Re: Loop-AES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

John Poirier wrote:
> I made encrypted a pair of disks using loop-AES on Debian Woody. I 
> recently formatted my system disk to Gentoo. I saved the encryption 
> keys for the other disk. The script I had written called for this:
> 
>   losetup -e aes -k 128 -p 0 /dev/loop0 /dev/hde > /keyfile
> 
>   In other words, create a loopback device based on this hard disk and 
> unencrypt it using the AES cipher and the contents of "keyfile" which 
> is a 128 bit key.
> 
> So what I did after I installed Gentoo was download the freshest 
> util-linux and aes-loop. I patched util-linux and compiled with no 
> problem and I was able to make and install loop.ko with no problem as 
> well. I compiled my kernel without loopback support as called for by 
> install docs, and loaded loop.ko using
> 
>   modprobe loop
> 
>   modprobe -l verifies that it is loaded.
> 
> So far so good. The problem is that this version of losetup no longer 
> takes the -k option and I can't remember what version I was using 
> before. I also can't remember if I used patched util-linux or something 
> else. Okay, so i changed "aes" to "aes-128". Now I enter the command:
> 
>   losetup -e aes-128 -p 0 /dev/loop0 /dev/hde > /keyfile
> 
>   I get no errors, but when I try to mount loop0 I get told that it 
> can't find a filesystem on the device. Is this a problem with the 
> "offset"? Why have the parameters of this program changed? I'm not sure 
> what's going on here. In fact, I don't even really know if it is the 
> kernel, the binary or my configuration that is screwing things up for 
> me and don't know how to tell.

losetup -e aes128 -p 0 -H rmd160 /dev/loop0 /dev/hde < /keyfile
                       ^^^^^^^^^                     ^

Above syntax uses single-key mode, which has been broken, and as such
is not recommended.

> What I am actually trying to head towards here eventually is accessing 
> these drives using dm-crypt. Are these even compatible?

dm-crypt is cryptoloop compatible. Current versions of dm-crypt and
cryptoloop are both broken and backdoored, and as such useless for securifty
needs.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux