On 06/21/2016 05:51 PM, Joe Hillenbrand wrote: > I gathered the requested output. Unfortunately, it doesn't look very > helpful. Each command took about +95 minutes. Just for the archive, that particular system has apparently broken getrusage() call that returns zeroed process/system time, so benchmark cannot work there properly. I would like to know why but apparently this is not cryptsetup failure. Milan > > On Mon, Jun 20, 2016 at 8:24 PM, Milan Broz <gmazyland@xxxxxxxxx> wrote: >> >> Does it work if you just open the device? For example try >> >> cryptsetup luksOpen /dev/md1 --test-passphrase > > Yes, I can open and mount it fine. > >> >>> and then fails with the "Not compatible PBKDF2 options" message and exit code 1. >>> >>> $ sudo cryptsetup luksAddKey /dev/md1 /etc/.md1.key >>> Enter any existing passphrase: >>> Not compatible PBKDF2 options (using hash algorithm sha256). >> >> Could you please send output with added --debug switch? > > # cryptsetup 1.7.1 processing "cryptsetup luksAddKey --debug /dev/md1 > /etc/.md1.key" > # Running command luksAddKey. > # Locking memory. > # Installing SIGINT/SIGTERM handler. > # Unblocking interruption on signal. > # Allocating crypt device /dev/md1 context. > # Trying to open and read device /dev/md1 with direct-io. > # Initialising device-mapper backend library. > # Trying to load LUKS1 crypt type from device /dev/md1. > # Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library version 1.7.1. > # Detected kernel Linux 4.6.2-1-ARCH x86_64. > # Reading LUKS header of size 1024 from device /dev/md1 > # Key length 32, device size 11720126464 sectors, header size 2050 sectors. > # Password verification disabled. > # Timeout set to 0 miliseconds. > # Iteration time set to 2000 miliseconds. > # Interactive passphrase entry requested. > Enter any existing passphrase: > # Checking volume [keyslot -1] using passphrase. > # Trying to open key slot 0 [ACTIVE_LAST]. > # Reading key slot 0 area. > # Using userspace crypto wrapper to access keyslot area. > Key slot 0 unlocked. > # File descriptor passphrase entry requested. > # Adding new keyslot, existing passphrase provided,new passphrase provided. > # Trying to open key slot 0 [ACTIVE_LAST]. > # Reading key slot 0 area. > # Using userspace crypto wrapper to access keyslot area. > Key slot 0 unlocked. > # Calculating data for key slot 1 > Not compatible PBKDF2 options (using hash algorithm sha256). > # Releasing crypt device /dev/md1 context. > # Releasing device-mapper backend. > # Unlocking memory. > Command failed with code 22: Invalid argument > > >> It is failing PBKDF2 benchmark here so please try and send output >> of these commands as well: >> >> cryptsetup benchmark -h sha256 --debug > > # cryptsetup 1.7.1 processing "cryptsetup benchmark -h sha256 --debug" > # Running command benchmark. > # Installing SIGINT/SIGTERM handler. > # Unblocking interruption on signal. > # Tests are approximate using memory only (no storage IO). > # Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library version 1.7.1. > # Detected kernel Linux 4.6.2-1-ARCH x86_64. > PBKDF2-sha256 N/A > Command failed with code 22. > >> cryptsetup benchmark -h sha1 --debug > > # cryptsetup 1.7.1 processing "cryptsetup benchmark -h sha1 --debug" > # Running command benchmark. > # Installing SIGINT/SIGTERM handler. > # Unblocking interruption on signal. > # Tests are approximate using memory only (no storage IO). > ]# Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library > version 1.7.1. > # Detected kernel Linux 4.6.2-1-ARCH x86_64. > PBKDF2-sha1 N/A > Command failed with code 22. > >> What distro and version it is? > > Arch > >> Do you compile anything (kernel, cryptsetup, library...) yourself? > > No. It's all stock. > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
