Jochen Hayek wrote: > I have a few disks with fstab entries like this one: > > > noauto,nocheck,acl,user_xattr,loop=/dev/loop0,encryption=twofish256,phash=sha512,itercountk=100 > > I would like to mount them under 10.3Alpha3 resp. SUSE Factory. > > cryptsetup's manual page says > > COMPATABILITY WITH OLD SUSE TWOFISH PARTITIONS > > To read images created with SuSE Linux 9.2's loop_fish2 > > use --cipher twofish-cbc-null -s 256 -h sha512, > > for images created with even older SuSE Linux > > use --cipher twofish-cbc-null -s 192 -h ripemd160:20 > > but if twofish-cbc-null is not listed in /proc/crypto , > there is no way getting this working, right?
That's not the problem. The fstab line means you use losetup to set up an encrypted loop device. When migrating util-linux to util-linux-ng the loop-AES patch got dropped. The itercountk option was part of that patch. As quick workaround to be able to access your data you can install util-linux (or just mount/losetup) from 10.2. The plan is to not reintroduce the loop-AES patch (yast never offered to use any of it's options right?) and also to get rid of the loop_fish2 kernel module for 10.3 though. > Shall I just forget twofish256 and migrate all my encrypted disks? If that's an option four you it certainly makes sense to use a more secure on-disk format. 10.3 should still be able to read old images though. Therefore cryptsetup/dm-crypt do suppport the loop_fish2 format (twofish-cbc-null) in factory already. What's missing atm is the ability to generate keys compatible with the loop-AES patch. Please file a bug and assign it to me, I'll consider implementing replacements for itercountk and pseed options in cryptsetup. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE Labs V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
