losetup in util-linux-2.12 missing -k switch ?

[pent0z]

hi, i've upgraded util-linux to 2.12 but after this i can't start /etc/init.d/crypto-loop because the new /sbin/losetup doesn't have the -k switch... this has caused a lot of problem (my server has /home encrypted)

please check

[pent0z]

i've lost a LOT of e-mail for this FUCKED losetup since my /home is on a encrypted filesystem...

thanks.. COOL!

[markan18]

I presume you have upgraded your kernel to 2.6.0test2. Do you see an error message like this "LOOP_SET_STATUS invalid argument" when trying to mount your encrypted home? It seems than loopback encrypted filesystem using kernel 2.4 are incompatible with kernel 2.6 and losetup have changed also. I've had the same problem and here is what i've done.

1- copy encrypted loopback filesystem in a machine that still use kernel 2.4 and the old losetup.

2- Mount the encrypted filesystem in that machine.

3- Create a new encrypted filesystem in the machine that uses the kernel 2.6.0 and the new losetup and mount it.

4- Using ssh, copy files from the old encrypted filesystem to the new one

5- Keep a backup of the old encrypted filesystem and a backup of a working installation that can decrypt your old encrypted filesystem, you may need it.


I wonder what keysize the new losetup uses since we can't control it anymore, it may depends of the length of the password..
_________________
emerge -u beer

[Jake]

From what I've found, the new losetup defaults to 256bit keys. If you want to use something else, I think the proper syntax is "losetup -e aes128...", for example. The trouble I've been having, however, seems to be the lack of support for hash algorithms. Note how the new losetup has no -P option.

The new mount at least supports the old syntax. For example, in 2.6.0-test2 with util-linux 2.12, I can do "mount -t ext2 -o loop=/dev/loop0,encryption=twofish,keysize=256,phash=sha512 somefile somedirectory". The file I create fails to mount in 2.4. The same goes for files created in 2.4 when I try to mount them in 2.6.

I was reading the mailing list and I found that AES support is known to be broken. They claim the kerneli version was wrong. There's an easy mistake you can make implementing AES, and kerneli made it. There was no mention of other algorithms like twofish being wrong.

I think I've found a workaround for the hash problem. losetup 2.12 has the ability to read a passphrase from a file like this: "get_passphrase | mount -o loop,encryption=aes -p0 dev dir". All one would have to do is hack the desired hash algorithm out of the kerneli patch and turn it into a simple C program, get_passphrase. If I'm right and the hash is the problem, I'd really like to resolve it rather than just switch to a hashless implementation. I fear without the hash it would be less secure, but I could be wrong.

[bpardy]

[Mukka42]

Simply downgrade you util-linux package to 2.11

[_puck_]

@markan18

[trapni]

dunno whether still ontopic, but I could switch to new util-linux with 2.6 and crypto as fast as on-the-fly.

I previousely mounted with mount options encryption=aes,keybits=128,phash=sha512 for kernel 2.4 and old util-linux (2.11z...)

with kernel 2.6 and new util-linux I could mount this with the command:
hashalot sha512 | losetup -p 0 -e aes-cbc-128 /dev/loop/0 /dev/hdc1 && mount /dev/loop/0 /home.
the keybits is passed as part of the encryption algorithm. Of course, /dev/hdc1 has to be changed to your needs, as well as the mount point (here: /home).

Unfortunately, gentoo doesn't seem to have official support for crypto-loop and util-linux-2.12 (that works with 2.6 *and* 2.4 kernel)

greets,
Christian Parpart.