From: Matthias Schniedermeyer <ms@citd.de>
To: Nick Battle <nick.battle@gmail.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] Migrating from loop AES to dm-crypt
Date: Sat, 15 Sep 2012 14:04:51 +0200 [thread overview]
Message-ID: <20120915120451.GA12424@citd.de> (raw)
In-Reply-To: <k2vpn4$96e$1@ger.gmane.org>
On 14.09.2012 18:35, Nick Battle wrote:
> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
> mount and losetup do not have the file encryption options they used to, since
> everyone should have migrated to dm-crypt. The trouble is, I now have some
> encrypted backup volumes that I cannot read!
>
> I used to mount the archives with:
>
> mount ... -o loop,phash=sha256,encryption=aes128
>
> It looks like I should be using the loopaesOpen option to cryptsetup to mount
> these now, but I cannot find a combination of options that works. I'm trying the
> following:
>
> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
> sha256 -c aes-cbc-plain
>
> Where the file pp has my passphrase (without a newline) - that I used to enter
> at the prompt mount gave when using the "-o loop". This successfully sets up the
> mapper, but the result is not recognizable as a filesystem (I think it's ext2).
> So I assume the crypto and/or passphrase hash isn't quite right.
>
> I'm afraid the archives are so old that I don't know which options I used to
> originally create them, though I almost certainly chose "defaults".
>
> Can anyone help?
That isn't whan loopaesOpen is needed for. It is needed for loop-aes v2
or v3 format.
What you describe is v1. Which, as far as i understand, is "plain"
"aes128-CBC", with a sha256-round for the passphrase.
An easy way to decrypt loop-aes is by using "aespipe" (same author),
which can also be found on the loop-aes site:
http://loop-aes.sourceforge.net/aespipe/
And boy is that fast when you have a CPU with AES-NI. I recently
decrypted some DVDs i recorded several years ago. They were encrypted
with loop-aes v1/aes128 and a dcrypt with aespie in tmpfs only took 2.8
seconds on average for 4489MiB, IOW 1.6GiB/s using a single core.
Bis denn
--
Real Programmers consider "what you see is what you get" to be just as
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated,
cryptic, powerful, unforgiving, dangerous.
next prev parent reply other threads:[~2012-09-15 12:05 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-14 17:35 [dm-crypt] Migrating from loop AES to dm-crypt Nick Battle
2012-09-14 18:00 ` Arno Wagner
2012-09-14 20:08 ` Nick Battle
2012-09-15 12:04 ` Matthias Schniedermeyer [this message]
2012-09-18 7:16 ` Ludwig Nussel
2012-09-18 7:47 ` Milan Broz
2012-09-18 21:03 ` Nick Battle
2012-09-18 21:32 ` Arno Wagner
2012-09-19 18:07 ` Nick Battle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120915120451.GA12424@citd.de \
--to=ms@citd.de \
--cc=dm-crypt@saout.de \
--cc=nick.battle@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.