Re: cryptoloop on 2.4.22 won?t work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 14 Sep 2003 20:30:30 +0300, Pasi K?rkk?inen wrote:
> I couldn't get the fs to work with the new kernel. losetup complained
> something about the encryption type or so (Sorry, I don't have the exact
> error message available now..)

That is to be expected.

> I tried using util-linux 2.12, and encryption type aes-cbc-256 like this:
> 
> hashalot ripemd160 | ./losetup -p0 -e aes-cbc-256 /dev/loop0 /dev/vg0/lv0
>  
> But I couldn't mount the loop0 after this.. so the key was not set up like
> in my patch-int+loop-hvr combo..

Hm... in this case I wouldn't expect it to be. You're using 256-bit
encryption, but the output of RIPEMD-160 is only 160 bits. It is possible
that hashalot sets the remaining bits differently than the old losetup code.

I'll see if I can't fix that, but meantime I strongly recommend that you
re-encrypt with an SHA-256-hashed key (or maybe even SHA-384). Right now
you're really using 160-bit AES.

-- 
Ben Slusky                 | If Apollo 13 went off course today 
sluskyb@xxxxxxxxxxxxxx     | [they'd] open the airlock, flush
sluskyb@xxxxxxxxxx         | the astronauts out, and re-install
PGP keyID ADA44B3B         | new ones.  -Kibo
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux