[clug] Can't mount an encrupted backup file system
jhock
jhock at iinet.net.au
Wed Jun 13 03:14:37 MDT 2012
Hi Steve,
Thanks for the response. The content of your email is slowly sinking in.
It seems although the kernal etc. are the same I need to use the same
parameters for the encryption.
Please see answers below:
On Tue, 2012-06-12 at 17:03 +1000, steve jenkin wrote:
> John,
>
> New eePC == Ubuntu 10.04. As released or updated?
>
Updated.
$ uname -a
Linux black-eeePC 2.6.32-41-generic #89-Ubuntu SMP Fri Apr 27 22:22:09
UTC 2012 i686 GNU/Linux
> Old eePC == ????. I checked and couldn't see what it was.
Updated.
$ uname -a
Linux johns-eeePC 2.6.32-41-generic #89-Ubuntu SMP Fri Apr 27 22:22:09
UTC 2012 i686 GNU/Linux
>
> In the results you give, you're using different Cipher modes.
> I didn't see the /proc configs on both machines.
>
old:
====
$ cat /proc/crypto
name : ecb(aes)
driver : ecb(aes-asm)
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : sha256
driver : sha256-generic
module : sha256_generic
priority : 0
refcnt : 3
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : sha224
driver : sha224-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 28
name : cbc(aes)
driver : cbc(aes-asm)
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : givcipher
async : no
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : eseqiv
name : cbc(aes)
driver : cbc(aes-asm)
module : kernel
priority : 200
refcnt : 758
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : aes
driver : aes-asm
module : aes_i586
priority : 200
refcnt : 760
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : stdrng
driver : krng
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : rng
seedsize : 0
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1513
selftest : passed
type : shash
blocksize : 64
digestsize : 16
===========================================================================
new:
====
$ cat /proc/crypto
name : cbc(aes)
driver : cbc(aes-asm)
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : ecb(aes)
driver : ecb(aes-asm)
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : aes
driver : aes-asm
module : aes_i586
priority : 200
refcnt : 61
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : ecb(arc4)
driver : ecb(arc4-generic)
module : kernel
priority : 0
refcnt : 3
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 1
max keysize : 256
ivsize : 0
geniv : <default>
name : arc4
driver : arc4-generic
module : arc4
priority : 0
refcnt : 3
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 1
max keysize : 256
name : stdrng
driver : krng
module : kernel
priority : 200
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 119
selftest : passed
type : shash
blocksize : 64
digestsize : 16
> Reading the versions of man pages, the kernel you're running matters.
> Could you show us the two kernel versions?
old: 2.6.32-41-generic
new: 2.6.32-41-generic
>
> Are they both 32-bit kernels/machines?
>
old: i686 = 32 bit
new: i686 = 32 bit
I'll let you ponder over this information while I try to understand the
man pages below and "fiddle" with the new eeePC.
Thanks.
John
> manpage extracts below.
> The sort of problem you're seeing is often seen in "downgrades".
>
> cheers
> steve
>
> PS: cbc == Chained Block Cipher, doesn't it?
> XTS mode == ???
>
> jhock wrote on 12/06/12 12:05 PM:
>
> > This command on the old eeePC for the 1Tb backup disk gives:
> >
> > # cryptsetup luksDump /dev/sdc1
> > Cipher mode: cbc-essiv:sha256
>
> new? or 1Gb stick.
>
> > # cryptsetup luksDump /dev/sdd1
> > Cipher mode: cbc-plain
>
>
> Cryptsetup man pages:
>
> 8.04
> <http://manpages.ubuntu.com/manpages/hardy/man8/cryptsetup.8.html>
>
> --cipher, -c
> set cipher specification string. Usually, this is "aes-cbc-plain".
> For pre-2.6.10 kernels, use "aes-plain" as they don’t understand the
> new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
>
> 10.04
> <http://manpages.ubuntu.com/manpages/lucid/man8/cryptsetup.8.html>
> --cipher, -c
> set cipher specification string. For plain dm-crypt mappings, the
> default is "aes-cbc-plain", for LUKS mappings it’s
> "aes-cbc-essiv:sha256". For pre-2.6.10 kernels, use "aes-plain" as
> they don’t understand the new cipher spec strings. To use ESSIV, use
> "aes-cbc-essiv:sha256".
> For XTS mode, kernel version 2.6.24 or more recent is required.
> Use "aes-xts-plain" cipher specification and set key size to 256 (or
> 512) bits (see -s option).
>
> 12.04
> <http://manpages.ubuntu.com/manpages/precise/man8/cryptsetup.8.html>
>
> --cipher, -c
> set cipher specification string.
> Default mode is configurable during compilation, you can see
> compiled-in default using cryptsetup --help. If not changed, the
> default is for plain dm-crypt and LUKS mappings "aes-cbc-essiv:sha256".
>
> For XTS mode, kernel version 2.6.24 or more recent is required.
> Use "aes-xts-plain64" cipher specification and set key size to 256 (or
> 512) bits (see -s option). Note that plain64 IV (Initialization
> Vector) is available since kernel version 2.6.33 and it is full 64bit
> version of plain IV. For more info please see FAQ.
> --
> Steve Jenkin, Info Tech, Systems and Design Specialist.
> 0412 786 915 (+61 412 786 915)
> PO Box 48, Kippax ACT 2615, AUSTRALIA
>
> sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list