Am Samstag, 25. November 2006 15:55 schrieb Max Vozeler: > Hi Rainer, > > On Sat, Nov 18, 2006 at 04:05:30PM +0100, Rainer Dorsch wrote: > > I did specify the -H rmd160, but it did not change anything, > > passphrase was ok, but same error message, when I tried to mount the > > file system. > > > > With losetup /dev/loop0, I got on Knoppix > > > > /dev/loop0: [0011]:9556 (/dev/sda5) encryption=CryptoAPI/blowfish-cbc > > > > On the sarge machine, which can mount the encrypted file system > > correctly, I got > > > > silverboxy:~# losetup /dev/loop0 > > /dev/loop0: [000c]:6517 (/udev/mdisk5), encryption blowfish (type 18) > > silverboxy:~# > > > > That looks different and I assume that is the reason why I can't mount > > it with knoppix. > > That could be. Some difference in the output is normal though: > The first output is from loop-AES patched losetup, the second by > standard losetup with Debian crypto patch. Both indicate that a > CryptoAPI cipher was used (type 18 == CryptoAPI). > > > Can I find out when mounted on the Debian system, what the right > > parameters are? > > I wrote a small tool some time ago to dump the actual settings > of an encrypted loop. I'm attaching it to this mail. You should be > able to build it by just calling "make". Hopefully it can shed > light on the actual differences between the setups. > > I think I have a suspicion though: The standard losetup in Debian > used to have a bug where it truncated keysizes to 128 bits without > any indication. I think this bug no longer exists, but it could be > that the version in sarge was still affected by it. > > You can verify if this is the case if you try losetup -k 128 .. on > the sarge machine. If it decryptes correctly, it is very likely to > be affected by this bug. In that case you should be able to losetup > it on knoppix by saying -e blowfish128 -H rmd160. If that doesn't > work, feel free to send me the output of the loopinfo tool and we > can see if we can figure out the exact difference. Make sure to > strip the line that includes the encryption key though :-) >
Hi Max, seems that you suspicion does not hold: silverboxy:~# losetup -k 128 -e blowfish /dev/loop0 /udev/mdisk5 Password: silverboxy:~# mount /dev/loop0 /mnt/crypto/ mount: you must specify the filesystem type silverboxy:~# losetup -d /dev/loop0 silverboxy:~# losetup -k 256 -e blowfish /dev/loop0 /udev/mdisk5 Password: silverboxy:~# mount /dev/loop0 /mnt/crypto/ silverboxy:~# I try to run the loopinfo tool tomorrow. If it turns out that recovering this setup becomes too difficult, I would be happy with any setup which works on sarge and knoppix at the same time. Thanks, Rainer -- Rainer Dorsch Alzentalstr. 28 D-71083 Herrenberg 07032-919495 jabber: [EMAIL PROTECTED] GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E Full GPG key: http://pgp.mit.edu/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
