Hi Rainer, On Sat, Nov 18, 2006 at 04:05:30PM +0100, Rainer Dorsch wrote: > I did specify the -H rmd160, but it did not change anything, > passphrase was ok, but same error message, when I tried to mount the > file system. > > With losetup /dev/loop0, I got on Knoppix > > /dev/loop0: [0011]:9556 (/dev/sda5) encryption=CryptoAPI/blowfish-cbc > > On the sarge machine, which can mount the encrypted file system > correctly, I got > > silverboxy:~# losetup /dev/loop0 > /dev/loop0: [000c]:6517 (/udev/mdisk5), encryption blowfish (type 18) > silverboxy:~# > > That looks different and I assume that is the reason why I can't mount > it with knoppix. That could be. Some difference in the output is normal though: The first output is from loop-AES patched losetup, the second by standard losetup with Debian crypto patch. Both indicate that a CryptoAPI cipher was used (type 18 == CryptoAPI). > Can I find out when mounted on the Debian system, what the right > parameters are? I wrote a small tool some time ago to dump the actual settings of an encrypted loop. I'm attaching it to this mail. You should be able to build it by just calling "make". Hopefully it can shed light on the actual differences between the setups. I think I have a suspicion though: The standard losetup in Debian used to have a bug where it truncated keysizes to 128 bits without any indication. I think this bug no longer exists, but it could be that the version in sarge was still affected by it. You can verify if this is the case if you try losetup -k 128 .. on the sarge machine. If it decryptes correctly, it is very likely to be affected by this bug. In that case you should be able to losetup it on knoppix by saying -e blowfish128 -H rmd160. If that doesn't work, feel free to send me the output of the loopinfo tool and we can see if we can figure out the exact difference. Make sure to strip the line that includes the encryption key though :-) cheers, Max
Attachment:
loopinfo.tgz
Description: GNU Unix tar archive