Jochen Hayek wrote:
I have a few disks with fstab entries like this one:
noauto,nocheck,acl,user_xattr,loop=/dev/loop0,encryption=twofish256,phash=sha512,itercountk=100
I would like to mount them under 10.3Alpha3 resp. SUSE Factory.
cryptsetup's manual page says
COMPATABILITY WITH OLD SUSE TWOFISH PARTITIONS
To read images created with SuSE Linux 9.2's loop_fish2
use --cipher twofish-cbc-null -s 256 -h sha512,
for images created with even older SuSE Linux
use --cipher twofish-cbc-null -s 192 -h ripemd160:20
but if twofish-cbc-null is not listed in /proc/crypto , there is no way getting this working, right?
That's not the problem. The fstab line means you use losetup to set up an encrypted loop device. When migrating util-linux to util-linux-ng the loop-AES patch got dropped. The itercountk option was part of that patch. As quick workaround to be able to access your data you can install util-linux (or just mount/losetup) from 10.2. The plan is to not reintroduce the loop-AES patch (yast never offered to use any of it's options right?) and also to get rid of the loop_fish2 kernel module for 10.3 though.
Shall I just forget twofish256 and migrate all my encrypted disks?
If that's an option four you it certainly makes sense to use a more secure on-disk format. 10.3 should still be able to read old images though. Therefore cryptsetup/dm-crypt do suppport the loop_fish2 format (twofish-cbc-null) in factory already. What's missing atm is the ability to generate keys compatible with the loop-AES patch. Please file a bug and assign it to me, I'll consider implementing replacements for itercountk and pseed options in cryptsetup. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE Labs V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org