From: Milan Broz <gmazyland@gmail.com>
To: Johannes Ernst <johannes.ernst@gmail.com>,
Lars Winterfeld <lars.winterfeld@tu-ilmenau.de>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup problem on Raspberry Pi 2 w 512bit key-size (works on Raspberry Pi 1, x86_64, 256bit)
Date: Sat, 21 Feb 2015 07:53:52 +0100 [thread overview]
Message-ID: <54E82B80.8000607@gmail.com> (raw)
In-Reply-To: <E401AE9C-F988-4839-AC13-62D4FADD7290@gmail.com>
On 02/20/2015 11:59 PM, Johannes Ernst wrote:
> It’s not the keyboard layout: I interact with both Pi’s through ssh and terminal on OSX. And it even happens with extremely simple pass phrases such as ‘asdf’.
Hi,
it is very unlikely cryptsetup problem but I would guess some kernel crypt or library ARM glitch.
(Cryptsetup is tested even on new ARM64 and there is not many platform dependent code.)
Whatever, please send me full output from that command with added --debug.
I always need exact versions of kernel, crypto libraries a obviously cryptsetup.
(If us use other hash it works even on Pi? Try sha1 and sha256 at least.)
Thanks,
Milan
>
>
>> On Feb 20, 2015, at 14:25, Lars Winterfeld <lars.winterfeld@tu-ilmenau.de> wrote:
>>
>> Hi.
>>
>> You could add another keyslot with a keyfile and open the device with
>> that to be absolutely sure you did not just miss-type the password
>> (because of a different keyboard layout on the Raspberry Pi 2 etc.)
>>
>>
>>
>> On 20.02.2015 22:37, Johannes Ernst wrote:
>>> TL;DR:
>>> cryptsetup --hash sha512 --key-size 512 -v luksFormat ./test.img
>>> cannot be opened again on the new Raspberry Pi 2. Shorter key-size, and other platforms work.
>>>
>>> This is a bit a puzzler to me …
>>>
>>> This is what I do:
>>> # Create 8M image
>>> dd if=/dev/zero of=./test.img count=8 bs=1M
>>> # Set up encryption -- enter a suitable password when asked
>>> cryptsetup --hash sha512 --key-size 512 -v luksFormat ./test.img
>>> # Now attempt to open it, entering the same password
>>> cryptsetup open test.img test
>>>
>>> and indeed it works for me on x86_64, the Raspberry PI 1, and the BeagleBone Black. However, it fails on the Raspberry Pi 2 with:
>>> "No key available with this passphrase."
>>>
>>> If I create the encrypted image on the Raspberry Pi 2, I can open it on other platforms. However, I cannot open any image with these parameters on the Raspberry Pi 2, regardless where it was created.
>>>
>>> If I set the key-size to 256 bit, it works on all platforms.
>>>
>>> The Raspberry Pi 2 is an ARM v7 processor, unlike the Raspberry Pi 1. But then, the BeagleBone Black is Arm V7, too.
>>>
>>> Puzzled ...
>>>
>>>
>>>
>>>
>>> Johannes.
next prev parent reply other threads:[~2015-02-21 6:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-20 21:37 [dm-crypt] cryptsetup problem on Raspberry Pi 2 w 512bit key-size (works on Raspberry Pi 1, x86_64, 256bit) Johannes Ernst
2015-02-20 22:25 ` Lars Winterfeld
2015-02-20 22:59 ` Johannes Ernst
2015-02-21 6:53 ` Milan Broz [this message]
2015-02-22 19:29 ` Johannes Ernst
2015-02-22 19:36 ` Johannes Ernst
2015-02-22 19:40 ` Johannes Ernst
2015-02-22 20:20 ` Milan Broz
2015-02-23 18:44 ` Johannes Ernst
2015-02-23 19:03 ` Milan Broz
2015-02-23 23:02 ` Johannes Ernst
2015-02-28 0:48 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54E82B80.8000607@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=johannes.ernst@gmail.com \
--cc=lars.winterfeld@tu-ilmenau.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox