From linux-crypto-bounce@nl.linux.org Sat Feb 2 01:18:26 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:4043 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 01:18:04 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Feb 2002 01:17:08 +0100 (CET) Received: from smtp3.hushmail.com ([IPv6:::ffff:64.40.111.33]:10762 "EHLO smtp3.hushmail.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 01:16:51 +0100 Received: from mailserver4.hushmail.com (mailserver4.hushmail.com [64.40.111.27]) by smtp3.hushmail.com (Postfix) with ESMTP id 7DA4CF03B; Fri, 1 Feb 2002 16:14:30 -0800 (PST) Received: (from nobody@localhost) by mailserver4.hushmail.com (8.11.3/8.11.3) id g120EeI94397; Fri, 1 Feb 2002 16:14:40 -0800 (PST) (envelope-from mailerror@hushmail.com) Message-Id: <200202020014.g120EeI94397@mailserver4.hushmail.com> From: mailerror@hushmail.com To: linux-crypto@nl.linux.org Cc: Herbert Valerio Riedel Subject: RE: CryptoAPI problems Date: Fri, 1 Feb 2002 16:14:40 -0800 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mailerror@hushmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Recently I started to experience a problem mounting encrypted loopback filesystems, a problem very much like what Gabor Gludovatz has reported on this list before. What happens is that mount gives me the following error message when I run it on a loopback file: EXT2-fs error (device loop(7,1)): ext2_check_descriptors: Block bitmap for group 16 not in group (block 4162330020)! EXT2-fs: group descriptors corrupted ! mount: wrong fs type, bad option, bad superblock on /dev/loop1, or too many mounted file systems This happened with files that I had burned on cd/rw media - therefor I'm pretty sure the content of the files hasn't changed between the time where it did work and now. After burning them I copied them over to my harddrive again and tried to loopback them to make sure everything was still there. This worked fine. However, after I moved to a different machine I started to experience the abovementioned problem. I've experienced this with 3 different files now, so it seems like file corruption wouldn't be the problem. All these files were created using the 2.2.20 kernel with patch-int-2.2.18.3 applied. My system runs Debian, and when I moved to a different machine, instead of using Sid I started using Woody. The difference between the two is that Sid uses util-linux-2.11n4 whereas Woody has util-linux-2.11n2 - this seems to be the only package the would relate to the problem. The difference between these two versions of util-linux seems to be purely packaging-related, though. On both systems, I used the same kernel-image package (namely, the one I had compiled myself). The one thing I'm rather anxious to know is, is there still a way to retrieve the contents of these files? Will switching to 512byte IV calculations do me any good after I have formatted the filesystem and put data on it? thanks in advance! - - mailerror >On Wed, 2001-12-05 at 14:07, Stephen.Thompson@bmwfin.com wrote: >> I find that formatting it twice works. > >the reason of which btw has to do with soft blocksize; >(which get's changed when you mount it the first time, and then stays >that way when re-mkfs'ing...) > >I highly recommend to switch to 512byte IV calculation (which will >become the default for the int. patch) in order to avoid such problems.. > >regards, >-- >Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 >Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key >GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F >4142 - --------------------------------------------------------- The following message is Hushmail Advertising, boo! hiss! - --------------------------------------------------------- Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wl4EARECAB4FAjxbMA4XHG1haWxlcnJvckBodXNobWFpbC5jb20ACgkQb539PwJB5JNo 6wCgumLWIoEjQwCK63TefpkirL7p5awAnAhpIJZYGJxy2o3sDB8eGbPXNiQK =fOvV -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 2 01:31:01 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:33485 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 01:30:53 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Feb 2002 01:30:27 +0100 (CET) Received: from smtp3.hushmail.com ([IPv6:::ffff:64.40.111.33]:44554 "EHLO smtp3.hushmail.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 01:30:19 +0100 Received: from mailserver2.hushmail.com (mailserver2.hushmail.com [64.40.111.21]) by smtp3.hushmail.com (Postfix) with ESMTP id A2B6CF03B; Fri, 1 Feb 2002 16:27:59 -0800 (PST) Received: (from nobody@localhost) by mailserver2.hushmail.com (8.11.3/8.11.3) id g120URf23063; Fri, 1 Feb 2002 16:30:27 -0800 (PST) (envelope-from mailerror@hushmail.com) Message-Id: <200202020030.g120URf23063@mailserver2.hushmail.com> From: mailerror@hushmail.com To: linux-crypto@nl.linux.org Cc: Herbert Valerio Riedel Subject: RE: CryptoAPI problems Date: Fri, 1 Feb 2002 16:30:27 -0800 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mailerror@hushmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (Sorry for the last message, it doesn't wrap properly) Hello, Recently I started to experience a problem mounting encrypted loopback filesystems, a problem very much like what Gabor Gludovatz has reported on this list before. What happens is that mount gives me the following error message when I run it on a loopback file: EXT2-fs error (device loop(7,1)): ext2_check_descriptors: Block bitmap for group 16 not in group (block 4162330020)! EXT2-fs: group descriptors corrupted ! mount: wrong fs type, bad option, bad superblock on /dev/loop1, or too many mounted file systems This happened with files that I had burned on cd/rw media - therefor I'm pretty sure the content of the files hasn't changed between the time where it did work and now. After burning them I copied them over to my harddrive again and tried to loopback them to make sure everything was still there. This worked fine. However, after I moved to a different machine I started to experience the abovementioned problem. I've experienced this with 3 different files now, so it seems like file corruption wouldn't be the problem. All these files were created using the 2.2.20 kernel with patch-int-2.2.18.3 applied. My system runs Debian, and when I moved to a different machine, instead of using Sid I started using Woody. The difference between the two is that Sid uses util-linux-2.11n4 whereas Woody has util-linux-2.11n2 - this seems to be the only package the would relate to the problem. The difference between these two versions of util-linux seems to be purely packaging-related, though. On both systems, I used the same kernel-image package (namely, the one I had compiled myself). The one thing I'm rather anxious to know is, is there still a way to retrieve the contents of these files? Will switching to 512byte IV calculations do me any good after I have formatted the filesystem and put data on it? thanks in advance! - - mailerror >On Wed, 2001-12-05 at 14:07, Stephen.Thompson@bmwfin.com wrote: >> I find that formatting it twice works. > >the reason of which btw has to do with soft blocksize; >(which get's changed when you mount it the first time, and then stays >that way when re-mkfs'ing...) > >I highly recommend to switch to 512byte IV calculation (which will >become the default for the int. patch) in order to avoid such >problems.. > >regards, >-- >Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 >Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key >GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F >4142 - ---------------------------------------------------------- The following message is Hushmail Advertising, boo! hiss! - ---------------------------------------------------------- Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wl4EARECAB4FAjxbMzgXHG1haWxlcnJvckBodXNobWFpbC5jb20ACgkQb539PwJB5JNK IwCgpwpYftKINdJnySY4lFBPAzWea2wAn3JNxggQatr6+9KAxWHpQ+MdMJGo =4VIo -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 2 03:24:22 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:53733 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 03:24:15 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Feb 2002 03:23:35 +0100 (CET) Received: from smtp015.mail.yahoo.com ([IPv6:::ffff:216.136.173.59]:46601 "HELO smtp015.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Sat, 2 Feb 2002 03:23:23 +0100 Received: from d139.as0.trcy.mi.voyager.net (209.153.132.206) by smtp.mail.vip.sc5.yahoo.com with SMTP; 2 Feb 2002 02:23:15 -0000 Date: Sat, 2 Feb 2002 02:17:51 +0000 (GMT) From: "Ryan M. McConahy" X-X-Sender: sirnonya@brick To: linux-crypto@nl.linux.org Subject: Upgrading from 2.2.20 int'l crypto Message-ID: Organization: NONYA Inc. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jfanonymous@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi! I use the international crypto patch on 2.2.20, with relative block numbers enabled. The crypto was done through losetup, not mount. (I think it's cleaner, because then you can access it raw for debug, defrag, etc). Can I just grab 2.4.17 and the crypto patch (and the loop patch) and it'll work? Do I need a new util-linux? And what does the loop patch do? Thanks, Ryan M. McConahy _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 2 03:57:39 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:36841 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 03:57:28 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Feb 2002 03:57:01 +0100 (CET) Received: from anime.net ([IPv6:::ffff:63.172.78.150]:49627 "EHLO sasami.anime.net") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 03:56:43 +0100 Received: from localhost (goemon@localhost) by sasami.anime.net (8.11.6/8.11.6) with ESMTP id g122udK16078; Fri, 1 Feb 2002 18:56:39 -0800 Date: Fri, 1 Feb 2002 18:56:39 -0800 (PST) From: Dan Hollis To: "Ryan M. McConahy" cc: linux-crypto@nl.linux.org Subject: Re: Upgrading from 2.2.20 int'l crypto In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: goemon@anime.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Sat, 2 Feb 2002, Ryan M. McConahy wrote: > Hi! I use the international crypto patch on 2.2.20, with relative block > numbers enabled. The crypto was done through losetup, not mount. (I think > it's cleaner, because then you can access it raw for debug, defrag, etc). > Can I just grab 2.4.17 and the crypto patch (and the loop patch) and > it'll work? Do I need a new util-linux? And what does the loop patch > do? 2.4.x crypto is not backwards compatible with 2.2.x crypto. At least it didn't work for me :-( -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-] - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 2 14:23:56 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:56523 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 14:23:45 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Feb 2002 14:23:10 +0100 (CET) Received: from carbon.btinternet.com ([IPv6:::ffff:194.73.73.92]:59268 "EHLO carbon.btinternet.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Feb 2002 14:23:00 +0100 Received: from host217-35-34-236.in-addr.btopenworld.com ([217.35.34.236] helo=embolism) by carbon.btinternet.com with esmtp (Exim 3.22 #8) id 16X08B-0004eO-00; Sat, 02 Feb 2002 13:22:59 +0000 Received: from 127.0.0.1 by embolism ([127.0.0.1] running VPOP3) with SMTP; Sat, 2 Feb 2002 13:29:56 -0000 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sat, 2 Feb 2002 13:29 +0000 (GMT Standard Time) From: linux.crypto@charsley.com (Mark Charsley) Subject: Loop AES and linux 2.4.16 To: linux-crypto@nl.linux.org CC: linux.crypto@charsley.com Reply-To: linux.crypto@charsley.com Message-Id: X-Ameol-Version: 2.52.2000, Windows 98 4.10.2222 ( A ) X-Server: VPOP3 V1.5.0 - Registered X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: linux.crypto@charsley.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I had loop-AES 1.4e running fine with linux 2.4.8. I then upgraded my kernel to 2.4.16 to get ext3, and loop-AES stopped working. Upgrading to loop-AES 1.5b hasn't helped either. With 1.4e, everything builds OK, but running depmod -a gives depmod: *** Unresolved symbols in /lib/modules/2.4.16/block/loop.o and running "make tests" gives dd if=/dev/zero of=test-file1 bs=1024 count=10 10+0 records in 10+0 records out cp test-file1 test-file3 echo 12345678901234567890 | losetup -p 0 -e AES128 /dev/loop7 test-file1 ioctl: LOOP_SET_STATUS: Invalid argument presumably as a result of being unable to pull in a working loop.o module With 1.5b everything build OK, depmod is happy, but again running "make tests" gives the same error. The relevant bits out of /usr/src/linux/.config are CONFIG_MODULES=y CONFIG_MODVERSIONS=y CONFIG_KMOD=y # CONFIG_BLK_DEV_LOOP is not set Can someone help a baffled Windows C++ developer diagnose what he's doing wrong? Many TIA Mark - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Feb 3 00:43:58 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:425 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 3 Feb 2002 00:43:37 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 03 Feb 2002 00:43:10 +0100 (CET) Received: from hank-fep6-0.inet.fi ([IPv6:::ffff:194.251.242.201]:30917 "EHLO fep06.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Sun, 3 Feb 2002 00:42:57 +0100 Received: from pp.inet.fi ([194.197.67.39]) by fep06.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020202234251.FTBT19514.fep06.tmt.tele.fi@pp.inet.fi>; Sun, 3 Feb 2002 01:42:51 +0200 Message-ID: <3C5C7961.824B5688@pp.inet.fi> Date: Sun, 03 Feb 2002 01:42:25 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: linux.crypto@charsley.com CC: linux-crypto@nl.linux.org Subject: Re: Loop AES and linux 2.4.16 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Mark Charsley wrote: > I had loop-AES 1.4e running fine with linux 2.4.8. I then upgraded my > kernel to 2.4.16 to get ext3, and loop-AES stopped working. Upgrading to > loop-AES 1.5b hasn't helped either. > > With 1.4e, everything builds OK, but running depmod -a gives > > depmod: *** Unresolved symbols in /lib/modules/2.4.16/block/loop.o When you compiled kernel 2.4.16 did you do: make modules && make modules_install Also, try compiling loop.o like this: make LINUX_SOURCE=/path/to/your/kernel/source/dir Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Feb 5 00:36:05 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:203 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Feb 2002 00:35:55 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Feb 2002 00:35:09 +0100 (CET) Received: from host217-35-34-236.in-addr.btopenworld.com ([IPv6:::ffff:217.35.34.236]:27431 "EHLO embolism") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Feb 2002 00:34:50 +0100 Received: from 127.0.0.1 by embolism ([127.0.0.1] running VPOP3) with SMTP; Mon, 4 Feb 2002 23:41:32 -0000 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 4 Feb 2002 23:41 +0000 (GMT Standard Time) From: linux.crypto@charsley.com (Mark Charsley) Subject: Re: Loop AES and linux 2.4.16 To: linux-crypto@nl.linux.org CC: linux.crypto@charsley.com In-Reply-To: <3C5C7961.824B5688@pp.inet.fi> Reply-To: linux.crypto@charsley.com Message-Id: X-Ameol-Version: 2.52.2000, Windows 98 4.10.2222 ( A ) X-Server: VPOP3 V1.5.0 - Registered X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: linux.crypto@charsley.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > When you compiled kernel 2.4.16 did you do: > > make modules && make modules_install > > Also, try compiling loop.o like this: > > make LINUX_SOURCE=/path/to/your/kernel/source/dir Tried both of those. Of course when I do a step by step repeat, recording each command, it works perfectly. Murphy rules again... Thanks for your help. Mark - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 14 15:13:52 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:50661 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 14 Feb 2002 15:13:46 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 14 Feb 2002 15:13:15 +0100 (CET) Received: from web14902.mail.yahoo.com ([IPv6:::ffff:216.136.225.54]:24693 "HELO web14902.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Thu, 14 Feb 2002 15:12:59 +0100 Message-ID: <20020214141251.76113.qmail@web14902.mail.yahoo.com> Received: from [64.229.55.39] by web14902.mail.yahoo.com via HTTP; Thu, 14 Feb 2002 09:12:51 EST Date: Thu, 14 Feb 2002 09:12:51 -0500 (EST) From: Michael Zhu Subject: Loop Device on OpenBSD To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mylinuxk@yahoo.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello,everyone,is there some kind of loop device on OpenBSD? Just like that on Linux platform. I want to do disk en/decryption on OpenBSD platform. Thanks. Michael ______________________________________________________________________ Web-hosting solutions for home and business! http://website.yahoo.ca - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 14 15:56:04 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:52203 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 14 Feb 2002 15:55:46 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 14 Feb 2002 15:54:27 +0100 (CET) Received: from r220-1.rz.RWTH-Aachen.DE ([IPv6:::ffff:134.130.3.31]:44461 "EHLO r220-1.rz.RWTH-Aachen.DE") by humbolt.nl.linux.org with ESMTP id ; Thu, 14 Feb 2002 15:54:06 +0100 Received: from r220-1.rz.RWTH-Aachen.DE (relay2.RWTH-Aachen.DE [134.130.3.1]) by r220-1.rz.RWTH-Aachen.DE (8.10.1/8.11.3-2) with ESMTP id g1EEs3j20196 for ; Thu, 14 Feb 2002 15:54:03 +0100 (MET) Received: from emrl1.iwe.rwth-aachen.de (emrl1.iwe.RWTH-Aachen.DE [134.130.39.247]) by r220-1.rz.RWTH-Aachen.DE (8.10.1/8.11.3/6) with ESMTP id g1EEs2q20184 for ; Thu, 14 Feb 2002 15:54:03 +0100 (MET) Received: by emrl1.iwe.rwth-aachen.de with Internet Mail Service (5.5.2653.19) id <1Q0D1NTV>; Thu, 14 Feb 2002 15:51:54 +0100 Message-ID: From: "Bolten, Dierk" To: "'linux-crypto@nl.linux.org'" Subject: AW: Loop Device on OpenBSD Date: Thu, 14 Feb 2002 15:51:53 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bolten@IWE.RWTH-Aachen.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > Von: Michael Zhu [mailto:mylinuxk@yahoo.ca] > Gesendet: Thursday, February 14, 2002 3:13 PM > An: linux-crypto@nl.linux.org > Betreff: Loop Device on OpenBSD > > > Hello,everyone,is there some kind of loop device on > OpenBSD? Just like that on Linux platform. I want to > do disk en/decryption on OpenBSD platform. Thanks. > > Michael > Hi! Well, this might not be directly to the point, but you might wanna check out: Encrypting Virtual Memory (found at http://www.openbsd.org/crypto.html, all the way at the bottom of the page) Maybe a mail to the author of this paper might help. Cheers, Dierk Institute of Materials in Electrical Engineering and Information Technology II Sommerfeldstr. 24, 52074 Aachen NEW PHONE NUMBERS!!! voice: ++49-241-80 27822 fax: ++49-241-80 22300 email: bolten@iwe.rwth-aachen.de web: http://www.iwe.rwth-aachen.de - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 14 16:11:27 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:16769 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 14 Feb 2002 16:11:14 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 14 Feb 2002 16:11:08 +0100 (CET) Received: from mailhub.rommel.stw.uni-erlangen.de ([IPv6:::ffff:131.188.24.4]:3081 "HELO rommel.stw.uni-erlangen.de") by humbolt.nl.linux.org with SMTP id ; Thu, 14 Feb 2002 16:10:51 +0100 Received: (qmail 25676 invoked by uid 5192); 14 Feb 2002 15:10:50 -0000 Date: Thu, 14 Feb 2002 16:10:50 +0100 From: Hans-Joerg.Hoexer@yerbouti.franken.de To: linux-crypto@nl.linux.org Subject: Re: Loop Device on OpenBSD Message-ID: <20020214151050.GA30480@rommel.stw.uni-erlangen.de> References: <20020214141251.76113.qmail@web14902.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020214141251.76113.qmail@web14902.mail.yahoo.com> User-Agent: Mutt/1.3.25i X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Hans-Joerg.Hoexer@yerbouti.franken.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, On Thu, Feb 14, 2002 at 09:12:51AM -0500, Michael Zhu wrote: > Hello,everyone,is there some kind of loop device on > OpenBSD? Just like that on Linux platform. I want to > do disk en/decryption on OpenBSD platform. Thanks. see: http://www.openbsd.org/faq/faq14.html#MountImage http://www.openbsd.org/cgi-bin/man.cgi?query=vnd&sektion=4 http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8 Cheers, Hans - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Feb 17 20:38:59 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:55997 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 17 Feb 2002 20:38:44 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 17 Feb 2002 20:38:11 +0100 (CET) Received: from 24.197.176.59.dul.nc.chartermi.net ([IPv6:::ffff:24.197.176.59]:3200 "EHLO lain.leet.org") by humbolt.nl.linux.org with ESMTP id ; Sun, 17 Feb 2002 20:38:06 +0100 Received: (from chris@localhost) by lain.leet.org (8.11.2/8.11.2) id g1HJd9Z01340 for linux-crypto@nl.linux.org; Sun, 17 Feb 2002 13:39:09 -0600 X-Authentication-Warning: lain.leet.org: chris set sender to cschadl@satan.org.uk using -f Date: Sun, 17 Feb 2002 13:39:09 -0600 From: Chris Schadl To: linux-crypto@nl.linux.org Subject: Migrating from cryptoapi-2.4.7.0 to patch-int-2.4.17 Message-ID: <20020217133909.A1296@example.com> Reply-To: Chris Schadl Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Operating-System: Linux lain.leet.org 2.4.17 i686 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: cschadl@satan.org.uk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, I have a large amount of data which was encrypted via the old cryptoapi (2.4.7.0) modules. Since then, I've decided to try out the new international crypto patch. However, when I try to access my old cryptoapi data, I get the following error: [root@lain /]# mount -t iso9660 -o encryption=aes,loop /dev/cdrom /cdrom Available keysizes (bits): 128 192 256 Keysize: 192 Password : The cipher does not exist, or a cipher module needs to be loaded into the kernel ioctl: LOOP_SET_STATUS: Invalid argument I do have the cryptoloop and cipher-aes modules loaded. Is it going to be possible to access my old cryptoapi encrypted data with the new patch-int? -- Chris Schadl cschadl@satan.org.uk - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Feb 18 03:51:01 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:19336 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 18 Feb 2002 03:50:45 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 18 Feb 2002 03:50:31 +0100 (CET) Received: from 24.197.176.59.dul.nc.chartermi.net ([IPv6:::ffff:24.197.176.59]:20867 "EHLO lain.leet.org") by humbolt.nl.linux.org with ESMTP id ; Mon, 18 Feb 2002 03:50:12 +0100 Received: (from chris@localhost) by lain.leet.org (8.11.2/8.11.2) id g1I2pEP03644 for linux-crypto@nl.linux.org; Sun, 17 Feb 2002 20:51:14 -0600 X-Authentication-Warning: lain.leet.org: chris set sender to cschadl@satan.org.uk using -f Date: Sun, 17 Feb 2002 20:51:14 -0600 From: Chris Schadl To: linux-crypto@nl.linux.org Subject: Re: Migrating from cryptoapi-2.4.7.0 to patch-int-2.4.17 Message-ID: <20020217205114.A3601@example.com> Reply-To: Chris Schadl References: <20020217133909.A1296@example.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020217133909.A1296@example.com>; from cschadl@satan.org.uk on Sun, Feb 17, 2002 at 01:39:09PM -0600 X-Operating-System: Linux lain.leet.org 2.4.17 i686 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: cschadl@satan.org.uk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hmm, I just checked, and I get the same thing when trying to create a new encrypted filesystem: [root@lain /root]# dd if=/dev/urandom of=crypto-test bs=1M count=50 50+0 records in 50+0 records out [root@lain /root]# losetup -e aes -k 192 /dev/loop0 /root/crypto-test Password : The cipher does not exist, or a cipher module needs to be loaded into the kernel ioctl: LOOP_SET_STATUS: Invalid argument Here is what I have in /proc/crypto: [root@lain /root]# ls -R /proc/crypto/ /proc/crypto/: cipher digest /proc/crypto/cipher: aes-cbc aes-ecb blowfish-cbc blowfish-ecb serpent-cbc serpent-ecb /proc/crypto/digest: md5 sha1 Is there a problem with the util-linux patch I'm using? (I think that its version 2.11h) Or is this version of the patch just foobared? Chris Schadl [17/02/02 13:39 -0600]: > Hi, > > I have a large amount of data which was encrypted via the old cryptoapi > (2.4.7.0) modules. Since then, I've decided to try out the new international > crypto patch. However, when I try to access my old cryptoapi data, I get the > following error: > > [root@lain /]# mount -t iso9660 -o encryption=aes,loop /dev/cdrom /cdrom > Available keysizes (bits): 128 192 256 > Keysize: 192 > Password : > The cipher does not exist, or a cipher module needs to be loaded into the > kernel > ioctl: LOOP_SET_STATUS: Invalid argument > > I do have the cryptoloop and cipher-aes modules loaded. Is it going to be > possible to access my old cryptoapi encrypted data with the new patch-int? > > -- > Chris Schadl > cschadl@satan.org.uk > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > -- Chris Schadl cschadl@satan.org.uk - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Feb 18 17:55:22 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:44260 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 18 Feb 2002 17:55:16 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 18 Feb 2002 17:54:55 +0100 (CET) Received: from 213-98-126-44.uc.nombres.ttd.es ([IPv6:::ffff:213.98.126.44]:19592 "EHLO mitica.trasno.org") by humbolt.nl.linux.org with ESMTP id ; Mon, 18 Feb 2002 17:54:42 +0100 Received: by mitica.trasno.org (Postfix, from userid 501) id C4014AE5F; Mon, 18 Feb 2002 17:50:52 +0100 (CET) To: Chris Schadl Cc: linux-crypto@nl.linux.org Subject: Re: Migrating from cryptoapi-2.4.7.0 to patch-int-2.4.17 References: <20020217133909.A1296@example.com> <20020217205114.A3601@example.com> X-Url: http://www.lfcia.org/~quintela From: Juan Quintela In-Reply-To: <20020217205114.A3601@example.com> Date: 18 Feb 2002 17:50:52 +0100 Message-ID: Lines: 26 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: quintela@mandrakesoft.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org >>>>> "chris" == Chris Schadl writes: chris> Hmm, I just checked, and I get the same thing when trying to create a new chris> encrypted filesystem: chris> [root@lain /root]# dd if=/dev/urandom of=crypto-test bs=1M count=50 chris> 50+0 records in chris> 50+0 records out chris> [root@lain /root]# losetup -e aes -k 192 /dev/loop0 /root/crypto-test chris> Password : chris> The cipher does not exist, or a cipher module needs to be loaded into the chris> kernel chris> ioctl: LOOP_SET_STATUS: Invalid argument chris> Here is what I have in /proc/crypto: chris> [root@lain /root]# ls -R /proc/crypto/ chris> /proc/crypto/: chris> cipher digest I guess you need to also patch util-linux. Later, Juan. -- In theory, practice and theory are the same, but in practice they are different -- Larry McVoy - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Feb 18 21:12:11 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:141 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 18 Feb 2002 21:11:50 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 18 Feb 2002 21:09:34 +0100 (CET) Received: from 24.197.176.59.dul.nc.chartermi.net ([IPv6:::ffff:24.197.176.59]:34445 "EHLO lain.leet.org") by humbolt.nl.linux.org with ESMTP id ; Mon, 18 Feb 2002 21:09:16 +0100 Received: (from chris@localhost) by lain.leet.org (8.11.2/8.11.2) id g1IIt5B05632; Mon, 18 Feb 2002 12:55:05 -0600 X-Authentication-Warning: lain.leet.org: chris set sender to cschadl@satan.org.uk using -f Date: Mon, 18 Feb 2002 12:55:05 -0600 From: Chris Schadl To: Juan Quintela Cc: linux-crypto@nl.linux.org Subject: Re: Migrating from cryptoapi-2.4.7.0 to patch-int-2.4.17 Message-ID: <20020218125505.A5601@example.com> Reply-To: Chris Schadl References: <20020217133909.A1296@example.com> <20020217205114.A3601@example.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from quintela@mandrakesoft.com on Mon, Feb 18, 2002 at 05:50:52PM +0100 X-Operating-System: Linux lain.leet.org 2.4.17 i686 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: cschadl@satan.org.uk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I've already patched util-linux. I would find it rather creepy if losetup were asking me for a password and keysize if I hadn't patched it. Juan Quintela [18/02/02 17:50 +0100]: > >>>>> "chris" == Chris Schadl writes: > > chris> Hmm, I just checked, and I get the same thing when trying to create a new > chris> encrypted filesystem: > > chris> [root@lain /root]# dd if=/dev/urandom of=crypto-test bs=1M count=50 > chris> 50+0 records in > chris> 50+0 records out > chris> [root@lain /root]# losetup -e aes -k 192 /dev/loop0 /root/crypto-test > chris> Password : > chris> The cipher does not exist, or a cipher module needs to be loaded into the > chris> kernel > chris> ioctl: LOOP_SET_STATUS: Invalid argument > > chris> Here is what I have in /proc/crypto: > chris> [root@lain /root]# ls -R /proc/crypto/ > chris> /proc/crypto/: > chris> cipher digest > > I guess you need to also patch util-linux. > > Later, Juan. > > -- > In theory, practice and theory are the same, but in practice they > are different -- Larry McVoy > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > -- Chris Schadl cschadl@satan.org.uk - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 20 07:45:01 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:56803 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 07:44:53 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 20 Feb 2002 07:44:25 +0100 (CET) Received: from philos.philosys.de ([IPv6:::ffff:193.100.254.1]:49930 "EHLO mail.philosys.de") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 07:44:06 +0100 Received: (from eku@localhost) by mail.philosys.de (8.11.6/8.11.6) id g1K6j9Q03162 for linux-crypto@nl.linux.org; Wed, 20 Feb 2002 07:45:09 +0100 Date: Wed, 20 Feb 2002 07:45:09 +0100 From: Erik Kunze To: linux-crypto@nl.linux.org Subject: Crypted CDROMs Message-ID: <20020220074509.A2654@philos.philosys.de> Reply-To: Erik Kunze Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Erik.Kunze@philosys.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi all, I'd like to crypt CDROMs, but can't get it working with ISO9660. Any other filesystem does work! What I did: #> modprobe cryptoloop #> dd if=/dev/urandom of=/tmp/cryptfile bs=2048 count=333000 #> echo "my_passwort" | \ losetup -e aes --keybits 256 -p 0 /dev/loop1 /tmp/cryptfile #> mkisofs -v -r -o /dev/loop1 /home/backup #> mount -t iso9660 -o ro /dev/loop1 /mnt/cdrom mount: Falscher Dateisystemtyp, ungültige Optionen, der »Superblock« von /dev/loop1 ist beschädigt oder es sind zu viele Dateisysteme gemountet It doesn't recognise the filesystem as a valid ISO9660 filesystem. If I use ext2 or reiserfs anything is fine. In my next test I use the loop device again, this time without the chipper: #> losetup /dev/loop1 /tmp/cryptfile #> mkisofs -v -r -o /dev/loop1 /home/backup #> mount -t iso9660 -o ro /dev/loop1 /mnt/cdrom So what's wrong with ISO9660 on crypted files? Is this a fault of mkisofs, cryptoapi or the filesystem driver? -- Dipl.-Ing. Erik Kunze Phone: +49 - 89 - 32 14 07 41 PHILOSYS Software GmbH Fax: +49 - 89 - 32 14 07 12 Edisonstr. 6 Email: Erik.Kunze@philosys.de D-85716 Unterschleissheim WWW: www.philosys.de/~kunze PGP-Key: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xD5759581 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 20 09:37:56 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:35968 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 09:37:49 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 20 Feb 2002 09:37:39 +0100 (CET) Received: from [IPv6:::ffff:193.123.234.158] ([IPv6:::ffff:193.123.234.158]:49930 "EHLO madcow.cryp.to") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 09:37:27 +0100 Received: from janus.cryp.to (212-84-219-044.trmd.net [212.84.219.44]) by madcow.cryp.to with ESMTP id g1K8bNiQ023408; Wed, 20 Feb 2002 09:37:24 +0100 Received: from janus.cryp.to (localhost [127.0.0.1]) by janus.cryp.to with ESMTP id g1K8c6Nc030587; Wed, 20 Feb 2002 09:38:06 +0100 Received: (from simons@localhost) by janus.cryp.to id g1K8c5F1030584; Wed, 20 Feb 2002 09:38:05 +0100 Date: Wed, 20 Feb 2002 09:38:05 +0100 Message-Id: <200202200838.g1K8c5F1030584@janus.cryp.to> From: simons@cryp.to (Peter Simons) To: Erik.Kunze@philosys.de CC: linux-crypto@nl.linux.org In-reply-to: message from Erik Kunze on Wed, 20 Feb 2002 07:45:09 +0100 Subject: Re: Crypted CDROMs X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: simons@cryp.to Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Erik Kunze writes: > I'd like to crypt CDROMs, but can't get it working with ISO9660. (1) Create an ISO image just the same way you'd do for a normal unencrypted CD-ROM, say, "/tmp/test.img". (2) losetup /dev/loop0 /tmp/test.img (3) losetup -e aes /dev/loop1 /tmp/test.img (4) dd if=/dev/loop0 of=/dev/loop1 bs=1M (5) losetup -d /dev/loop0 && losetup -d /dev/loop1 (6) mount -o encryption=aes,ro /tmp/test.img There you are. -peter - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 20 18:40:38 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:48310 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 18:40:24 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 20 Feb 2002 18:40:12 +0100 (CET) Received: from petkele.almamedia.fi ([IPv6:::ffff:194.215.205.158]:41432 "HELO petkele.almamedia.fi") by humbolt.nl.linux.org with SMTP id ; Wed, 20 Feb 2002 18:39:51 +0100 Received: (qmail 329 invoked from network); 20 Feb 2002 17:39:39 -0000 Received: from dyn-k-110.yhteys.mtv3.fi (HELO pp.inet.fi) (62.236.235.110) by petkele.almamedia.fi with SMTP; 20 Feb 2002 17:39:39 -0000 Message-ID: <3C73DF2A.63ADEB8D@pp.inet.fi> Date: Wed, 20 Feb 2002 19:38:50 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Erik Kunze CC: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs References: <20020220074509.A2654@philos.philosys.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Erik Kunze wrote: > I'd like to crypt CDROMs, but can't get it working with ISO9660. Any other > filesystem does work! [snip] > So what's wrong with ISO9660 on crypted files? Is this a fault of mkisofs, > cryptoapi or the filesystem driver? This is result of block-size-IV-syndrome, also called "time bomb" IV, where IV computation depends on block size of underlying device. All international crypto patches have that bug, and all cryptoapi versions that don't do 512 byte IV are also broken. Anyone using such broken stuff voluntarily is just being crazy. This has been discussed on this list, just search the archives for more info. I wish that people responsible for such fuck-up would have the balls to admit it and at least warn people to not use such broken versions. All non-international-crypto-patch and non-cryptoapi versions of loop encryption that I am aware of (ppdd, SuSE kernel twofish, Ingo Rohloff's loop crypto, loop-AES, Mandrake kernel AES) do IV computation correctly using 512 byte units. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 20 21:04:00 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:47560 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 21:03:43 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 20 Feb 2002 21:03:35 +0100 (CET) Received: from posti2.jyu.fi ([IPv6:::ffff:130.234.4.33]:1108 "EHLO posti2.jyu.fi") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 21:03:24 +0100 Received: from tukki.cc.jyu.fi (tukki.cc.jyu.fi [130.234.4.100]) by posti2.jyu.fi (8.11.3/8.11.3/antispam) with ESMTP id g1KK3LW28404; Wed, 20 Feb 2002 22:03:21 +0200 (EET) Received: from localhost (jaa@localhost) by tukki.cc.jyu.fi (8.10.2+Sun/8.10.2) with ESMTP id g1KK3Mx29203; Wed, 20 Feb 2002 22:03:22 +0200 (EET) X-Authentication-Warning: tukki.cc.jyu.fi: jaa owned process doing -bs Date: Wed, 20 Feb 2002 22:03:22 +0200 (EET) From: Jani Averbach To: cc: Subject: ext3 + loop + journaling In-Reply-To: <3C73DF2A.63ADEB8D@pp.inet.fi> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jaa@cc.jyu.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org [ If this is explained somewhere else (HOWTO or FAQ), please give me a pointer. ] Is there any way to mix loop-device (and in particular) loop-AES and ext3 together in data journaling mode? Ie. bottom -> to -> top ext3 - loop-AES - ext3 raw - loop-AES - ext3 Or am I shooting myself to leg, I am? BR, Jani -- Jani Averbach - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 20 23:23:13 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:39127 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 23:23:00 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 20 Feb 2002 23:22:38 +0100 (CET) Received: from 24.197.176.59.dul.nc.chartermi.net ([IPv6:::ffff:24.197.176.59]:30364 "EHLO lain.leet.org") by humbolt.nl.linux.org with ESMTP id ; Wed, 20 Feb 2002 23:22:29 +0100 Received: (from chris@localhost) by lain.leet.org (8.11.2/8.11.2) id g1KMNFY09706 for linux-crypto@nl.linux.org; Wed, 20 Feb 2002 16:23:15 -0600 X-Authentication-Warning: lain.leet.org: chris set sender to cschadl@satan.org.uk using -f Date: Wed, 20 Feb 2002 16:23:15 -0600 From: Chris Schadl To: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs Message-ID: <20020220162315.A9696@example.com> Reply-To: Chris Schadl References: <20020220074509.A2654@philos.philosys.de> <3C73DF2A.63ADEB8D@pp.inet.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C73DF2A.63ADEB8D@pp.inet.fi>; from jari.ruusu@pp.inet.fi on Wed, Feb 20, 2002 at 07:38:50PM +0200 X-Operating-System: Linux lain.leet.org 2.4.17 i686 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: cschadl@satan.org.uk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I don't think that the most recent version of cryptoapi (2.4.7.0) has this particular problem. I've used it to make quite a few encrypted ISO images with out any trouble. Jari Ruusu [20/02/02 19:38 +0200]: > Erik Kunze wrote: > > I'd like to crypt CDROMs, but can't get it working with ISO9660. Any other > > filesystem does work! > [snip] > > So what's wrong with ISO9660 on crypted files? Is this a fault of mkisofs, > > cryptoapi or the filesystem driver? > > This is result of block-size-IV-syndrome, also called "time bomb" IV, where > IV computation depends on block size of underlying device. All international > crypto patches have that bug, and all cryptoapi versions that don't do 512 > byte IV are also broken. Anyone using such broken stuff voluntarily is just > being crazy. This has been discussed on this list, just search the archives > for more info. I wish that people responsible for such fuck-up would have > the balls to admit it and at least warn people to not use such broken > versions. > > All non-international-crypto-patch and non-cryptoapi versions of loop > encryption that I am aware of (ppdd, SuSE kernel twofish, Ingo Rohloff's > loop crypto, loop-AES, Mandrake kernel AES) do IV computation correctly > using 512 byte units. > > Regards, > Jari Ruusu > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > -- Chris Schadl cschadl@satan.org.uk - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 21 00:05:33 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:52444 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 00:05:23 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 21 Feb 2002 00:05:15 +0100 (CET) Received: from smtp016.mail.yahoo.com ([IPv6:::ffff:216.136.174.113]:56839 "HELO smtp016.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Thu, 21 Feb 2002 00:05:01 +0100 Received: from d158.as0.trcy.mi.voyager.net (216.93.108.19) by smtp.mail.vip.sc5.yahoo.com with SMTP; 20 Feb 2002 23:04:58 -0000 Date: Wed, 20 Feb 2002 22:59:24 +0000 (GMT) From: "Ryan M. McConahy" X-X-Sender: sirnonya@brick.hn.org To: linux-crypto@nl.linux.org Subject: Wiping free space on encrypted filesystem. Message-ID: Organization: NONYA Inc. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jfanonymous@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Right now, I'm creating a large encrypted filesystem (2gig, maybe I'll downsize to 1). I am doing "dd if=/dev/urandom". When this is done, I'll probably use 3DES-ede. Would it help/hurt to, on the mounted fs, do a "dd if=/dev/urandom of=/cryptdisk/freespacewipefile"? Thanks, Ryan BTW: Does anyone know if 2.2 crypto can work under 2.4? _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 21 06:05:26 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:8350 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 06:05:11 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 21 Feb 2002 06:04:50 +0100 (CET) Received: from petkele.almamedia.fi ([IPv6:::ffff:194.215.205.158]:5509 "HELO petkele.almamedia.fi") by humbolt.nl.linux.org with SMTP id ; Thu, 21 Feb 2002 06:04:35 +0100 Received: (qmail 11810 invoked from network); 21 Feb 2002 05:04:32 -0000 Received: from dyn-q-227.yhteys.mtv3.fi (HELO pp.inet.fi) (62.237.17.227) by petkele.almamedia.fi with SMTP; 21 Feb 2002 05:04:32 -0000 Message-ID: <3C747FB5.E86A9A65@pp.inet.fi> Date: Thu, 21 Feb 2002 07:03:49 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Jani Averbach CC: ext3-users@redhat.com, linux-crypto@nl.linux.org Subject: Re: ext3 + loop + journaling References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Jani Averbach wrote: > Is there any way to mix loop-device (and in particular) loop-AES and ext3 > together in data journaling mode? Device backed loops (ext3 -> loop -> device) don't have issues with ext3 or any other journaled filesystems. However, if loop is file backed (ext3 -> loop -> ext3 -> device), the underlying file system must be mounted data=journal or data=ordered. If underlying filesystem is mounted data=writeback or if it is plain old ext2, write ordering expectation by journaled filesystem (ext3, reiserfs, jfs, xfs, or whatever) on top of loop driver is not guaranteed, and journal replay may corrupt data. Use of non-journaled file systems on top of file backed loop don't have above mentioned write ordering issues, as they must be repaired using fsck, not by replaying journal. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 21 06:07:06 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:63391 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 06:06:49 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 21 Feb 2002 06:06:44 +0100 (CET) Received: from petkele.almamedia.fi ([IPv6:::ffff:194.215.205.158]:8581 "HELO petkele.almamedia.fi") by humbolt.nl.linux.org with SMTP id ; Thu, 21 Feb 2002 06:06:02 +0100 Received: (qmail 11857 invoked from network); 21 Feb 2002 05:05:59 -0000 Received: from dyn-q-227.yhteys.mtv3.fi (HELO pp.inet.fi) (62.237.17.227) by petkele.almamedia.fi with SMTP; 21 Feb 2002 05:05:59 -0000 Message-ID: <3C74800D.D92D9B11@pp.inet.fi> Date: Thu, 21 Feb 2002 07:05:17 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: "Ryan M. McConahy" CC: linux-crypto@nl.linux.org Subject: Re: Wiping free space on encrypted filesystem. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org "Ryan M. McConahy" wrote: > Right now, I'm creating a large encrypted filesystem (2gig, maybe I'll > downsize to 1). I am doing "dd if=/dev/urandom". When this is done, I'll > probably use 3DES-ede. Would it help/hurt to, on the mounted fs, do a "dd > if=/dev/urandom of=/cryptdisk/freespacewipefile"? /dev/urandom is painfully slow. A much faster alternative is to setup a loop with a random (and unknown) key, and then write zeroes to the loop device. This example is from loop-AES' README file: dd if=/dev/urandom bs=15 count=1 2>/dev/null | uuencode -m - \ | head -2 | tail -1 | losetup -p 0 -e AES128 /dev/loop2 /dev/hda666 dd if=/dev/zero of=/dev/loop2 bs=4k conv=notrunc 2>/dev/null losetup -d /dev/loop2 And then setup and initialize the loop with your _real_ key. > BTW: Does anyone know if 2.2 crypto can work under 2.4? Yes, if you use loop-AES. No, if you use cryptoapi. Use of 3DES-ede implies that you actually may enjoy slow crypto. If that is the case, just stick to cryptoapi as it comes standard with bloat and slow design. If you want speed and compatibility with all maintained stable kernels (2.4.x 2.2.x 2.0.x), including distro vendor enhanced kernels, loop-AES is a better choice. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 21 14:16:09 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:18921 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 14:15:58 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 21 Feb 2002 14:15:30 +0100 (CET) Received: from mgw-x2.nokia.com ([IPv6:::ffff:131.228.20.22]:27536 "EHLO mgw-x2.nokia.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 11:07:08 +0100 Received: from esvir03nok.nokia.com (esvir03nokt.ntc.nokia.com [172.21.143.35]) by mgw-x2.nokia.com (Switch-2.1.0/Switch-2.1.0) with ESMTP id g1LA7GZ10134 for ; Thu, 21 Feb 2002 12:07:16 +0200 (EET) Received: from esebh003.NOE.Nokia.com (unverified) by esvir03nok.nokia.com (Content Technologies SMTPRS 4.2.5) with ESMTP id ; Thu, 21 Feb 2002 12:07:07 +0200 Received: from es-adsl-soho-30-186.europe.nokia.com ([10.64.30.186]) by esebh003.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.3779); Thu, 21 Feb 2002 12:07:06 +0200 Received: (from pmatilai@localhost) by es-adsl-soho-30-186.europe.nokia.com (8.11.6/8.11.6) id g1LA72O08579; Thu, 21 Feb 2002 12:07:02 +0200 X-Authentication-Warning: es-adsl-soho-30-186.europe.nokia.com: pmatilai set sender to panu.matilainen@nokia.com using -f Subject: Re: Wiping free space on encrypted filesystem. From: Panu Matilainen To: ext Jari Ruusu Cc: "Ryan M. McConahy" , linux-crypto@nl.linux.org In-Reply-To: <3C74800D.D92D9B11@pp.inet.fi> References: <3C74800D.D92D9B11@pp.inet.fi> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 (1.0.2-1.Linox) Date: 21 Feb 2002 12:07:02 +0200 Message-Id: <1014286022.7882.23.camel@es-adsl-soho-30-186.europe.nokia.com> Mime-Version: 1.0 X-OriginalArrivalTime: 21 Feb 2002 10:07:06.0624 (UTC) FILETIME=[846B7800:01C1BABF] X-Approved-By: riel@nl.linux.org X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: panu.matilainen@nokia.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Thu, 2002-02-21 at 07:05, ext Jari Ruusu wrote: > > > BTW: Does anyone know if 2.2 crypto can work under 2.4? > > Yes, if you use loop-AES. > No, if you use cryptoapi. FWIW ppdd is also compatible between 2.2 and 2.4. - Panu - - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 21 14:37:40 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:42637 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 14:37:23 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 21 Feb 2002 14:37:13 +0100 (CET) Received: from philos.philosys.de ([IPv6:::ffff:193.100.254.1]:6662 "EHLO mail.philosys.de") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 14:37:01 +0100 Received: (from eku@localhost) by mail.philosys.de (8.11.6/8.11.6) id g1LDcBq28975 for linux-crypto@nl.linux.org; Thu, 21 Feb 2002 14:38:11 +0100 Resent-Message-Id: <200202211338.g1LDcBq28975@mail.philosys.de> Date: Thu, 21 Feb 2002 07:46:17 +0100 From: Erik Kunze To: Chris Schadl Subject: Re: Crypted CDROMs Message-ID: <20020221074617.A7773@philos.philosys.de> Reply-To: Erik Kunze References: <20020220074509.A2654@philos.philosys.de> <3C73DF2A.63ADEB8D@pp.inet.fi> <20020220162315.A9696@example.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020220162315.A9696@example.com>; from cschadl@satan.org.uk on Wed, Feb 20, 2002 at 04:23:15PM -0600 Resent-From: Erik.Kunze@philosys.de Resent-Date: Thu, 21 Feb 2002 14:38:11 +0100 Resent-To: linux-crypto@nl.linux.org X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Erik.Kunze@philosys.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi Chris, * Chris Schadl [020220 23:23]: > > I don't think that the most recent version of cryptoapi (2.4.7.0) has this > particular problem. I've used it to make quite a few encrypted ISO images > with out any trouble. And how did you do the encryption. Would you please give us an example (command sequence, script). -- Dipl.-Ing. Erik Kunze Phone: +49 - 89 - 32 14 07 41 PHILOSYS Software GmbH Fax: +49 - 89 - 32 14 07 12 Edisonstr. 6 Email: Erik.Kunze@philosys.de D-85716 Unterschleissheim WWW: www.philosys.de/~kunze PGP-Key: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xD5759581 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 21 16:58:03 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:36295 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 16:57:50 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 21 Feb 2002 16:57:36 +0100 (CET) Received: from 24.197.176.59.dul.nc.chartermi.net ([IPv6:::ffff:24.197.176.59]:39584 "EHLO lain.leet.org") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 16:57:22 +0100 Received: (from chris@localhost) by lain.leet.org (8.11.2/8.11.2) id g1LFvig10669; Thu, 21 Feb 2002 09:57:44 -0600 X-Authentication-Warning: lain.leet.org: chris set sender to cschadl@satan.org.uk using -f Date: Thu, 21 Feb 2002 09:57:44 -0600 From: Chris Schadl To: Erik Kunze Cc: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs Message-ID: <20020221095744.A10625@example.com> Reply-To: Chris Schadl References: <20020220074509.A2654@philos.philosys.de> <3C73DF2A.63ADEB8D@pp.inet.fi> <20020220162315.A9696@example.com> <20020221074617.A7773@philos.philosys.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020221074617.A7773@philos.philosys.de>; from Erik.Kunze@philosys.de on Thu, Feb 21, 2002 at 07:46:17AM +0100 X-Operating-System: Linux lain.leet.org 2.4.17 i686 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: cschadl@satan.org.uk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org # dd if=/dev/urandom of=~/crypto.iso bs=1M count=650 # losetup -e aes -k 192 /dev/loop0 ~/crypto.iso # mkisofs -r /stuff/SUPAR-SECRET-STUFF/ >/dev/loop0 # losetup -d /dev/loop0 Then you should be able to mount the encrypted iso image, or burn it to a CD-ROM. Erik Kunze [21/02/02 07:46 +0100]: > Hi Chris, > > * Chris Schadl [020220 23:23]: > > > > I don't think that the most recent version of cryptoapi (2.4.7.0) has this > > particular problem. I've used it to make quite a few encrypted ISO images > > with out any trouble. > > And how did you do the encryption. Would you please give us an example > (command sequence, script). > > -- > Dipl.-Ing. Erik Kunze Phone: +49 - 89 - 32 14 07 41 > PHILOSYS Software GmbH Fax: +49 - 89 - 32 14 07 12 > Edisonstr. 6 Email: Erik.Kunze@philosys.de > D-85716 Unterschleissheim WWW: www.philosys.de/~kunze > > PGP-Key: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xD5759581 -- Chris Schadl cschadl@satan.org.uk - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 21 17:35:47 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:11214 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 17:35:40 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 21 Feb 2002 17:35:29 +0100 (CET) Received: from outmail-1.caramail.com ([IPv6:::ffff:213.193.12.65]:12709 "EHLO outmail-1.caramail.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 17:35:16 +0100 Received: from firemail.de (newwww-25.caramail.com [213.193.12.35]) by outmail-1.caramail.com (8.8.8/8.8.8) with SMTP id RAA07833 for linux-crypto@nl.linux.org; Thu, 21 Feb 2002 17:35:16 +0100 (MET) Posted-Date: Thu, 21 Feb 2002 17:35:16 +0100 (MET) From: Andreas Schreier To: linux-crypto@nl.linux.org Message-ID: <1014309315003578@firemail.de> X-Mailer: Caramail - www.caramail.com X-Originating-IP: [80.133.181.69] Mime-Version: 1.0 Subject: Recovering a loop-AES encrypted root partition Content-Type: multipart/mixed; boundary="=_NextPart_Caramail_0035781014309315_ID" Date: Thu, 21 Feb 2002 17:35:16 +0100 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: a_schreier@firemail.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0035781014309315_ID Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have deleted a loop-AES encrypted root partition by entering this command: mkfs.ext2 /dev/hda6 Afterwards all I typed was: mount /dev/hda6 /mnt ls /mnt ls /mnt/lost+found umount /mnt I haven't written any data on the partition. Is there a way to recover this partition? Regards Andreas ______________________________________________________ =DCber 1 Mio. Angebote - Startpreis Euro 1,- http://www.fireball.de/ebay.html --=_NextPart_Caramail_0035781014309315_ID-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 21 18:23:47 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:28123 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 18:23:36 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 21 Feb 2002 18:23:20 +0100 (CET) Received: from modemcable031.79-202-24.mtl.mc.videotron.ca ([IPv6:::ffff:24.202.79.31]:39568 "EHLO uglyduck.ath.cx") by humbolt.nl.linux.org with ESMTP id ; Thu, 21 Feb 2002 18:23:10 +0100 Received: by uglyduck.ath.cx (Postfix, from userid 500) id B7924BD03D; Thu, 21 Feb 2002 12:02:03 -0500 (EST) Date: Thu, 21 Feb 2002 12:02:03 -0500 From: Emil To: linux-crypto@nl.linux.org Subject: Re: Recovering a loop-AES encrypted root partition Message-ID: <20020221170203.GA29412@localhost> Reply-To: el@la.mine.nu References: <1014309315003578@firemail.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1014309315003578@firemail.de> User-Agent: Mutt/1.3.26i X-Operating-System: Linux hal 2.4.17 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: el@la.mine.nu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On 21 February 2002, Andreas Schreier wrote: > I have deleted a loop-AES encrypted root partition by > entering this command: > mkfs.ext2 /dev/hda6 > I haven't written any data on the partition. Is there a > way to recover this partition? Supposing you've used the same mkfs.ext2 command without any parameters when you first formated the encrypted partition, all superblocks and inode blocks are now scrambled because they've been overwritten with the new format command (those blocks have been written to the same offsets in the partition). Since all inode information is gone the best you can do is losetup -e AES /dev/loop5 /dev/hda6 and then manually extract intact blocks from /dev/loop5 (using dd with skip= for example) -- Regards, Emil -- Use PGP ! -> lynx -dump http://la.mine.nu/~emil/pgpemil.html | pgp -kaf - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 00:42:24 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:29109 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 00:42:07 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 00:41:47 +0100 (CET) Received: from modemcable031.79-202-24.mtl.mc.videotron.ca ([IPv6:::ffff:24.202.79.31]:15761 "EHLO uglyduck.ath.cx") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 00:41:31 +0100 Received: by uglyduck.ath.cx (Postfix, from userid 500) id 8998FBD03D; Thu, 21 Feb 2002 18:41:17 -0500 (EST) Date: Thu, 21 Feb 2002 18:41:17 -0500 From: Emil To: linux-crypto@nl.linux.org Cc: Andreas Schreier Subject: Re: Recovering a loop-AES encrypted root partition Message-ID: <20020221234117.GA22595@localhost> Reply-To: el@la.mine.nu References: <1014326881021300@firemail.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1014326881021300@firemail.de> User-Agent: Mutt/1.3.26i X-Operating-System: Linux hal 2.4.17 X-Degrees: CLE (Certified Linux Enthusiast) X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: el@la.mine.nu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On 21 February 2002, Andreas Schreier wrote: > How can I find out which blocks are intact and which are not > intact? Does the filename and directory of the file I want > to recover help? Thanks a lot for your help. I had no idea > how to cope with the situation but you give me some hope! If you didn't do any other operation on your partition (as you said in your post) then ALL the data blocks are intact. The problem is that you won't be able to tell which is a used block and which is not; neither can you tell to what file belonged each of the blocks or the file names and sizes. The only way to recover that data is to manually examine the content of each block. Of course you could use "grep" to find specific strings in your blocks (or other tools). If I would be in your place I would run the following script: (of course after you've provided the right password to losetup) ---- #!/bin/sh I=0 while [ 1 ]; do dd if=/dev/loop5 of=$I.blk bs=1024 count=1 skip=$I 2>&1 | grep -q "1+0" || break; I=$((I+1)); done ---- This will create a file for each block with the block number as the file name. If your partition is big is a good idea to complicate the script and put only a limited number of files per directory. Blocks in a file tend to be consecutive so you might be able to recover at least all your text files (use cat to join the blocks together). The size of the recovered files will be however multiple of 1k and you'll need to load them in an editor and cut the garbage from the end. -- Regards, Emil -- UNIX is user friendly. It's just picky about who its friends are. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 04:57:38 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:61582 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 04:57:21 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 04:57:09 +0100 (CET) Received: from mta02bw.bigpond.com ([IPv6:::ffff:139.134.6.34]:9181 "EHLO mta02bw.bigpond.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 04:56:37 +0100 Received: from there ([144.135.24.81]) by mta02bw.bigpond.com (Netscape Messaging Server 4.15) with SMTP id GRX1LK00.AKF; Fri, 22 Feb 2002 13:56:08 +1000 Received: from CPE-144-132-71-99.vic.bigpond.net.au ([144.132.71.99]) by bwmam05.mailsvc.email.bigpond.com(MailRouter V3.0i 38/1487288); 22 Feb 2002 13:55:56 Content-Type: text/plain; charset="iso-8859-1" From: Justin To: el@la.mine.nu, linux-crypto@nl.linux.org Subject: Re: Recovering a loop-AES encrypted root partition Date: Fri, 22 Feb 2002 14:47:59 +1100 X-Mailer: KMail [version 1.3.2] Cc: Andreas Schreier References: <1014326881021300@firemail.de> <20020221234117.GA22595@localhost> In-Reply-To: <20020221234117.GA22595@localhost> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020222035646Z16235-23734+98@humbolt.nl.linux.org> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: aa2@bigpond.net.au Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi Andreas Using "The Coroners Toolkit" on the encrypted device might also help you, but it's a long shot : http://www.porcupine.org/forensics/tct.html You use it for recovering information, generally after remote break-ins, but it could be useful here too. Regards and best wishes, Justin Clift On Friday 22 February 2002 10:41, Emil wrote: > On 21 February 2002, Andreas Schreier wrote: > > How can I find out which blocks are intact and which are not > > intact? Does the filename and directory of the file I want > > to recover help? Thanks a lot for your help. I had no idea > > how to cope with the situation but you give me some hope! > > If you didn't do any other operation on your partition (as you > said in your post) then ALL the data blocks are intact. > The problem is that you won't be able to tell which is a > used block and which is not; neither can you tell to what > file belonged each of the blocks or the file names and sizes. > The only way to recover that data is to manually examine the content > of each block. Of course you could use "grep" to find specific > strings in your blocks (or other tools). > > If I would be in your place I would run the following script: > (of course after you've provided the right password to losetup) > ---- > #!/bin/sh > > I=0 > while [ 1 ]; do > dd if=/dev/loop5 of=$I.blk bs=1024 count=1 skip=$I 2>&1 | grep -q "1+0" > || break; I=$((I+1)); > done > ---- > This will create a file for each block with the block number as the > file name. If your partition is big is a good idea to complicate > the script and put only a limited number of files per directory. > > Blocks in a file tend to be consecutive so you might be able to recover at > least all your text files (use cat to join the blocks together). The size > of the recovered files will be however multiple of 1k and you'll need to > load them in an editor and cut the garbage from the end. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 11:12:21 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:30424 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 11:12:07 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 11:11:54 +0100 (CET) Received: from c000-h008.c000.snv.cp.net ([IPv6:::ffff:209.228.32.72]:5070 "HELO c000.snv.cp.net") by humbolt.nl.linux.org with SMTP id convert rfc822-to-8bit; Fri, 22 Feb 2002 11:11:40 +0100 Received: (cpmta 27136 invoked from network); 22 Feb 2002 02:11:37 -0800 Received: from 129.70.24.67 (HELO dirichlet.mathematik.uni-bielefeld.de) by smtp.mutz.com (209.228.32.72) with SMTP; 22 Feb 2002 02:11:37 -0800 X-Sent: 22 Feb 2002 10:11:37 GMT Content-Type: text/plain; charset="us-ascii" From: Marc Mutz To: Panu Matilainen , ext Jari Ruusu Subject: Re: Wiping free space on encrypted filesystem. Date: Thu, 21 Feb 2002 17:41:02 +0100 X-Mailer: KMail [version 1.3.9] Cc: "Ryan M. McConahy" , linux-crypto@nl.linux.org References: <3C74800D.D92D9B11@pp.inet.fi> <1014286022.7882.23.camel@es-adsl-soho-30-186.europe.nokia.com> In-Reply-To: <1014286022.7882.23.camel@es-adsl-soho-30-186.europe.nokia.com> X-PGP-Key: 0xBDBFE838 MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Message-Id: <200202211741.04169@sendmail.mutz.com> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Marc@Mutz.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 21 February 2002 11:07, Panu Matilainen wrote: > > Yes, if you use loop-AES. > > No, if you use cryptoapi. > > FWIW ppdd is also compatible between 2.2 and 2.4. And the 2.4 version uses CryptoAPI :-P Marc - -- Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8dSMe3oWD+L2/6DgRAkoHAJ9P0gr/FLTesNEHmnpuu5vSJE1F8wCfer84 lU13ELS3nN+XfjHAzZaRSNE= =jsKm -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 11:29:50 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:33243 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 11:29:47 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 11:29:42 +0100 (CET) Received: from philos.philosys.de ([IPv6:::ffff:193.100.254.1]:14603 "EHLO mail.philosys.de") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 11:29:33 +0100 Received: (from eku@localhost) by mail.philosys.de (8.11.6/8.11.6) id g1MAUiW22701 for linux-crypto@nl.linux.org; Fri, 22 Feb 2002 11:30:44 +0100 Date: Fri, 22 Feb 2002 11:30:44 +0100 From: Erik Kunze To: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs Message-ID: <20020222113044.A22441@philos.philosys.de> Reply-To: Erik Kunze References: <20020220074509.A2654@philos.philosys.de> <3C73DF2A.63ADEB8D@pp.inet.fi> <20020220162315.A9696@example.com> <20020221074617.A7773@philos.philosys.de> <20020221095744.A10625@example.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020221095744.A10625@example.com>; from cschadl@satan.org.uk on Thu, Feb 21, 2002 at 09:57:44AM -0600 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Erik.Kunze@philosys.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org * Chris Schadl [020221 16:57]: > Date: Thu, 21 Feb 2002 09:57:44 -0600 > From: Chris Schadl > Subject: Re: Crypted CDROMs > > # dd if=/dev/urandom of=~/crypto.iso bs=1M count=650 > # losetup -e aes -k 192 /dev/loop0 ~/crypto.iso > # mkisofs -r /stuff/SUPAR-SECRET-STUFF/ >/dev/loop0 > # losetup -d /dev/loop0 > > Then you should be able to mount the encrypted iso image, or burn it to a > CD-ROM. That's how I did! Please read my initial posting! Mounting of the image fails. I haven't tried to burn the image and mount the CDROM. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 12:41:29 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:17385 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 12:41:19 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 12:41:12 +0100 (CET) Received: from smtp02.web.de ([IPv6:::ffff:217.72.192.151]:51472 "EHLO smtp.web.de") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 12:40:49 +0100 Received: from gw.ellinger.de ([213.221.125.210] helo=web.de) by smtp.web.de with asmtp (WEB.DE(Exim) 4.28 #21) id 16eE4G-00025Y-00 for linux-crypto@nl.linux.org; Fri, 22 Feb 2002 12:40:48 +0100 Message-ID: <3C762E3E.1070105@web.de> Date: Fri, 22 Feb 2002 12:40:46 +0100 From: Rainer Ellinger Organization: Rainers Rechenzentrum User-Agent: Mozilla/5.0 X-Accept-Language: en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Crypted CDROMs References: <20020220074509.A2654@philos.philosys.de> <3C73DF2A.63ADEB8D@pp.inet.fi> <20020220162315.A9696@example.com> <20020221074617.A7773@philos.philosys.de> <20020221095744.A10625@example.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: rainer.ellinger@web.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Chris Schadl wrote: > # dd if=/dev/urandom of=~/crypto.iso bs=1M count=650 I consider 700MB the most common standard today and expect to have a stable maximum count of 359849 blocks with 2048 Bytes each - even from kodak ... ;-) So i would use: dd if=/dev/urandom of=cryptoimage.bin bs=2048 count=359000 You need about additional 35 Blocks for a minimum ISO header and lead-out zone. > # losetup -e aes -k 192 /dev/loop0 ~/crypto.iso > # mkisofs -r /stuff/SUPAR-SECRET-STUFF/ >/dev/loop0 It doesn't make sense using a container file through a loop device with a iso9660 filesystem, because iso9660 is a format like a tarball, that could not be used read-write. Use a normal filesystem of you choise. Probably you would like to optimize the filesystem parameters for a 700MB size and CDR usage. For example: mke2fs -m 0 -T largefiles /dev/loopX tune2fs -c 0 -i 0 /dev/loopX if you've only a small count of larger files and want to optimize blocksize and inode count. Then you can backup the container file to CDR like any other file. If you like to be perfect make a e2fsck before. That means you make normal, readable ISOs with your container file inside. You should not write any other raw formats (an an encrypted stream is not a know format) than well defined ISO standards to a CDR. You're drive could make troubles recognizing the CDR. Then a mount /cdrom /X mount /X/cryptoimage.bin /Y -o loop,encryption[...blabla] should make it. For a CDR-backup only usage i would take a approach with tar/cpio/afio | bzip2 | mcrypt | split -- rainer@ellinger.de - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 16:48:11 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:49833 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 16:48:06 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 16:47:17 +0100 (CET) Received: from petkele.almamedia.fi ([IPv6:::ffff:194.215.205.158]:25036 "HELO petkele.almamedia.fi") by humbolt.nl.linux.org with SMTP id ; Fri, 22 Feb 2002 16:46:43 +0100 Received: (qmail 4927 invoked from network); 22 Feb 2002 15:46:31 -0000 Received: from dyn-r-033.yhteys.mtv3.fi (HELO pp.inet.fi) (62.237.18.33) by petkele.almamedia.fi with SMTP; 22 Feb 2002 15:46:31 -0000 Message-ID: <3C7667A7.FF4FD52A@pp.inet.fi> Date: Fri, 22 Feb 2002 17:45:43 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Marc Mutz CC: Panu Matilainen , "Ryan M. McConahy" , linux-crypto@nl.linux.org Subject: Re: Wiping free space on encrypted filesystem. References: <3C74800D.D92D9B11@pp.inet.fi> <1014286022.7882.23.camel@es-adsl-soho-30-186.europe.nokia.com> <200202211741.04169@sendmail.mutz.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Marc Mutz wrote: > On Thursday 21 February 2002 11:07, Panu Matilainen wrote: > > FWIW ppdd is also compatible between 2.2 and 2.4. > > And the 2.4 version uses CryptoAPI :-P Yes it does. Someone should have noticed that instead of doing: loop -> cryptoapi -> ppdd it would have been faster, more efficient and more portable to do: loop -> ppdd Thus completely eliminating the cryptoapi crap. Same silliness is also present in cryptoapi versions of loop encryption: loop -> cryptoapi -> AES Loop-AES code is faster and more efficient as it does not have unnecessary slowdown layers: loop -> AES Am I the only person on this planet who cares about efficiency and speed? Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 17:33:44 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:6588 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 17:33:29 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 17:32:58 +0100 (CET) Received: from modemcable031.79-202-24.mtl.mc.videotron.ca ([IPv6:::ffff:24.202.79.31]:55976 "EHLO uglyduck.ath.cx") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 17:32:39 +0100 Received: by uglyduck.ath.cx (Postfix, from userid 500) id F26E8BD03D; Fri, 22 Feb 2002 11:32:31 -0500 (EST) Date: Fri, 22 Feb 2002 11:32:31 -0500 From: Emil To: linux-crypto@nl.linux.org Cc: Andreas Schreier Subject: Re: Recovering a loop-AES encrypted root partition Message-ID: <20020222163231.GA2170@localhost> Reply-To: el@la.mine.nu References: <1014326881021300@firemail.de> <20020221234117.GA22595@localhost> <20020222035620.4558B1F4801@nic.ath.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020222035620.4558B1F4801@nic.ath.cx> User-Agent: Mutt/1.3.26i X-Operating-System: Linux hal 2.4.17 X-Degrees: CLE (Certified Linux Enthusiast) X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: el@la.mine.nu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > On Friday 22 February 2002 10:41, Emil wrote: > > If you didn't do any other operation on your partition (as you > > said in your post) then ALL the data blocks are intact. After you've "backup" your blocks with the above method you can also try a much better recovery strategy: losetup -e AES /dev/loop5 /dev/hda6 mkfs.ext2 /dev/loop5 By formating your partition again (but through the loop) you won't harm your partition anymore than you've already did because the formating will write exactly the same blocks as it did the first time. The advantage of this second format is that you will end up with a mountable partition. You may then use Midnight Commander compiled with the undel2fs support and start undelete on /dev/loop5. This recovery will give you better results because mc is able to reconstruct the files (but again without file names, directory hierarchy or exact file size). -- Regards, Emil -- When I Die, I want to go like my grandfather did, peacefully in his sleep. Not yelling and screaming, like all the passengers in his car! - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 19:23:58 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:21972 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 19:23:54 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 19:23:19 +0100 (CET) Received: from [IPv6:2001:658:0:2:203:47ff:fe77:28ae] ([IPv6:2001:658:0:2:203:47ff:fe77:28ae]:42255 "EHLO wins.ash.de") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 19:23:07 +0100 Received: (qmail 12019 invoked from network); 22 Feb 2002 18:01:39 -0000 Received: from backoffice.ash.de (2001:658:100::2e0:7dff:fe72:6bbc) by 2001:658::2:203:47ff:fe77:28ae with DES-CBC3-SHA encrypted SMTP cert backoffice@ash.de; 22 Feb 2002 18:01:39 -0000 Received: (qmail 11120 invoked by uid 500); 22 Feb 2002 18:22:29 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Feb 2002 18:22:29 -0000 Date: Fri, 22 Feb 2002 19:22:29 +0100 (CET) From: Hauke Johannknecht To: Jari Ruusu cc: Subject: Re: Wiping free space on encrypted filesystem. In-Reply-To: <3C7667A7.FF4FD52A@pp.inet.fi> Message-ID: X-NCC-RegID: de.trmd MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ash@ash.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Fri, 22 Feb 2002, Jari Ruusu wrote: > Am I the only person on this planet who cares about efficiency and speed? NO, there are also Daniel J. Bernstein and Felix von Leitner. ;) and i am quite happy to have reliable diskcrypto that does its work in disk-speed while occupying less than half of my cpu cycles. (loop-AES256, Athlon, IDE, XFS) Gruss, Hauke -- Hauke Johannknecht Berlin / Germany HJ422-RIPE Use PGP ! -> lynx -dump http://www.ash.de/ash.asc | pgp -kaf - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 20:45:00 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:16866 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 20:44:56 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 20:44:44 +0100 (CET) Received: from server5.safepages.com ([IPv6:::ffff:216.127.146.2]:52749 "EHLO server5.safepages.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 20:44:32 +0100 Received: from room101.2y.net (66-pool1.ras12.gaatl-i.tii-dial.net [206.42.32.66]) by server5.safepages.com (Postfix) with ESMTP id AB57E2AAD8 for ; Fri, 22 Feb 2002 19:43:46 +0000 (GMT) Received: by room101.2y.net (Postfix, from userid 1000) id 60A2126750; Fri, 22 Feb 2002 13:44:22 -0600 (CST) Date: Fri, 22 Feb 2002 13:44:22 -0600 From: Rob McGee To: linux-crypto@nl.linux.org Subject: Re: Migrating from cryptoapi-2.4.7.0 to patch-int-2.4.17 Message-ID: <20020222134422.K7504@hal> References: <20020217133909.A1296@example.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020217133909.A1296@example.com>; from cschadl@satan.org.uk on Sun, Feb 17, 2002 at 01:39:09PM -0600 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: i812@iname.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Sun, Feb 17, 2002 at 01:39:09PM -0600, Chris Schadl wrote: > I do have the cryptoloop and cipher-aes modules loaded. Is it going to be > possible to access my old cryptoapi encrypted data with the new patch-int? If that one was before the IV_mode change to 512 bytes, then your old encrypted containers will not be accessible. You have to use the old cryptoapi to read the data and write it to an encrypted filesystem which uses the new drivers. If you don't want to expose the data to an unencrypted filesystem, you could use two connected machines, or probably better, user-mode Linux (to run a kernel as a user-mode process, a virtual machine.) HTH, Rob - /dev/rob0 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 22 21:10:09 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:53735 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 21:10:00 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 22 Feb 2002 21:09:53 +0100 (CET) Received: from outmail-1.caramail.com ([IPv6:::ffff:213.193.12.65]:10389 "EHLO outmail-1.caramail.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 22 Feb 2002 21:09:33 +0100 Received: from firemail.de (newwww-1.caramail.com [213.193.12.11]) by outmail-1.caramail.com (8.8.8/8.8.8) with SMTP id VAA03965; Fri, 22 Feb 2002 21:09:31 +0100 (MET) Posted-Date: Fri, 22 Feb 2002 21:09:31 +0100 (MET) From: Andreas Schreier To: Emil ; linux-crypto@nl.linux.org Message-ID: <1014408570023371@firemail.de> X-Mailer: Caramail - www.caramail.com X-Originating-IP: [217.226.195.181] Mime-Version: 1.0 Subject: Re[1]: Recovering a loop-AES encrypted root partition Content-Type: multipart/mixed; boundary="=_NextPart_Caramail_0233711014408570_ID" Date: Fri, 22 Feb 2002 21:09:33 +0100 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: a_schreier@firemail.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0233711014408570_ID Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable > The only way to recover that data is to manually examine the content > of each block. Of course you could use "grep" to find specific > strings in your blocks (or other tools). Thanks for the script! I ran it and I was able to recover some of my data by using grep. I noticed that it takes extremely long. After many hours the script had only read like 400 M. Unfortunately my /dev/hda6 was 2 G so it will take much longer. If I understand dd correctly, it doesn't leave out empty blocks, does it? As I can't recover all the data at the moment and I need the space I would like to burn the partition on cds. I would like the data to remain encrypted so I guess I won't losetup it before burning. Is there a possibility to read the partition as it is and split it up into 700 M files? If I understood man dd correctly, I tell it to read the first 700 000 blocks and the next time I tell it to skip the first 700 000 blocks, right? I am not sure how large the blocks have to be for burning on cd. Is it 1024 again? I haven't found out how to put the three 700 M files together again. Is that possible with dd too? I think I will have it in one large 2 G file and then losetup that file (via /dev/loop maybe?). Thank you very much for the help. I am glad that I could already recover some parts of my data. Thanks! Best regards Andreas ______________________________________________________ =DCber 1 Mio. Angebote - Startpreis Euro 1,- http://www.fireball.de/ebay.html --=_NextPart_Caramail_0233711014408570_ID-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 23 14:57:16 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:12728 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 23 Feb 2002 14:57:07 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 23 Feb 2002 14:56:50 +0100 (CET) Received: from c000-h008.c000.snv.cp.net ([IPv6:::ffff:209.228.32.72]:499 "HELO c000.snv.cp.net") by humbolt.nl.linux.org with SMTP id convert rfc822-to-8bit; Sat, 23 Feb 2002 14:56:36 +0100 Received: (cpmta 13042 invoked from network); 23 Feb 2002 05:56:28 -0800 Received: from 80.130.178.213 (HELO dirichlet.mathematik.uni-bielefeld.de) by smtp.mutz.com (209.228.32.72) with SMTP; 23 Feb 2002 05:56:28 -0800 X-Sent: 23 Feb 2002 13:56:28 GMT Content-Type: text/plain; charset="us-ascii" From: Marc Mutz To: Jari Ruusu Subject: Re: Wiping free space on encrypted filesystem. Date: Sat, 23 Feb 2002 14:56:15 +0100 X-Mailer: KMail [version 1.3.9] Cc: Panu Matilainen , "Ryan M. McConahy" , linux-crypto@nl.linux.org References: <200202211741.04169@sendmail.mutz.com> <3C7667A7.FF4FD52A@pp.inet.fi> In-Reply-To: <3C7667A7.FF4FD52A@pp.inet.fi> X-PGP-Key: 0xBDBFE838 MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Message-Id: <200202231456.17431@sendmail.mutz.com> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Marc@Mutz.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 22 February 2002 16:45, Jari Ruusu wrote: > Am I the only person on this planet who cares about efficiency No. You seem to be the only person who does _not_ care for efficiency. loop-AES has it's own crypto stuff, freeS/WAN has it's own crypto stuff. xyz has it's own crypto stuff. That's very efficient, indeed. Both from a kernel size and from a developer time pov. > and speed? Speed is secondary. Maintainablilty and code auditing is what matters here. If more modules use common cryptographic routines instead of everyone implementing their own, bugs get fixed faster and the overall product is better. This is something _you_ don't want, obviously. You rather write the fivehundreth implementation of AES for kernel space instead of fixing the existing stuff. That wouldn't be much of a problem if you did stop bashing cryptoAPI. Yes, your code is better. It is even more performant. But it is an island solution. We don't need that, see? We need something that is _generic_. CryptoAPI is. At least it is more so than what other people have come up with. It's a _very_ good sign that the ppdd and cipe people start using cryptoAPI. It means that bugs get identified. That they are not fixed so fast as one would like is a pity. But whining that everyone starts using cryptoAPI doesn't help. Sending patches does. Bugging the maintainer to make sure they are applied, does. There's more than disc encryption out there! Marc - -- Marc Mutz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8d5+A3oWD+L2/6DgRAuZJAKCuQmMlpWowbXZhu0M2C9JeRdfdlQCcDSBJ DSUpPYSkfGhyt5EsToS/iy8= =RIhe -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 23 15:59:47 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:46526 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 23 Feb 2002 15:59:37 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 23 Feb 2002 15:59:29 +0100 (CET) Received: from outmail-1.caramail.com ([IPv6:::ffff:213.193.12.65]:60087 "EHLO outmail-1.caramail.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 23 Feb 2002 15:59:12 +0100 Received: from firemail.de (newwww-1.caramail.com [213.193.12.11]) by outmail-1.caramail.com (8.8.8/8.8.8) with SMTP id PAA00509 for linux-crypto@nl.linux.org; Sat, 23 Feb 2002 15:59:10 +0100 (MET) Posted-Date: Sat, 23 Feb 2002 15:59:10 +0100 (MET) From: Andreas Schreier To: linux-crypto@nl.linux.org Message-ID: <1014476351031174@firemail.de> X-Mailer: Caramail - www.caramail.com X-Originating-IP: [80.133.173.205] Mime-Version: 1.0 Subject: Deleting/overwriting data Content-Type: multipart/mixed; boundary="=_NextPart_Caramail_0311741014476351_ID" Date: Sat, 23 Feb 2002 15:59:12 +0100 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: a_schreier@firemail.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0311741014476351_ID Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have recovered some data from my deleted loop-AES encrypted root partition. I saved it on a partition that is not encrypted. I would like to delete these files. This time they shouldn't be recoverable. How can I do that? I guess just doing 'rm my_files' will not be enough. Is there a good way to overwrite the data so that it can't be recovered? (I have a backup this time ;-)) Best regards Andreas ______________________________________________________ =DCber 1 Mio. Angebote - Startpreis Euro 1,- http://www.fireball.de/ebay.html --=_NextPart_Caramail_0311741014476351_ID-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 23 16:02:58 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:38336 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 23 Feb 2002 16:02:56 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 23 Feb 2002 16:02:51 +0100 (CET) Received: from erasmus.off.net ([IPv6:::ffff:64.39.30.25]:65033 "EHLO erasmus.off.net") by humbolt.nl.linux.org with ESMTP id ; Sat, 23 Feb 2002 16:02:43 +0100 Received: by erasmus.off.net (Postfix, from userid 929) id 15BF9540A7; Sat, 23 Feb 2002 10:02:43 -0500 (EST) Date: Sat, 23 Feb 2002 10:02:43 -0500 From: Jerome Etienne To: Andreas Schreier Cc: linux-crypto@nl.linux.org Subject: Re: Deleting/overwriting data Message-ID: <20020223100243.B15881@long-haul.net> Reply-To: Jerome Etienne References: <1014476351031174@firemail.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <1014476351031174@firemail.de>; from a_schreier@firemail.de on Sat, Feb 23, 2002 at 03:59:12PM +0100 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jme@off.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/lin