https://bugzilla.novell.com/show_bug.cgi?id=332095#c1 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kernel-maintainers@forge.provo.novell.com |lnussel@novell.com Severity|Blocker |Normal Status|NEW |ASSIGNED --- Comment #1 from Ludwig Nussel 2007-10-09 03:43:18 MST --- mount is not supposed to segfault. please open a separate bug report and provide a backtrace. your cryptsetup call is broken in two ways - you need to pass a name as 2nd parameter - if you volumes are really in loop_fish2 format you need to use twofish-cbc-null as algorithm See http://www.suse.de/~lnussel/hdencryption/hdencryption.html for examples. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=332095#c3 --- Comment #3 from Dirk Stoecker 2007-10-09 04:04:36 MST --- You see in above fstab, that the test device I used for the examples uses twofish2, so the call is correct. The second argument can be everything, the result is the same. As there is no update-guide available commandline errors are possible, but as long as the systems tells me the device does not exist there is no real use in digging deeper into possible commandline problems (BTW I really tried lot's of different commandlines). Anyway the same problem appears for /dev/private2, which is an old twofish and thus uses twofish-cbc-null. The mount crash produces no backtrace, as I have no debug-stuff installed. The problem is so central, that I don't believe it is specific to my machine. I would start installing debug stuff and doing debugging only, when the easy reproducability tests on your side fail (especially as my 10.3 test system I talk about has no network access for easy installation). Regarding corruption: a) If encryption is correct, there is either a no-or-nothing. Wrong encryption cannot produce nearly correct results, but totally wrong results, else the encryption is not strong. The filesystem will no discover the partition at all then. b) Loading too many modules should not influence the results at all (BTW: I also tried with loading only subsets of the specified kernel modules, Result is the same). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=332095#c5 --- Comment #5 from Dirk Stoecker 2007-10-09 04:47:56 MST --- Nice. With this example I got it to work. Ok, this fixes one problem. Make an support data article from the comment 4 and put it somewhere on the openSUSE servers. I will try this evening, if I can access all my partitions using the dm-crypt method with cryptsetup. And BTW, how can I do this without root privileges? Everything regarding encryption in the support database is before 10.x if I remember correctly. But the other central problem still exists. The losetup based method fails, crashs, ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=332095#c7 Dirk Stoecker changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | --- Comment #7 from Dirk Stoecker 2007-10-09 05:42:57 MST --- Your second paragraph contradicts your release announcements. http://www.novell.com/linux/releasenotes/i386/openSUSE/10.3/RELEASE-NOTES.en... Search for: "It is still possible to use cryptoloop via losetup and mount." Regarding dm-crypt: This means you effectively want to kill the possibility to use already crypted user-file-containers, crypted external hard-disks, crypted backup-hard-disks and crypted disk-images (CD's), which very well worked on openSUSE before 10.3 and is heavy used throughout our company, as it is the only acceptable solution to keep the company secrets save in all the locations (home disks, external disks, backup spaces, ...)? You don't mean this. This is the third time SUSE changes the encryption setup, which means I now have 3 legacy setups (twofish, twofishSL92, twofish256) and now the LUKS stuff will come. The minimum I expect is that the legacy stuff works (and it seems your release note writers thought the same way). We have about 60 crypted backup DVS's, which cannot be reencrypted and about 20 crypted partitions only in the small development department of our company. Changing this is lots of work and only to see it changed again in SUSE 11.0, as there will be another oh-so-good new solution. The setups we use are no specific options, but main options of previous SUSE releases. We expect, that they still work. In 5 to 10 years you may be right, not now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=332095#c9 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID --- Comment #9 from Ludwig Nussel 2007-10-17 02:41:13 MST --- AES support a maximum key size of 256 bits. 2048 will not work of course. In PM with Dirk we concluded that all partitions are accessible with dm-crypt so the original claim of this bug is still INVALID. Please move further discussions to the opensuse-* mailinglists and do not reopen this bug. Anyways, an upcoming util-linux update will include a patch for mount/losetup so "twofish" or "twofishSL92" are recognized. A warning that those methods are deprecated will be printed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.