[clug] Can't mount an encrupted backup file system

steve jenkin sjenkin at canb.auug.org.au
Tue Jun 12 01:03:20 MDT 2012 

John,

New eePC == Ubuntu 10.04. As released or updated?

Old eePC == ????. I checked and couldn't see what it was.

In the results you give, you're using different Cipher modes.
I didn't see the /proc configs on both machines.

Reading the versions of man pages, the kernel you're running matters.
Could you show us the two kernel versions?

Are they both 32-bit kernels/machines?

manpage extracts below.
The sort of problem you're seeing is often seen in "downgrades".

cheers
steve

PS: cbc == Chained Block Cipher, doesn't it?
XTS mode == ???

jhock wrote on 12/06/12 12:05 PM:

> This command on the old eeePC for the 1Tb backup disk gives:
> 
> # cryptsetup luksDump /dev/sdc1
> Cipher mode:   	cbc-essiv:sha256

new? or 1Gb stick.

> # cryptsetup luksDump /dev/sdd1
> Cipher mode:   cbc-plain


Cryptsetup man pages:

8.04
<http://manpages.ubuntu.com/manpages/hardy/man8/cryptsetup.8.html>

--cipher, -c
set cipher specification  string.  Usually,  this  is  "aes-cbc-plain".
 For  pre-2.6.10  kernels, use "aes-plain" as they don’t understand the
new cipher spec strings. To use ESSIV, use  "aes-cbc-essiv:sha256".

10.04
<http://manpages.ubuntu.com/manpages/lucid/man8/cryptsetup.8.html>
 --cipher, -c
 set  cipher  specification  string. For plain dm-crypt mappings,  the
default is "aes-cbc-plain", for LUKS mappings it’s
"aes-cbc-essiv:sha256".  For  pre-2.6.10 kernels, use "aes-plain" as
they don’t understand the new cipher spec strings. To use ESSIV,  use
"aes-cbc-essiv:sha256".
 For  XTS mode, kernel version 2.6.24 or more recent is required.
Use "aes-xts-plain" cipher specification and set key size to 256 (or
512) bits (see -s option).

12.04
<http://manpages.ubuntu.com/manpages/precise/man8/cryptsetup.8.html>

--cipher, -c
set cipher specification string.
Default  mode  is  configurable  during compilation, you can see
compiled-in default using cryptsetup --help.   If  not  changed, the
default  is  for plain dm-crypt and LUKS mappings "aes-cbc-essiv:sha256".

 For XTS mode, kernel version 2.6.24 or more recent is  required.
Use  "aes-xts-plain64"  cipher specification and set key size to 256 (or
512)  bits  (see  -s  option).   Note  that  plain64  IV (Initialization
Vector) is available since kernel version 2.6.33 and it is full 64bit
version of plain IV. For more  info  please see FAQ.
-- 
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin

More information about the linux mailing list