
On Wednesday 07 June 2006 04:54, Uwe Gansert wrote:
On Monday 05 June 2006 22:46, Karsten Künne wrote:
I tried to use a profile from 9.3 in order to create an encrypted partition in 10.1 but it gave me a cryptic error (error code -3013, whatever that means) during installation and I ended up with an invalid partition table. Following is the piece from my profile:
<partition> <crypt_fs config:type="boolean">true</crypt_fs> <crypt>twofish</crypt> <crypt_key>CRYPTOPASS</crypt_key> <filesystem config:type="symbol">xfs</filesystem> <format config:type="boolean">true</format> <loop_fs config:type="boolean">true</loop_fs> <mount>/home</mount> <partition_id config:type="integer">131</partition_id> <size>max</size> </partition>
This works fine here: <partition> <crypt>twofish256</crypt> <crypt_key>abc12345678901234567890</crypt_key> <loop_fs config:type="boolean">true</loop_fs> <crypt_fs config:type="boolean">true</crypt_fs> <filesystem config:type="symbol">ext3</filesystem> <format config:type="boolean">true</format> <mount>/tmp</mount> <partition_id config:type="integer">131</partition_id> <size>1GB</size> <partition_type>primary</partition_type> </partition>
I don't think <crypt>twofish</crypt> is a valid value in your profile.
Yes, twofish256 works, but seems to require a 20-character passphrase. That's not gonna fly with our users. I know it's a bad thing to reduce that requirement but I'm gonna loose that battle with our users. But this is not autoyast-related so I don't want to discuss that here. If somebody knows how to configure a cryptfs in SUSE 10.1 with a shorter than 20 character passphrase I would appreciate that. Karsten. -- We are all agreed that your theory is crazy. The question which divides us is whether it is crazy enough to have a chance of being correct. My own feeling is that it is not crazy enough. -- Niels Bohr