-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2007-02-14 at 11:40 +0100, Ludwig Nussel wrote:
Carlos E. R. wrote:
The Sunday 2007-02-11 at 12:51 +0100, Ludwig Nussel wrote:
No. As soon as you load loop_fish2 the twofishSL92 format gets used.
Very unfortunate.
The thing is that I have a three encrypted filesystems, plus dozens of dvds, some of them created using yast, and which I thought all of them were using the new system. But, as the old partition (twofishSL92) was mounted at creation time, all of them are in fact using twofishSL92 although I specified twofish256.
I can't posibly read and reburn all those dvds!
The problem is that Yast, or the kernel, or whatever, has created those filesystems using loop_fish2 without warning that it was using the old method.
Yeah, that's an unfortunate situation indeed.
I have been very busy because I had a bad system crash; I blame the IDE cable (that flat ribbon one with 80 wires) that became faulty with so many unplugging and replugging while I was trying to install a new disk and solve the crypto problem and others... first my whole home partition (xfs) in one disk became wholly trashed (even the "label" disappeared). I even provoked a bug in xfs_repair that I should report - if I can recover the bug data! When I had that partition almost recovered, then down went the whole same disk! This time "/" (ext3) was almost unrecoverable (certainly unbootable after recovery) and the rest needed extensive fsck. And all this because I wanted to install a new disk to do a backup... I'm now using 10.2, upgraded from my 9.3 previous full backup. Easier for me than a fresh install, or because I just wanted to keep the chain of upgrades since 8.1 O:-) So I didn't see your message.
I had a look at dm-crypt yesterday. Looks like a trivial patch is sufficient for it to be able to to access legacy images without the nasty side effects of loop_fish2.
In case you don't mind breaking your whole system with barely tested software ;-) I've put the patch for dm-crypt.c and shell scripts that pass the correct parameters to cryptsetup here: http://www.suse.de/~lnussel/cryptsetup-legacy.tar.gz
I'm certainly interested, but... as you know I hosed my system last week, I am somewhat reluctant to expose it - so, how bad is that "breaking danger" you mention? :-?
You need to install util-linux-crypto and if you want to recompile the kernel module also kernel-source.
For example to mount a dvd: cryptsetup-twofishSL92 foo /dev/hdc mount /dev/mapper/foo /a
Or an image: losetup /dev/loop0 img cryptsetup-twofish256 bar /dev/loop0 mount /dev/mapper/bar /b
Note that this is experimental. I'd try it with read only dvd images first. No warranty that it works without breaking stuff. I'd be glad if someone could confirm that the method works without corrupting filesystems indeed though (also for pre-9.2 images). Hopefully we can get rid of loop_fish2 then.
Ok, but I suppose you mean read only for the crypto filesystem, not the system itself? My system is not encrypted, would that be endangered if I was testing to read encrypted dvds? You understand I'm "touchy" right now about such "dangers", don't you? ;-) At the moment, I have changed my crypto filesystems on the hard disk to the new system. It is only the DVDs that remain using the old loop_fish2, of course. If you think my normal filesystem would be safe (it is not encrypted), then I'm game. Or I could use another 10.2 system in the same computer, on a different partition: it wouldn't matter much it that one got corrupted, as long as there is no danger of propagating the damage to the rest of unmounted partitions. Am I too paranoic? ;-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF2P12tTMYHG2NR9URAsMlAJ9HyEelPD6ts+lNkBGg8Sf54WvzYQCglCMG fvy3Z+XHzNe7ApD/JFXwkb8= =2TY7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org