Just tried to replay an example from the net with luks under 10.2, without success. According to the aricle "Datan verschlussen mit dm-crypt fur Linux" from 11 december 2006 (rather up-to-date, I thought) i should do: dd if=/dev/zero of=crypt.img bs=1M count=100 shred -n 1 crypt.img losetup /dev/loop0 crypt.img cryptsetup luksFormat -c aes-cbc-essiv:sh256 -s 256 -y /dev/loop0 According to the man-page of cryptsetup that should be ok. cryptset up however fails with: WARNING! ======== This will overwrite data on /dev/loop0 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: Failed to setup dm-crypt key mapping. Check kernel for support for the aes-cbc-essiv:sh256 cipher spec and verify that /dev/loop0 contains at least 258 sectors. Failed to write to key storage. Well, crypt.img is large enough (100MB) in this example. A quick glance in /proc showed: # zcat /proc/config.gz |grep -i aes CONFIG_RADIO_MAESTRO=m CONFIG_SND_MAESTRO3=m CONFIG_CRYPTO_AES=m CONFIG_CRYPTO_AES_586=m CONFIG_CRYPTO_DEV_PADLOCK_AES=y And a deeper look in /usr/src/linux (default 10.2GM kernel) showed config 10.2 kernel: * Cryptographic options * Cryptographic API (CRYPTO) [Y/?] y HMAC support (CRYPTO_HMAC) [Y/?] y Null algorithms (CRYPTO_NULL) [M/n/y/?] m MD4 digest algorithm (CRYPTO_MD4) [M/n/y/?] m MD5 digest algorithm (CRYPTO_MD5) [M/y/?] m SHA1 digest algorithm (CRYPTO_SHA1) [M/y/?] m SHA256 digest algorithm (CRYPTO_SHA256) [M/n/y/?] m SHA384 and SHA512 digest algorithms (CRYPTO_SHA512) [M/n/y/?] m Whirlpool digest algorithms (CRYPTO_WP512) [M/n/y/?] m Tiger digest algorithms (CRYPTO_TGR192) [M/n/y/?] m DES and Triple DES EDE cipher algorithms (CRYPTO_DES) [M/y/?] m Blowfish cipher algorithm (CRYPTO_BLOWFISH) [M/n/y/?] m Twofish cipher algorithm (CRYPTO_TWOFISH) [M/n/y/?] m Serpent cipher algorithm (CRYPTO_SERPENT) [M/n/y/?] m AES cipher algorithms (CRYPTO_AES) [M/y/?] m AES cipher algorithms (i586) (CRYPTO_AES_586) [M/n/y/?] m CAST5 (CAST-128) cipher algorithm (CRYPTO_CAST5) [M/y/?] m CAST6 (CAST-256) cipher algorithm (CRYPTO_CAST6) [M/n/y/?] m TEA, XTEA and XETA cipher algorithms (CRYPTO_TEA) [M/n/y/?] m ARC4 cipher algorithm (CRYPTO_ARC4) [M/y/?] m Khazad cipher algorithm (CRYPTO_KHAZAD) [M/n/y/?] m Anubis cipher algorithm (CRYPTO_ANUBIS) [M/n/y/?] m Deflate compression algorithm (CRYPTO_DEFLATE) [M/y/?] m Michael MIC keyed digest algorithm (CRYPTO_MICHAEL_MIC) [M/y/?] m CRC32c CRC algorithm (CRYPTO_CRC32C) [M/y/?] m Testing module (CRYPTO_TEST) [M/n/?] m So what am i misssing? All available crypto parts are build as modules. Where should i check for: "Check kernel for support for the aes-cbc-essiv:sh256 cipher spec" (Not tried it yet on older machines, but will do) Hans -- pgp-id: 926EBB12 pgp-fingerprint: BE97 1CBF FAC4 236C 4A73 F76E EDFC D032 926E BB12 Registered linux user: 75761 (http://counter.li.org) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org