| 1 |
On Mon, 23 Feb 2004 01:23 am, Venkat Manakkal wrote: |
| 2 |
> I've used cryptoloop with 2.6.0-test9-mm5 and util-linux 2.12. I've been |
| 3 |
> successfully using this combination with "losetup -e twofish /dev/loop/# |
| 4 |
> /path/img-file". I do know for sure that no other version of util-linux |
| 5 |
> worked out. Due to the many images I am using I am stuck with the kernel |
| 6 |
> and util-linux until I get the time to do all the steps outlined below. |
| 7 |
> |
| 8 |
> On another machine I'm using 2.6.1-gentoo and loop-aes ontop of the base |
| 9 |
> util-linux 2.12. I cannot get the second machine to read the twofish |
| 10 |
> crypt images - it fails with a complaint that the encrytion module does |
| 11 |
> not accept the key length directive - I don't remember the exact |
| 12 |
> message. |
| 13 |
|
| 14 |
Try something like |
| 15 |
|
| 16 |
losetup -e twofish-256 /dev/loop/# |
| 17 |
|
| 18 |
I've found the error message by losetup (2.12) so ambiguous sometimes. I got |
| 19 |
this same length error when a cryptloop modules wasn't in the kernel (hint |
| 20 |
for a check). |
| 21 |
|
| 22 |
> In other words you MUST go back to the exact version of kernel and |
| 23 |
> util-linux. Its complaint about unknown file system is because losetup |
| 24 |
> will succeed with *any* password - only that you get random data on the |
| 25 |
> other side of the loop unless the encryption is correctly decoded. |
| 26 |
|
| 27 |
loopaes hacks losetup majorly so avoid that one with non-aes crypt partitions. |
| 28 |
|
| 29 |
I haven't had a problem between kernel versions (2.6.1-gentoo - 2.6.3-gentoo, |
| 30 |
2.6.3-vanilla) except when I was an idiot and forgot cryptloop in the kernel |
| 31 |
config. |
| 32 |
|
| 33 |
You're pretty much limited to util-linux-2.11z-r8 or later as they are the |
| 34 |
only ones that have the crypt patches. I haven't looked at the 2.11/2.12 |
| 35 |
differences. |
| 36 |
|
| 37 |
Small warning with ext3 and cryptroots that may or may not work for you - |
| 38 |
http://bugs.gentoo.org/show_bug.cgi?id=41854 |
| 39 |
http://bugme.osdl.org/show_bug.cgi?id=2153 |
| 40 |
|
| 41 |
Will do xfs next time now that its possible. |
| 42 |
|
| 43 |
Don't know the full cause of this but I've got a filesystems that hangs |
| 44 |
processes big time upon accessing certain files. Exporting partitions over |
| 45 |
NFS may have been a cause too. |
| 46 |
|
| 47 |
rough details of my setup: |
| 48 |
|
| 49 |
http://dev.gentoo.org/~dragonheart/encryptedrootfs |
| 50 |
|
| 51 |
(and I will put the XML doc into HTML soon) |
| 52 |
|
| 53 |
|
| 54 |
-- |
| 55 |
|
| 56 |
Daniel Black |
| 57 |
-- |
| 58 |
|
| 59 |
|
| 60 |
-- |
| 61 |
gentoo-security@g.o mailing list |
Archives