| 1 |
I've used cryptoloop with 2.6.0-test9-mm5 and util-linux 2.12. I've been |
| 2 |
successfully using this combination with "losetup -e twofish /dev/loop/# |
| 3 |
/path/img-file". I do know for sure that no other version of util-linux |
| 4 |
worked out. Due to the many images I am using I am stuck with the kernel |
| 5 |
and util-linux until I get the time to do all the steps outlined below. |
| 6 |
|
| 7 |
On another machine I'm using 2.6.1-gentoo and loop-aes ontop of the base |
| 8 |
util-linux 2.12. I cannot get the second machine to read the twofish |
| 9 |
crypt images - it fails with a complaint that the encrytion module does |
| 10 |
not accept the key length directive - I don't remember the exact |
| 11 |
message. |
| 12 |
|
| 13 |
In other words you MUST go back to the exact version of kernel and |
| 14 |
util-linux. Its complaint about unknown file system is because losetup |
| 15 |
will succeed with *any* password - only that you get random data on the |
| 16 |
other side of the loop unless the encryption is correctly decoded. |
| 17 |
|
| 18 |
So *always* make encrypted backups of all encrypted images before you |
| 19 |
update kernel or baselayout (i.e. util-linux). You can use aespipe for |
| 20 |
this from the loop-aes package. So your steps would be - go back to old |
| 21 |
kernel and old util-linux, mount the cryptfile, cd to the directory, |
| 22 |
"tar czpf - .| aespipe -e AES256 -C 128 -T> /path/to/backup.tgz.aes". |
| 23 |
Update (or re-boot to new setup), then create a *new* crypt image, |
| 24 |
losetup, mount then restore your backup by "cat |
| 25 |
/path/to/backup.tgz.aes|aespipe -d|tar xvzpf -". It does not hurt to |
| 26 |
make periodic bakups since power failures can be worse on encrypted file |
| 27 |
systems. |
| 28 |
|
| 29 |
Hope this helps. |
| 30 |
|
| 31 |
Best regards, |
| 32 |
|
| 33 |
---Venkat. |
| 34 |
|
| 35 |
----------------------------------------------------------------------- |
| 36 |
Venkat Manakkal secure 64 bit workstations |
| 37 |
President, rayServers.com laptops and servers... |
| 38 |
venkat@××××××××××.com "Installed Secure" |
| 39 |
+1-607-546-7300 http://www.rayservers.com/ |
| 40 |
----------------------------------------------------------------------- |
| 41 |
|
| 42 |
On another machine I've got |
| 43 |
On Sun, 22 Feb 2004 15:36:57 +0100 |
| 44 |
"i.t " <gentoo@×××××××××××.org> wrote: |
| 45 |
|
| 46 |
> hi, |
| 47 |
> |
| 48 |
> for months I've been successfully working with cryptoloop on a |
| 49 |
> cryptfile with a gento 2.4.22-gss kernel; |
| 50 |
> some days ago I've updated the baselayout for the system and lateron I |
| 51 |
> |
| 52 |
> couldn't start losetup anymore. |
| 53 |
> I've recompiled the kernel, |
| 54 |
> installed gentoo kernel 2.6.3, |
| 55 |
> and for comparison on a fedora partition loop-AES-v2.0f. |
| 56 |
> rm -f -r test-file[1234] test-dir1 |
| 57 |
> *** Test results ok *** |
| 58 |
> |
| 59 |
> So far I get the following results with gentoo kernel2.6.3 and patched |
| 60 |
> fedora (2.4.22): |
| 61 |
> |
| 62 |
> losetup -e AES /dev/loop0 crfile |
| 63 |
> Passwort: |
| 64 |
> [ok] |
| 65 |
> mount /dev/loop0 /mnt/loop/ |
| 66 |
> mount: you must give the filesystem (Sie muessen den Dateisystemtyp |
| 67 |
> angeben) |
| 68 |
> |
| 69 |
> I'm pretty sure the filesystem was ext3 for the crfile (ok - meanwhile |
| 70 |
> I know ext2 is better), |
| 71 |
> but when I try: |
| 72 |
> |
| 73 |
> mount -t ext3 /dev/loop0 /mnt/loop/ |
| 74 |
> mount: |
| 75 |
> (Falscher Dateisystemtyp, ungÃ_Å_ltige Optionen, der |
| 76 |
> Ã_»SuperblockÃ_« von /dev/loop0 ist beschÃ_â_¬digt oder es |
| 77 |
> sind zu viele Dateisysteme eingehÃ_â_¬ngt) |
| 78 |
> wrong filesystem, invalid options, or superblock is damaged... |
| 79 |
> |
| 80 |
> this goes for every filesystem type what is supported. |
| 81 |
> With gentoo 2.4.22-gss #4 SMP I get these results: |
| 82 |
> |
| 83 |
> losetup -e aes /dev/loop0 DorAES |
| 84 |
> Password: |
| 85 |
> ioctl: LOOP_SET_STATUS: Invalid argument |
| 86 |
> |
| 87 |
> I'm a bit desperated after all the time and work. What may have |
| 88 |
> happenend? Has anybody any idea? Can there be a change in the offset |
| 89 |
> size with losetup? Any help really appreciated |
| 90 |
> |
| 91 |
> thanks |
| 92 |
> -- |
| 93 |
> . ___ |
| 94 |
> | | |
| 95 |
> | | |
| 96 |
> |
| 97 |
> |
| 98 |
> -- |
| 99 |
> gentoo-security@g.o mailing list |
| 100 |
> |
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
-- |
| 107 |
gentoo-security@g.o mailing list |
Archives