1 |
On Mon, 23 Feb 2004 01:23 am, Venkat Manakkal wrote: |
2 |
> I've used cryptoloop with 2.6.0-test9-mm5 and util-linux 2.12. I've been |
3 |
> successfully using this combination with "losetup -e twofish /dev/loop/# |
4 |
> /path/img-file". I do know for sure that no other version of util-linux |
5 |
> worked out. Due to the many images I am using I am stuck with the kernel |
6 |
> and util-linux until I get the time to do all the steps outlined below. |
7 |
> |
8 |
> On another machine I'm using 2.6.1-gentoo and loop-aes ontop of the base |
9 |
> util-linux 2.12. I cannot get the second machine to read the twofish |
10 |
> crypt images - it fails with a complaint that the encrytion module does |
11 |
> not accept the key length directive - I don't remember the exact |
12 |
> message. |
13 |
|
14 |
Try something like |
15 |
|
16 |
losetup -e twofish-256 /dev/loop/# |
17 |
|
18 |
I've found the error message by losetup (2.12) so ambiguous sometimes. I got |
19 |
this same length error when a cryptloop modules wasn't in the kernel (hint |
20 |
for a check). |
21 |
|
22 |
> In other words you MUST go back to the exact version of kernel and |
23 |
> util-linux. Its complaint about unknown file system is because losetup |
24 |
> will succeed with *any* password - only that you get random data on the |
25 |
> other side of the loop unless the encryption is correctly decoded. |
26 |
|
27 |
loopaes hacks losetup majorly so avoid that one with non-aes crypt partitions. |
28 |
|
29 |
I haven't had a problem between kernel versions (2.6.1-gentoo - 2.6.3-gentoo, |
30 |
2.6.3-vanilla) except when I was an idiot and forgot cryptloop in the kernel |
31 |
config. |
32 |
|
33 |
You're pretty much limited to util-linux-2.11z-r8 or later as they are the |
34 |
only ones that have the crypt patches. I haven't looked at the 2.11/2.12 |
35 |
differences. |
36 |
|
37 |
Small warning with ext3 and cryptroots that may or may not work for you - |
38 |
http://bugs.gentoo.org/show_bug.cgi?id=41854 |
39 |
http://bugme.osdl.org/show_bug.cgi?id=2153 |
40 |
|
41 |
Will do xfs next time now that its possible. |
42 |
|
43 |
Don't know the full cause of this but I've got a filesystems that hangs |
44 |
processes big time upon accessing certain files. Exporting partitions over |
45 |
NFS may have been a cause too. |
46 |
|
47 |
rough details of my setup: |
48 |
|
49 |
http://dev.gentoo.org/~dragonheart/encryptedrootfs |
50 |
|
51 |
(and I will put the XML doc into HTML soon) |
52 |
|
53 |
|
54 |
-- |
55 |
|
56 |
Daniel Black |
57 |
-- |
58 |
|
59 |
|
60 |
-- |
61 |
gentoo-security@g.o mailing list |