util-linux and data encryption

util-linux and data encryption

[Paulo da Silva]

If this is not the right place to post about
util-linux, please tell me where to post.
I'm posting here because util-linux is at kernel.org.
_____________________________
I had a loop filesystem encrypted with twofish
algorithm.

Today, trying to mount the file, 'mount' claimed
I needed to enter a password of 20 chars or more!
Since I used less chars to encrypt, I was not able
to recover the information!!!
I tried CFLAGS="-DLOOP_PASSWORD_MIN_LENGTH=8"
without any success. This causes 'mount' to accept
the password, but, somehow, the decryption failled
because the fs type remained unrecognized!

BTW, I am using gentoo and I also tried USE=old-crypt.
No way!

I needed to install the version 2.12i to recover
my information.

Is this related with util-linux or has something
to do with gentoo patches or something?

This should not happen! Changing things like this
must keep some kind of compatibility with old ones.

How do I encrypt important data for the future?

Thank you for any comments.

Re: util-linux and data encryption

[Adrian Bunk]

On Mon, Oct 03, 2005 at 05:04:14PM +0100, Paulo da Silva wrote:

> If this is not the right place to post about
> util-linux, please tell me where to post.
> I'm posting here because util-linux is at kernel.org.
>...

If you have problems with some software shipped with a distribution the
best choice is usually the support / bug tracking system of your
distribution.

In your case, the problem seems to be already reported as Gentoo
bug #107680 [1].

> BTW, I am using gentoo and I also tried USE=old-crypt.
> No way!
> 
> I needed to install the version 2.12i to recover
> my information.
> 
> Is this related with util-linux or has something
> to do with gentoo patches or something?
>...

You are using features not present in the upstream util-linux but added 
by patches Gentoo applies.

> Thank you for any comments.

cu
Adrian

[1] http://bugs.gentoo.org/107680

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Re: util-linux and data encryption

[Paulo da Silva]

Adrian Bunk wrote:

>On Mon, Oct 03, 2005 at 05:04:14PM +0100, Paulo da Silva wrote:
>
>  
>
>>If this is not the right place to post about
>>util-linux, please tell me where to post.
>>I'm posting here because util-linux is at kernel.org.
>>...
>>    
>>
>
>If you have problems with some software shipped with a distribution the
>best choice is usually the support / bug tracking system of your
>distribution.
>
>In your case, the problem seems to be already reported as Gentoo
>bug #107680 [1].
>
>  
>
>>BTW, I am using gentoo and I also tried USE=old-crypt.
>>No way!
>>
>>I needed to install the version 2.12i to recover
>>my information.
>>
>>Is this related with util-linux or has something
>>to do with gentoo patches or something?
>>...
>>    
>>
>
>You are using features not present in the upstream util-linux but added 
>by patches Gentoo applies.
>
>  
>
*I am very sorry*.
At first I did not think this could be a problem of gentoo.
It just came up to my mind when I was writing this post.
That's why I added the lines refering 'gentoo'!
I should have looked at gentoo first ...
I'll be more carefull next time, if there is a next time :-(

Thank you anyway for your answer.

Paulo

Re: util-linux and data encryption

[Jari Ruusu]

Paulo da Silva wrote:
> I had a loop filesystem encrypted with twofish
> algorithm.
> 
> Today, trying to mount the file, 'mount' claimed
> I needed to enter a password of 20 chars or more!
> Since I used less chars to encrypt, I was not able
> to recover the information!!!
> I tried CFLAGS="-DLOOP_PASSWORD_MIN_LENGTH=8"
> without any success. This causes 'mount' to accept
> the password, but, somehow, the decryption failled
> because the fs type remained unrecognized!
> 
> BTW, I am using gentoo and I also tried USE=old-crypt.
> No way!
> 
> I needed to install the version 2.12i to recover
> my information.
> 
> Is this related with util-linux or has something
> to do with gentoo patches or something?

Seems like gentoo has merged loop-AES' util-linux patch which has always
used better defaults.

Mainline util-linux compatible mount options for /etc/fstab

    encryption=twofish256,phash=unhashed2

Mainline util-linux compatible losetup command options

    losetup -e twofish256 -H unhashed2 ......

kerneli.org compatible mount options for /etc/fstab

    encryption=twofish256,phash=rmd160

kerneli.org compatible losetup command options

    losetup -e twofish256 -H rmd160 ......

mount and losetup programs don't enforce 20 character minimum passphrase
length when using 'rmd160' or 'unhashed2' hash functions.

Both mainline util-linux and kerneli.org compatible setups are broken
securitywise. If there still are file systems using such broken setups, now
is good time to re-encrypt them using stronger crypto.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD