1 |
I've used cryptoloop with 2.6.0-test9-mm5 and util-linux 2.12. I've been |
2 |
successfully using this combination with "losetup -e twofish /dev/loop/# |
3 |
/path/img-file". I do know for sure that no other version of util-linux |
4 |
worked out. Due to the many images I am using I am stuck with the kernel |
5 |
and util-linux until I get the time to do all the steps outlined below. |
6 |
|
7 |
On another machine I'm using 2.6.1-gentoo and loop-aes ontop of the base |
8 |
util-linux 2.12. I cannot get the second machine to read the twofish |
9 |
crypt images - it fails with a complaint that the encrytion module does |
10 |
not accept the key length directive - I don't remember the exact |
11 |
message. |
12 |
|
13 |
In other words you MUST go back to the exact version of kernel and |
14 |
util-linux. Its complaint about unknown file system is because losetup |
15 |
will succeed with *any* password - only that you get random data on the |
16 |
other side of the loop unless the encryption is correctly decoded. |
17 |
|
18 |
So *always* make encrypted backups of all encrypted images before you |
19 |
update kernel or baselayout (i.e. util-linux). You can use aespipe for |
20 |
this from the loop-aes package. So your steps would be - go back to old |
21 |
kernel and old util-linux, mount the cryptfile, cd to the directory, |
22 |
"tar czpf - .| aespipe -e AES256 -C 128 -T> /path/to/backup.tgz.aes". |
23 |
Update (or re-boot to new setup), then create a *new* crypt image, |
24 |
losetup, mount then restore your backup by "cat |
25 |
/path/to/backup.tgz.aes|aespipe -d|tar xvzpf -". It does not hurt to |
26 |
make periodic bakups since power failures can be worse on encrypted file |
27 |
systems. |
28 |
|
29 |
Hope this helps. |
30 |
|
31 |
Best regards, |
32 |
|
33 |
---Venkat. |
34 |
|
35 |
----------------------------------------------------------------------- |
36 |
Venkat Manakkal secure 64 bit workstations |
37 |
President, rayServers.com laptops and servers... |
38 |
venkat@××××××××××.com "Installed Secure" |
39 |
+1-607-546-7300 http://www.rayservers.com/ |
40 |
----------------------------------------------------------------------- |
41 |
|
42 |
On another machine I've got |
43 |
On Sun, 22 Feb 2004 15:36:57 +0100 |
44 |
"i.t " <gentoo@×××××××××××.org> wrote: |
45 |
|
46 |
> hi, |
47 |
> |
48 |
> for months I've been successfully working with cryptoloop on a |
49 |
> cryptfile with a gento 2.4.22-gss kernel; |
50 |
> some days ago I've updated the baselayout for the system and lateron I |
51 |
> |
52 |
> couldn't start losetup anymore. |
53 |
> I've recompiled the kernel, |
54 |
> installed gentoo kernel 2.6.3, |
55 |
> and for comparison on a fedora partition loop-AES-v2.0f. |
56 |
> rm -f -r test-file[1234] test-dir1 |
57 |
> *** Test results ok *** |
58 |
> |
59 |
> So far I get the following results with gentoo kernel2.6.3 and patched |
60 |
> fedora (2.4.22): |
61 |
> |
62 |
> losetup -e AES /dev/loop0 crfile |
63 |
> Passwort: |
64 |
> [ok] |
65 |
> mount /dev/loop0 /mnt/loop/ |
66 |
> mount: you must give the filesystem (Sie muessen den Dateisystemtyp |
67 |
> angeben) |
68 |
> |
69 |
> I'm pretty sure the filesystem was ext3 for the crfile (ok - meanwhile |
70 |
> I know ext2 is better), |
71 |
> but when I try: |
72 |
> |
73 |
> mount -t ext3 /dev/loop0 /mnt/loop/ |
74 |
> mount: |
75 |
> (Falscher Dateisystemtyp, ungÃ_Å_ltige Optionen, der |
76 |
> Ã_»SuperblockÃ_« von /dev/loop0 ist beschÃ_â_¬digt oder es |
77 |
> sind zu viele Dateisysteme eingehÃ_â_¬ngt) |
78 |
> wrong filesystem, invalid options, or superblock is damaged... |
79 |
> |
80 |
> this goes for every filesystem type what is supported. |
81 |
> With gentoo 2.4.22-gss #4 SMP I get these results: |
82 |
> |
83 |
> losetup -e aes /dev/loop0 DorAES |
84 |
> Password: |
85 |
> ioctl: LOOP_SET_STATUS: Invalid argument |
86 |
> |
87 |
> I'm a bit desperated after all the time and work. What may have |
88 |
> happenend? Has anybody any idea? Can there be a change in the offset |
89 |
> size with losetup? Any help really appreciated |
90 |
> |
91 |
> thanks |
92 |
> -- |
93 |
> . ___ |
94 |
> | | |
95 |
> | | |
96 |
> |
97 |
> |
98 |
> -- |
99 |
> gentoo-security@g.o mailing list |
100 |
> |
101 |
|
102 |
|
103 |
|
104 |
|
105 |
|
106 |
-- |
107 |
gentoo-security@g.o mailing list |