Carlos E. R. wrote:
The Sunday 2007-02-11 at 12:51 +0100, Ludwig Nussel wrote:
No. As soon as you load loop_fish2 the twofishSL92 format gets used.
Very unfortunate.
The thing is that I have a three encrypted filesystems, plus dozens of dvds, some of them created using yast, and which I thought all of them were using the new system. But, as the old partition (twofishSL92) was mounted at creation time, all of them are in fact using twofishSL92 although I specified twofish256.
I can't posibly read and reburn all those dvds!
The problem is that Yast, or the kernel, or whatever, has created those filesystems using loop_fish2 without warning that it was using the old method.
Yeah, that's an unfortunate situation indeed. I had a look at dm-crypt yesterday. Looks like a trivial patch is sufficient for it to be able to to access legacy images without the nasty side effects of loop_fish2. In case you don't mind breaking your whole system with barely tested software ;-) I've put the patch for dm-crypt.c and shell scripts that pass the correct parameters to cryptsetup here: http://www.suse.de/~lnussel/cryptsetup-legacy.tar.gz You need to install util-linux-crypto and if you want to recompile the kernel module also kernel-source. For example to mount a dvd: cryptsetup-twofishSL92 foo /dev/hdc mount /dev/mapper/foo /a Or an image: losetup /dev/loop0 img cryptsetup-twofish256 bar /dev/loop0 mount /dev/mapper/bar /b Note that this is experimental. I'd try it with read only dvd images first. No warranty that it works without breaking stuff. I'd be glad if someone could confirm that the method works without corrupting filesystems indeed though (also for pre-9.2 images). Hopefully we can get rid of loop_fish2 then. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE Labs V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org