Re: util-linux and data encryption
From: Jari Ruusu
Date: Tue Oct 04 2005 - 00:15:31 EST
Paulo da Silva wrote:
> I had a loop filesystem encrypted with twofish
> algorithm.
>
> Today, trying to mount the file, 'mount' claimed
> I needed to enter a password of 20 chars or more!
> Since I used less chars to encrypt, I was not able
> to recover the information!!!
> I tried CFLAGS="-DLOOP_PASSWORD_MIN_LENGTH=8"
> without any success. This causes 'mount' to accept
> the password, but, somehow, the decryption failled
> because the fs type remained unrecognized!
>
> BTW, I am using gentoo and I also tried USE=old-crypt.
> No way!
>
> I needed to install the version 2.12i to recover
> my information.
>
> Is this related with util-linux or has something
> to do with gentoo patches or something?
Seems like gentoo has merged loop-AES' util-linux patch which has always
used better defaults.
Mainline util-linux compatible mount options for /etc/fstab
encryption=twofish256,phash=unhashed2
Mainline util-linux compatible losetup command options
losetup -e twofish256 -H unhashed2 ......
kerneli.org compatible mount options for /etc/fstab
encryption=twofish256,phash=rmd160
kerneli.org compatible losetup command options
losetup -e twofish256 -H rmd160 ......
mount and losetup programs don't enforce 20 character minimum passphrase
length when using 'rmd160' or 'unhashed2' hash functions.
Both mainline util-linux and kerneli.org compatible setups are broken
securitywise. If there still are file systems using such broken setups, now
is good time to re-encrypt them using stronger crypto.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/