Re: Problems with migration from SuSE's loop_twofish to loop-AES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Waldemar la Tendresse wrote:
> I have been using SuSE 7.1 with an updated kernel 2.4.16-4GB from SuSE
> including loop_fish2 module. I have an encrypted partition using the
> SuSE twofish module. The fstab-entry for ot looks like this:
> 
> /dev/hdd2       /mnt/   reiserfs        loop,encryption=twofish,noauto,user 1 2
> 
> As you can see, I am using reiserfs instead of ext2, as stated in
> the loop-AES READMEs. This works just fine.
> 
> The problem is that I want to migrate to Debian Woody 3.0r0. I am using
> Debians kernel 2.4.20 with loop-AES v1.7a and ciphers-v1.1a and
> util-linux-2.11.y. All the components work very well, loop-AES is
> very fast, even with AES256. But I am not able to mount the
> encrypted partition when running Debian with loop-AES. I already
> tried all possible options, this means
> 
> losetup -e twofish(128|196|256) with and without -H and -I options
> 
> mount ..... -o loop,encryption=all three twofishes, with and without phash
> (all possible values) and loinit (both values) (I used the readonly switch
> in all cases, of course.)

Posting exact error message would help. If error message was "ioctl:
LOOP_SET_STATUS: Invalid argument", then loading the loop_twofish module to
kernel before mount or losetup command should cure your problem. Do this as
root:

    modprobe loop_twofish
    mount -t reiserfs /dev/hdd2 /mnt -o loop=/dev/loop0,encryption=twofish128,phash=rmd160,loinit=1

Or alternatively, add this line to your /etc/fstab

    /dev/hdd2  /mnt  reiserfs  loop=/dev/loop0,encryption=twofish128,phash=rmd160,loinit=1,noauto,user  0  0

And this line to your debian /etc/modules file so that loop_twofish gets
loaded to kernel at boot.

    loop_twofish

And then mount should work as any user, like this:

    mount /mnt

> Another strange thing I do not understand is when I do a
> 
> head -c15 /dev/urandom | uuencode -m - | head -2 | tail -1 \
>         | losetup -p 0 -e AESxxx /dev/loopX /dev/hdaX
> time dd if=dev/zero of=dev/loopX bs=4k conv=notrunc 2>/dev/null
> 
> the used time is always the same, regerdles if using AES128, AES192 or AES256. So
> obviously the harddisk is the bottleneck here. But WHY is the idle-time,
> as shown by top in all three cases at 82% on my PIII-500MHz machine? Shouldn't
> AES192 use more cycles then AES128, and AES256 more than AES192? Is something
> going wrong here?

Speed differences among AES128, AES192 and AES256 do not vary much. AES256
offers about 72% performance of AES128.

Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux