Writting on encrypted partion with Debian sarge reading with
Knoppix
Rainer Dorsch
rdorsch at web.de
Mon Nov 27 23:17:28 CET 2006
Am Samstag, 25. November 2006 15:55 schrieb Max Vozeler:
> Hi Rainer,
>
> On Sat, Nov 18, 2006 at 04:05:30PM +0100, Rainer Dorsch wrote:
> > I did specify the -H rmd160, but it did not change anything,
> > passphrase was ok, but same error message, when I tried to mount the
> > file system.
> >
> > With losetup /dev/loop0, I got on Knoppix
> >
> > /dev/loop0: [0011]:9556 (/dev/sda5) encryption=CryptoAPI/blowfish-cbc
> >
> > On the sarge machine, which can mount the encrypted file system
> > correctly, I got
> >
> > silverboxy:~# losetup /dev/loop0
> > /dev/loop0: [000c]:6517 (/udev/mdisk5), encryption blowfish (type 18)
> > silverboxy:~#
> >
> > That looks different and I assume that is the reason why I can't mount
> > it with knoppix.
>
> That could be. Some difference in the output is normal though:
> The first output is from loop-AES patched losetup, the second by
> standard losetup with Debian crypto patch. Both indicate that a
> CryptoAPI cipher was used (type 18 == CryptoAPI).
>
> > Can I find out when mounted on the Debian system, what the right
> > parameters are?
>
> I wrote a small tool some time ago to dump the actual settings
> of an encrypted loop. I'm attaching it to this mail. You should be
> able to build it by just calling "make". Hopefully it can shed
> light on the actual differences between the setups.
>
> I think I have a suspicion though: The standard losetup in Debian
> used to have a bug where it truncated keysizes to 128 bits without
> any indication. I think this bug no longer exists, but it could be
> that the version in sarge was still affected by it.
>
> You can verify if this is the case if you try losetup -k 128 .. on
> the sarge machine. If it decryptes correctly, it is very likely to
> be affected by this bug. In that case you should be able to losetup
> it on knoppix by saying -e blowfish128 -H rmd160. If that doesn't
> work, feel free to send me the output of the loopinfo tool and we
> can see if we can figure out the exact difference. Make sure to
> strip the line that includes the encryption key though :-)
>
Hi Max,
seems that you suspicion does not hold:
silverboxy:~# losetup -k 128 -e blowfish /dev/loop0 /udev/mdisk5
Password:
silverboxy:~# mount /dev/loop0 /mnt/crypto/
mount: you must specify the filesystem type
silverboxy:~# losetup -d /dev/loop0
silverboxy:~# losetup -k 256 -e blowfish /dev/loop0 /udev/mdisk5
Password:
silverboxy:~# mount /dev/loop0 /mnt/crypto/
silverboxy:~#
I try to run the loopinfo tool tomorrow.
If it turns out that recovering this setup becomes too difficult, I would be
happy with any setup which works on sarge and knoppix at the same time.
Thanks,
Rainer
--
Rainer Dorsch
Alzentalstr. 28
D-71083 Herrenberg
07032-919495
jabber: rdorsch at jabber.org
GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E
Full GPG key: http://pgp.mit.edu/
More information about the Pkg-loop-aes-maint
mailing list