blowfish and cryptoloop modules question

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: jgj7.ignorantguru@mailnull.com
To: linux-kernel@vger.kernel.org
Subject: blowfish and cryptoloop modules question
Date: Fri, 27 Nov 2009 13:58:53 -0500 (EST)	[thread overview]
Message-ID: <m1NE61t-004yeQC@outside.256.com> (raw)

I have a question for the maintainer of these modules or losetup but haven't been able to find an address.  I posted this to an Arch forum but no one could explain it.  

I don't need my entire hard drive encrypted so my habit is to create a small blowfish container using the cryptoloop and blowfish kernel modules.  Something like:

Code:

## Load modules
/sbin/modprobe cryptoloop
/sbin/modprobe blowfish
## Make file "secfilename"
dd if=/dev/urandom of=secfilename bs=1024k count=10
## Set file as target of loop device
losetup -e blowfish /dev/loop0 secfilename
## Make ext3 filesystem
mkfs -t ext3 /dev/loop0
## Mount filesystem
mount -t ext3 /dev/loop0 /mnt/loop
#...
## Unmount, detach, and sync
umount /dev/loop0
## Detach loop device
losetup -d /dev/loop0
sync

Here's my question:  A long time ago, when I changed from SUSE to Ubuntu, I could no longer mount the container - it said there was no valid FS on it.  So I had to recreate it.  This made me question SUSE's blowfish implementation - was it crippled or have a backdoor?  Now, years later I have installed Arch, and once again my container wasn't portable.  Arch couldn't open Ubuntu's blowfish container.  I had to recreate it from scratch with the 'new' blowfish.

Will the real blowfish please stand up.

Needless to say, this makes me question the integrity of these modules.  A cryptographic algorithm, if properly implemented, should not be distro-centric.  For my purposes it's probably not critical, but what's going on?  I can mount my unencrypted ext3 partitions created by Ubuntu fine in Arch.  Why are the blowfish modules not compatible?

And if they are, then why is losetup so inconsistent between distributions?

If they aren't compatible for a legitimate reason, I think they should be, as using different implementations is the only way users can verify an implementation.

Thanks for any info.

----------
This message was sent from a MailNull anti-spam account.  You can get
your free account and take control over your email by visiting the
following URL.

   http://mailnull.com/

next             reply	other threads:[~2009-11-27 19:09 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-27 18:58 jgj7.ignorantguru [this message]
2009-11-27 21:48 ` blowfish and cryptoloop modules question markus reichelt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1NE61t-004yeQC@outside.256.com \
    --to=jgj7.ignorantguru@mailnull.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox