On 14.09.2012 18:35, Nick Battle wrote: > I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of > mount and losetup do not have the file encryption options they used to, since > everyone should have migrated to dm-crypt. The trouble is, I now have some > encrypted backup volumes that I cannot read! > > I used to mount the archives with: > > mount ... -o loop,phash=sha256,encryption=aes128 > > It looks like I should be using the loopaesOpen option to cryptsetup to mount > these now, but I cannot find a combination of options that works. I'm trying the > following: > > cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash > sha256 -c aes-cbc-plain > > Where the file pp has my passphrase (without a newline) - that I used to enter > at the prompt mount gave when using the "-o loop". This successfully sets up the > mapper, but the result is not recognizable as a filesystem (I think it's ext2). > So I assume the crypto and/or passphrase hash isn't quite right. > > I'm afraid the archives are so old that I don't know which options I used to > originally create them, though I almost certainly chose "defaults". > > Can anyone help? That isn't whan loopaesOpen is needed for. It is needed for loop-aes v2 or v3 format. What you describe is v1. Which, as far as i understand, is "plain" "aes128-CBC", with a sha256-round for the passphrase. An easy way to decrypt loop-aes is by using "aespipe" (same author), which can also be found on the loop-aes site: http://loop-aes.sourceforge.net/aespipe/ And boy is that fast when you have a CPU with AES-NI. I recently decrypted some DVDs i recorded several years ago. They were encrypted with loop-aes v1/aes128 and a dcrypt with aespie in tmpfs only took 2.8 seconds on average for 4489MiB, IOW 1.6GiB/s using a single core. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
