Carlos E. R. wrote:
The Sunday 2007-02-11 at 02:06 +0100, I wrote:
I have bumped into a weird problem with encrypted filesystems.
It appears there are two incompatible types that use the same options in the cryptotab file.
It's difficult to explain.
Let me explain in another way:
Encrypted filesystems using 'twofish256', created after mounting another filesystem that uses 'twofishSL92', are in fact created using 'twofishSL92' as well, silently.
Thus, the keyword 'twofish256' refers in fact to two different and incompatible encryptions: to the real or new 'twofish256' (reported by losetup as 'CryptoAPI/twofish-cbc'), and to the old 'twofishSL92' (reported by losetup as 'twofish256').
Yes, unfortunately there are two incompatible on-disk formats for a twofish256 encrytion: http://en.opensuse.org/SDB:Crypto_Partition/Files_Changes_in_SUSE_Linux_Prof...
The proof of this is that I can happily mount my 'twofish256' filesystems as 'twofishSL92' instead.
Be careful. Writing to a partition that got mounted with the wrong encryption type may result in irreparable file system corruption.
Now, the first question is: is there another token I can use instead of 'twofish256' that is unique and refers to the real 'twofish256', that is, to 'CryptoAPI/twofish-cbc'?
No. As soon as you load loop_fish2 the twofishSL92 format gets used. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org