Hi Bernd, there is no final solution to that problem yet, but there are ideas what might be the root cause of the problem. I forwarded you a response which I got on the debian-users list.
I checked the suspicion of the trunkated key sizes and it is wrong. I did not yet run the loopinfo tool, which is attached as well. I case you find something out, please let me know. For me the issue is not terribly pressing, because it is just my backup and if really goes something wrong, accessing it from a sarge system instead of a Knoppix disk would be less convenient, but I would not have data loss. Hope that helps... Rainer Am Mittwoch, 27. Dezember 2006 22:59 schrieben Sie: > Hi Rainer, > > entschuldige die Störung. Ich habe im Thread > > http://www.elearnit.de/knoppix/forum/viewtopic.php?t=1595&sid=c3a59c8bc47d5 >2d8f9c6ddec7241691f > > gelesen, das Du Probleme beim Mounten eines mit Sarge erzeugten > Cryptofilesystems mit Knoppix hast/hattest. Leider habe ich exakt das > gleiche Problem. Soweit ich bisher herausgefunden habe, scheint es > unabhängig vom eingesetzten Algorithmus zu sein - ich bin aber auch > komplett ratlos. > > Der Thread hört leider ohne Lösung auf :( > > Hast Du bisher eine Lösung für das Problem gefunden, oder gibt es bisher > keine Lösung? > > Wäre nett, wenn Du Dich mit ner kurzen Antwortmail melden würdest (auch > wenns noch keine Lösung gibt), würde mir sehr weiterhelfen! > > Vielen Dank schonmal, frohe Feiertage & nen guten Rutsch, > > Bernd ---------- Weitergeleitete Nachricht ---------- Subject: Re: Writting on encrypted partion with Debian sarge reading with Knoppix Date: Samstag, 25. November 2006 15:55 From: Max Vozeler <[EMAIL PROTECTED]> To: Rainer Dorsch <[EMAIL PROTECTED]> Cc: debian-user@lists.debian.org, [EMAIL PROTECTED] Hi Rainer, On Sat, Nov 18, 2006 at 04:05:30PM +0100, Rainer Dorsch wrote: > I did specify the -H rmd160, but it did not change anything, > passphrase was ok, but same error message, when I tried to mount the > file system. > > With losetup /dev/loop0, I got on Knoppix > > /dev/loop0: [0011]:9556 (/dev/sda5) encryption=CryptoAPI/blowfish-cbc > > On the sarge machine, which can mount the encrypted file system > correctly, I got > > silverboxy:~# losetup /dev/loop0 > /dev/loop0: [000c]:6517 (/udev/mdisk5), encryption blowfish (type 18) > silverboxy:~# > > That looks different and I assume that is the reason why I can't mount > it with knoppix. That could be. Some difference in the output is normal though: The first output is from loop-AES patched losetup, the second by standard losetup with Debian crypto patch. Both indicate that a CryptoAPI cipher was used (type 18 == CryptoAPI). > Can I find out when mounted on the Debian system, what the right > parameters are? I wrote a small tool some time ago to dump the actual settings of an encrypted loop. I'm attaching it to this mail. You should be able to build it by just calling "make". Hopefully it can shed light on the actual differences between the setups. I think I have a suspicion though: The standard losetup in Debian used to have a bug where it truncated keysizes to 128 bits without any indication. I think this bug no longer exists, but it could be that the version in sarge was still affected by it. You can verify if this is the case if you try losetup -k 128 .. on the sarge machine. If it decryptes correctly, it is very likely to be affected by this bug. In that case you should be able to losetup it on knoppix by saying -e blowfish128 -H rmd160. If that doesn't work, feel free to send me the output of the loopinfo tool and we can see if we can figure out the exact difference. Make sure to strip the line that includes the encryption key though :-) cheers, Max ------------------------------------------------------- -- Rainer Dorsch Alzentalstr. 28 D-71083 Herrenberg 07032-919495 jabber: [EMAIL PROTECTED] GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E Full GPG key: http://pgp.mit.edu/
loopinfo.tgz
Description: GNU Unix tar archive
