To: Pasi K?rkk?inen <pasik@iki.fi>
Subject: Re: cryptoloop on 2.4.22 won?t work
From: Ben Slusky <sluskyb@paranoiacs.org>
Date: Mon, 15 Sep 2003 20:13:08 -0400
Cc: Erik Tews <erik@debian.franken.de>, linux-crypto@nl.linux.org
In-Reply-To: <20030914173029.GM1101@edu.joroinen.fi>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Mail-Followup-To: Pasi K?rkk?inen <pasik@iki.fi>,Erik Tews <erik@debian.franken.de>, linux-crypto@nl.linux.org
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <20030910094734.GI5397@vnl.com> <200309101004.h8AA4UKe005722@cft.snafu.priv.at> <20030910102121.GA2393@debian.franken.de> <20030914173029.GM1101@edu.joroinen.fi>
Sender: linux-crypto-bounce@nl.linux.org
User-Agent: Mutt/1.4i

On Sun, 14 Sep 2003 20:30:30 +0300, Pasi K?rkk?inen wrote:
> I couldn't get the fs to work with the new kernel. losetup complained
> something about the encryption type or so (Sorry, I don't have the exact
> error message available now..)

That is to be expected.

> I tried using util-linux 2.12, and encryption type aes-cbc-256 like this:
> 
> hashalot ripemd160 | ./losetup -p0 -e aes-cbc-256 /dev/loop0 /dev/vg0/lv0
>  
> But I couldn't mount the loop0 after this.. so the key was not set up like
> in my patch-int+loop-hvr combo..

Hm... in this case I wouldn't expect it to be. You're using 256-bit
encryption, but the output of RIPEMD-160 is only 160 bits. It is possible
that hashalot sets the remaining bits differently than the old losetup code.

I'll see if I can't fix that, but meantime I strongly recommend that you
re-encrypt with an SHA-256-hashed key (or maybe even SHA-384). Right now
you're really using 160-bit AES.

-- 
Ben Slusky                 | If Apollo 13 went off course today 
sluskyb@paranoiacs.org     | [they'd] open the airlock, flush
sluskyb@stwing.org         | the astronauts out, and re-install
PGP keyID ADA44B3B         | new ones.  -Kibo
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: cryptoloop on 2.4.22 won?t work
  - From: Ben Slusky <sluskyb@paranoiacs.org>

References:
- Re: cryptoloop on 2.4.22 won?t work
  - From: Dale Amon <amon@vnl.com>
- Re: cryptoloop on 2.4.22 won?t work
  - From: Alexander Zangerl <az@snafu.priv.at>
- Re: cryptoloop on 2.4.22 won?t work
  - From: erik@debian.franken.de (Erik Tews)
- Re: cryptoloop on 2.4.22 won?t work
  - From: Pasi Kärkkäinen <pasik@iki.fi>

Prev by Date: Pylon Sale -- Up to 30 Percent Off for a Limited Time
Next by Date: Re: cryptoloop on 2.4.22 won?t work
Prev by thread: Re: cryptoloop on 2.4.22 won?t work
Next by thread: Re: cryptoloop on 2.4.22 won?t work
Index(es):
- Date
- Thread