On Fri, Oct 20, 2006 at 03:34:40PM +0200, Andreas Jellinghaus (aj@xxxxxxxxxxxxxxx) wrote: > >Btw, async provider only supports AES-128 in CBC mode, so if you try > >different ciphers, there can be some problems. > > my code does > > SECTORS=`blockdev --getsize /dev/hda3` > > echo 0 $SECTORS crypt aes-cbc-essiv:sha256 $ROOTKEY 0 /dev/hda3 0 \ > |dmsetup create root > > so this is not compatible with acrypto I guess :( > any special reason why acrypto is limited this way? I'm lazy and I did not implemented async provider so it would request other ciphers. It is not limitation of acrypto, but instead of software async_provider, which should be extended to support any kind of ciphers, instead of precompiled one. > guess that limitation needs to go away before it can be added to > the linux kernel, or some workaround so dm-crypt will fall back on > not using acrypto or something like that in order to not brake existing > and working installations. Well, I guess async_provider itself should go away, instead I will change synchronous cryptoapi code to register itself as acrypto device when new tfm is created. > Thanks, Andreas -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
