From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id au4QiKDtZtz3 for ; Sat, 15 Sep 2012 14:05:03 +0200 (CEST) Received: from awesome.dsw2k3.info (unknown [IPv6:2a01:198:661:1f::3]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Sat, 15 Sep 2012 14:05:03 +0200 (CEST) Date: Sat, 15 Sep 2012 14:04:51 +0200 From: Matthias Schniedermeyer Message-ID: <20120915120451.GA12424@citd.de> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Migrating from loop AES to dm-crypt List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Nick Battle Cc: dm-crypt@saout.de On 14.09.2012 18:35, Nick Battle wrote: > I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of > mount and losetup do not have the file encryption options they used to, since > everyone should have migrated to dm-crypt. The trouble is, I now have some > encrypted backup volumes that I cannot read! > > I used to mount the archives with: > > mount ... -o loop,phash=sha256,encryption=aes128 > > It looks like I should be using the loopaesOpen option to cryptsetup to mount > these now, but I cannot find a combination of options that works. I'm trying the > following: > > cryptsetup loopaesOpen --key-file pp --key-size 128 --hash > sha256 -c aes-cbc-plain > > Where the file pp has my passphrase (without a newline) - that I used to enter > at the prompt mount gave when using the "-o loop". This successfully sets up the > mapper, but the result is not recognizable as a filesystem (I think it's ext2). > So I assume the crypto and/or passphrase hash isn't quite right. > > I'm afraid the archives are so old that I don't know which options I used to > originally create them, though I almost certainly chose "defaults". > > Can anyone help? That isn't whan loopaesOpen is needed for. It is needed for loop-aes v2 or v3 format. What you describe is v1. Which, as far as i understand, is "plain" "aes128-CBC", with a sha256-round for the passphrase. An easy way to decrypt loop-aes is by using "aespipe" (same author), which can also be found on the loop-aes site: http://loop-aes.sourceforge.net/aespipe/ And boy is that fast when you have a CPU with AES-NI. I recently decrypted some DVDs i recorded several years ago. They were encrypted with loop-aes v1/aes128 and a dcrypt with aespie in tmpfs only took 2.8 seconds on average for 4489MiB, IOW 1.6GiB/s using a single core. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous.