Hi Bernd,

there is no final solution to that problem yet, but there are ideas what might 
be the root cause of the problem. I forwarded you a response which I got on 
the debian-users list.

I checked the suspicion of the trunkated key sizes and it is wrong. I did not 
yet run the loopinfo tool, which is attached as well.

I case you find something out, please let me know. For me the issue is not 
terribly pressing, because it is just my backup and if really goes something 
wrong, accessing it from a sarge system instead of a Knoppix disk would be 
less convenient, but I would not have data loss.

Hope that helps...

Rainer

Am Mittwoch, 27. Dezember 2006 22:59 schrieben Sie:
> Hi Rainer,
>
> entschuldige die Störung. Ich habe im Thread
>
> http://www.elearnit.de/knoppix/forum/viewtopic.php?t=1595&sid=c3a59c8bc47d5
>2d8f9c6ddec7241691f
>
> gelesen, das Du Probleme beim Mounten eines mit Sarge erzeugten
> Cryptofilesystems mit Knoppix hast/hattest. Leider habe ich exakt das
> gleiche Problem. Soweit ich bisher herausgefunden habe, scheint es
> unabhängig vom eingesetzten Algorithmus zu sein - ich bin aber auch
> komplett ratlos.
>
> Der Thread hört leider ohne Lösung auf :(
>
> Hast Du bisher eine Lösung für das Problem gefunden, oder gibt es bisher
> keine Lösung?
>
> Wäre nett, wenn Du Dich mit ner kurzen Antwortmail melden würdest (auch
> wenns noch keine Lösung gibt), würde mir sehr weiterhelfen!
>
> Vielen Dank schonmal, frohe Feiertage & nen guten Rutsch,
>
> Bernd
----------  Weitergeleitete Nachricht  ----------

Subject: Re: Writting on encrypted partion with Debian sarge reading with 
Knoppix
Date: Samstag, 25. November 2006 15:55
From: Max Vozeler <[EMAIL PROTECTED]>
To: Rainer Dorsch <[EMAIL PROTECTED]>
Cc: debian-user@lists.debian.org, [EMAIL PROTECTED]

Hi Rainer,

On Sat, Nov 18, 2006 at 04:05:30PM +0100, Rainer Dorsch wrote:
> I did specify the -H rmd160, but it did not change anything,
> passphrase was ok, but same error message, when I tried to mount the
> file system.
>
> With losetup /dev/loop0, I got on Knoppix
>
> /dev/loop0: [0011]:9556 (/dev/sda5) encryption=CryptoAPI/blowfish-cbc
>
> On the sarge machine, which can mount the encrypted file system
> correctly, I got
>
> silverboxy:~# losetup /dev/loop0
> /dev/loop0: [000c]:6517 (/udev/mdisk5), encryption blowfish (type 18)
> silverboxy:~#
>
> That looks different and I assume that is the reason why I can't mount
> it with knoppix.

That could be. Some difference in the output is normal though:
The first output is from loop-AES patched losetup, the second by
standard losetup with Debian crypto patch. Both indicate that a
CryptoAPI cipher was used (type 18 == CryptoAPI).

> Can I find out when mounted on the Debian system, what the right
> parameters are?

I wrote a small tool some time ago to dump the actual settings
of an encrypted loop. I'm attaching it to this mail. You should be
able to build it by just calling "make". Hopefully it can shed
light on the actual differences between the setups.

I think I have a suspicion though: The standard losetup in Debian
used to have a bug where it truncated keysizes to 128 bits without
any indication. I think this bug no longer exists, but it could be
that the version in sarge was still affected by it.

You can verify if this is the case if you try losetup -k 128 .. on
the sarge machine. If it decryptes correctly, it is very likely to
be affected by this bug. In that case you should be able to losetup
it on knoppix by saying -e blowfish128 -H rmd160. If that doesn't
work, feel free to send me the output of the loopinfo tool and we
can see if we can figure out the exact difference. Make sure to
strip the line that includes the encryption key though :-)

cheers,
Max

-------------------------------------------------------

-- 
Rainer Dorsch
Alzentalstr. 28
D-71083 Herrenberg
07032-919495
jabber: [EMAIL PROTECTED]
GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F  8F59 E3A8 C538 7519 141E
Full GPG key: http://pgp.mit.edu/

Attachment: loopinfo.tgz
Description: GNU Unix tar archive

Reply via email to