Re: LuksResume with key on partition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hmmm. It now works..

I seem to have miscalculated a factor of 8 somewhere, the correct size of my key was 1216bytes=9728bits

I also had to change lib/utils.c to

483c483
<               for(i = 0; read_horizon == 0 || i <= read_horizon; i++) {
---
>               for(i = 0; read_horizon == 0 || i < read_horizon; i++) {

Will this patch break other keys???

.. Now I can use the following udev rule
DRIVERS=="usb" ACTION=="remove" SUBSYSTEM=="usb", ENV{ID_SERIAL_SHORT}=="001D", RUN+="/usr/bin/xscreensaver-command -display :0.0 -lock" DRIVERS=="usb" ACTION=="remove" SUBSYSTEM=="usb", ENV{ID_SERIAL_SHORT}=="001D", RUN+="/sbin/cryptsetup luksSuspend safe"
DRIVERS=="usb" ACTION=="add" SUBSYSTEM=="usb", ENV{ID_SERIAL_SHORT}=="001D", RUN+="/usr/bin/xscreensaver-command -display :0.0 -deactivate" DRIVERS=="sd" ACTION=="add" SUBSYSTEM=="block", ENV{ID_SERIAL_SHORT}=="001D", RUN+="/usr/sbin/cryptsetup luksResume safe -d /dev/%k -s 9728" 

Milan Broz wrote:

On 05/06/2010 03:26 PM, Warren Crossing wrote:

Milan Broz wrote:

On 05/06/2010 11:54 AM, Warren Crossing wrote:


I am using cryptsetup 2:1.1.0-2.1 from debian
I tried to get the cvs but cant dig cvs.saout.de (not even from saout.de ns)?????


http://code.google.com/p/cryptsetup/
(where do you get that old cvs address?)


   From www.saout.de. - is this an old dead site?


No, but svn and project page is now on Google code site. There is lot of old information
on wiki seems (But IIRC link to cryptsetup page was updated. Strange.)


try 1.1.1-rc2 please and if it doesn't work, I need some reproducer
(I tried simple passphrase and it works here, I think I even used 1.1.0 for test)


I don't have a spare disk handy (perhaps tonight I can try) - so I tried with loops, but it fails with

"Device /dev/loop4 is not a valid LUKS device."


luksSuspend/Resume is supported on LUKS devices only, it will be never supported
for plain devices (there is no way how to verify the passphrase is correct,
it can lead to data corruption.)

Instead of

cryptsetup -c aes-plain -h sha512 -b 2048 create test /dev/loop4 -d key


you have to use
cryptsetup luksFormat /dev/loop4 key

then
cryptsetup luksOpen /dev/loop4 -d key

Keep default cipher better, not sure why are you using known-IV vulnerable mode here...

Milan
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux