Sebastian Siewior wrote:
> * Markus Huehnerbein | 2007-08-29 16:41:57 [+0200]:
>
>> Thanks a lot! I confirm that it works with "-s 128" and also if "-s" is
>> skipped! But if I try to use cryptsetup with ESSIV (cryptsetup -c
>> aes-cbc-essiv:sha256 -y -s 128 luksFormat /dev/hda2) I get the same
> what about sha128 instead?
>
>> error. If the "geode-aes" does not support essiv why is this task not
>> performed by another algorithm in the cryptoAPI?
> Actually it is. geode does not support keys != 128 bit. ESSIV uses as
> key the output of sha256 what is 256. Check dmesg please. If my theory
> is correct than you should see in dmesg or somewhere:
> "Failed to set key for ESSIV cipher"
> Is it?
Yes, again you're right, if I use a hash with 256 bit I get the
following syslog errors:
device-mapper: table: 254:1: crypt: Error initializing ESSIV hash
device-mapper: ioctl: error adding target to table
device-mapper: ioctl: device doesn't appear to be in the dev hash table.
Unfortunately there is no support for sha128 in the Kernel so I tried
md5 as md5 also generates a 128 bit value.
Preparing the Volume with:
cryptsetup -c aes-cbc-essiv:md5 -y -s 128 luksFormat /dev/hda2
works fine ("Command successful" and no errors in the syslog) but when I
try to open the device
cryptsetup luksOpen /dev/hda2 devdmcryptluks
I get "Command failed." after entering the (correct) password. I also
tried "luksOpen" with the same arguments as "luksFormat" but the same -
"Command failed." without any trace in the syslog...
>
>> Thanks,
>> Markus
>
> Sebastian
>
Thanks again,
Markus
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
