[clug] Can't mount an encrupted backup file system
steve jenkin
sjenkin at canb.auug.org.au
Tue Jun 12 01:03:20 MDT 2012
John,
New eePC == Ubuntu 10.04. As released or updated?
Old eePC == ????. I checked and couldn't see what it was.
In the results you give, you're using different Cipher modes.
I didn't see the /proc configs on both machines.
Reading the versions of man pages, the kernel you're running matters.
Could you show us the two kernel versions?
Are they both 32-bit kernels/machines?
manpage extracts below.
The sort of problem you're seeing is often seen in "downgrades".
cheers
steve
PS: cbc == Chained Block Cipher, doesn't it?
XTS mode == ???
jhock wrote on 12/06/12 12:05 PM:
> This command on the old eeePC for the 1Tb backup disk gives:
>
> # cryptsetup luksDump /dev/sdc1
> Cipher mode: cbc-essiv:sha256
new? or 1Gb stick.
> # cryptsetup luksDump /dev/sdd1
> Cipher mode: cbc-plain
Cryptsetup man pages:
8.04
<http://manpages.ubuntu.com/manpages/hardy/man8/cryptsetup.8.html>
--cipher, -c
set cipher specification string. Usually, this is "aes-cbc-plain".
For pre-2.6.10 kernels, use "aes-plain" as they don’t understand the
new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
10.04
<http://manpages.ubuntu.com/manpages/lucid/man8/cryptsetup.8.html>
--cipher, -c
set cipher specification string. For plain dm-crypt mappings, the
default is "aes-cbc-plain", for LUKS mappings it’s
"aes-cbc-essiv:sha256". For pre-2.6.10 kernels, use "aes-plain" as
they don’t understand the new cipher spec strings. To use ESSIV, use
"aes-cbc-essiv:sha256".
For XTS mode, kernel version 2.6.24 or more recent is required.
Use "aes-xts-plain" cipher specification and set key size to 256 (or
512) bits (see -s option).
12.04
<http://manpages.ubuntu.com/manpages/precise/man8/cryptsetup.8.html>
--cipher, -c
set cipher specification string.
Default mode is configurable during compilation, you can see
compiled-in default using cryptsetup --help. If not changed, the
default is for plain dm-crypt and LUKS mappings "aes-cbc-essiv:sha256".
For XTS mode, kernel version 2.6.24 or more recent is required.
Use "aes-xts-plain64" cipher specification and set key size to 256 (or
512) bits (see -s option). Note that plain64 IV (Initialization
Vector) is available since kernel version 2.6.33 and it is full 64bit
version of plain IV. For more info please see FAQ.
--
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list