[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Loop-AES

To: John Poirier <jpoirier@xxxxxxxx>
Subject: Re: Loop-AES
From: Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 03 Jul 2004 14:22:02 +0300
Cc: linux-crypto@xxxxxxxxxxxx
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <0439D1AE-CC7F-11D8-80B0-0003939F4092@case.edu>
Sender: linux-crypto-bounce@xxxxxxxxxxxx

John Poirier wrote:
> I made encrypted a pair of disks using loop-AES on Debian Woody. I 
> recently formatted my system disk to Gentoo. I saved the encryption 
> keys for the other disk. The script I had written called for this:
> 
>   losetup -e aes -k 128 -p 0 /dev/loop0 /dev/hde > /keyfile
> 
>   In other words, create a loopback device based on this hard disk and 
> unencrypt it using the AES cipher and the contents of "keyfile" which 
> is a 128 bit key.
> 
> So what I did after I installed Gentoo was download the freshest 
> util-linux and aes-loop. I patched util-linux and compiled with no 
> problem and I was able to make and install loop.ko with no problem as 
> well. I compiled my kernel without loopback support as called for by 
> install docs, and loaded loop.ko using
> 
>   modprobe loop
> 
>   modprobe -l verifies that it is loaded.
> 
> So far so good. The problem is that this version of losetup no longer 
> takes the -k option and I can't remember what version I was using 
> before. I also can't remember if I used patched util-linux or something 
> else. Okay, so i changed "aes" to "aes-128". Now I enter the command:
> 
>   losetup -e aes-128 -p 0 /dev/loop0 /dev/hde > /keyfile
> 
>   I get no errors, but when I try to mount loop0 I get told that it 
> can't find a filesystem on the device. Is this a problem with the 
> "offset"? Why have the parameters of this program changed? I'm not sure 
> what's going on here. In fact, I don't even really know if it is the 
> kernel, the binary or my configuration that is screwing things up for 
> me and don't know how to tell.

losetup -e aes128 -p 0 -H rmd160 /dev/loop0 /dev/hde < /keyfile
                       ^^^^^^^^^                     ^

Above syntax uses single-key mode, which has been broken, and as such
is not recommended.

> What I am actually trying to head towards here eventually is accessing 
> these drives using dm-crypt. Are these even compatible?

dm-crypt is cryptoloop compatible. Current versions of dm-crypt and
cryptoloop are both broken and backdoored, and as such useless for securifty
needs.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Loop-AES
  - From: John Poirier

Prev by Date: $22331
Next by Date: MDaemon Notification -- Attachment Removed
Previous by thread: Loop-AES
Next by thread: $22331
Index(es):
- Date
- Thread