[clug] Can't mount an encrupted backup file system

jhock jhock at iinet.net.au
Wed Jun 13 03:14:37 MDT 2012 

Hi Steve,

Thanks for the response. The content of your email is slowly sinking in.
It seems although the kernal etc. are the same I need to use the same
parameters for the encryption.

Please see answers below:

On Tue, 2012-06-12 at 17:03 +1000, steve jenkin wrote:
> John,
> 
> New eePC == Ubuntu 10.04. As released or updated?
> 

Updated.
$ uname -a
Linux black-eeePC 2.6.32-41-generic #89-Ubuntu SMP Fri Apr 27 22:22:09
UTC 2012 i686 GNU/Linux

> Old eePC == ????. I checked and couldn't see what it was.

Updated. 
$ uname -a
Linux johns-eeePC 2.6.32-41-generic #89-Ubuntu SMP Fri Apr 27 22:22:09
UTC 2012 i686 GNU/Linux

> 
> In the results you give, you're using different Cipher modes.
> I didn't see the /proc configs on both machines.
> 

old:
====
$ cat /proc/crypto 
name         : ecb(aes)
driver       : ecb(aes-asm)
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : sha256
driver       : sha256-generic
module       : sha256_generic
priority     : 0
refcnt       : 3
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 28

name         : cbc(aes)
driver       : cbc(aes-asm)
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : givcipher
async        : no
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : eseqiv

name         : cbc(aes)
driver       : cbc(aes-asm)
module       : kernel
priority     : 200
refcnt       : 758
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : aes
driver       : aes-asm
module       : aes_i586
priority     : 200
refcnt       : 760
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : rng
seedsize     : 0

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1513
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

===========================================================================

new:
====
$ cat /proc/crypto 
name         : cbc(aes)
driver       : cbc(aes-asm)
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : ecb(aes)
driver       : ecb(aes-asm)
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : aes
driver       : aes-asm
module       : aes_i586
priority     : 200
refcnt       : 61
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32


name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : ecb(arc4)
driver       : ecb(arc4-generic)
module       : kernel
priority     : 0
refcnt       : 3
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 1
max keysize  : 256
ivsize       : 0
geniv        : <default>

name         : arc4
driver       : arc4-generic
module       : arc4
priority     : 0
refcnt       : 3
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 1
max keysize  : 256

name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 1
selftest     : passed
type         : rng
seedsize     : 0


name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 119
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16


> Reading the versions of man pages, the kernel you're running matters.
> Could you show us the two kernel versions?

old: 2.6.32-41-generic
new: 2.6.32-41-generic
> 
> Are they both 32-bit kernels/machines?
> 

old: i686 = 32 bit
new: i686 = 32 bit

I'll let you ponder over this information while I try to understand the
man pages below and "fiddle" with the new eeePC.

Thanks.


John

> manpage extracts below.
> The sort of problem you're seeing is often seen in "downgrades".
> 
> cheers
> steve
> 
> PS: cbc == Chained Block Cipher, doesn't it?
> XTS mode == ???
> 
> jhock wrote on 12/06/12 12:05 PM:
> 
> > This command on the old eeePC for the 1Tb backup disk gives:
> > 
> > # cryptsetup luksDump /dev/sdc1
> > Cipher mode:   	cbc-essiv:sha256
> 
> new? or 1Gb stick.
> 
> > # cryptsetup luksDump /dev/sdd1
> > Cipher mode:   cbc-plain
> 
> 
> Cryptsetup man pages:
> 
> 8.04
> <http://manpages.ubuntu.com/manpages/hardy/man8/cryptsetup.8.html>
> 
> --cipher, -c
> set cipher specification  string.  Usually,  this  is  "aes-cbc-plain".
>  For  pre-2.6.10  kernels, use "aes-plain" as they don’t understand the
> new cipher spec strings. To use ESSIV, use  "aes-cbc-essiv:sha256".
> 
> 10.04
> <http://manpages.ubuntu.com/manpages/lucid/man8/cryptsetup.8.html>
>  --cipher, -c
>  set  cipher  specification  string. For plain dm-crypt mappings,  the
> default is "aes-cbc-plain", for LUKS mappings it’s
> "aes-cbc-essiv:sha256".  For  pre-2.6.10 kernels, use "aes-plain" as
> they don’t understand the new cipher spec strings. To use ESSIV,  use
> "aes-cbc-essiv:sha256".
>  For  XTS mode, kernel version 2.6.24 or more recent is required.
> Use "aes-xts-plain" cipher specification and set key size to 256 (or
> 512) bits (see -s option).
> 
> 12.04
> <http://manpages.ubuntu.com/manpages/precise/man8/cryptsetup.8.html>
> 
> --cipher, -c
> set cipher specification string.
> Default  mode  is  configurable  during compilation, you can see
> compiled-in default using cryptsetup --help.   If  not  changed, the
> default  is  for plain dm-crypt and LUKS mappings "aes-cbc-essiv:sha256".
> 
>  For XTS mode, kernel version 2.6.24 or more recent is  required.
> Use  "aes-xts-plain64"  cipher specification and set key size to 256 (or
> 512)  bits  (see  -s  option).   Note  that  plain64  IV (Initialization
> Vector) is available since kernel version 2.6.33 and it is full 64bit
> version of plain IV. For more  info  please see FAQ.
> -- 
> Steve Jenkin, Info Tech, Systems and Design Specialist.
> 0412 786 915 (+61 412 786 915)
> PO Box 48, Kippax ACT 2615, AUSTRALIA
> 
> sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin

More information about the linux mailing list