migration: cryptoloop -> dmcrypt
in [General Linux]
|
From: avlee on 14 Sep 2008 04:21 Hello I have partistion encrypted with cryptoloop. But after upgrading to new gentoo - it does not support it any more. When i try to mount: arrakis ~ # mount /dev/md7 Password: ioctl: LOOP_SET_STATUS: No such file or directory (i did not touch kernel during upgrade, so i have everything what was needed) I want to migrate to dm-crypt. The question is how can i do it without loosing data on cryptoloop partitions ? If i: cryptsetup -y create mycrypt /dev/md7 and provide the same password will it see old partition ? (is it "compatibile" with cryptoloop ?) Thanx
From: Gregory Shearman on 14 Sep 2008 04:29 On 2008-09-14, avlee <teknet8(a)gazeta.pl> wrote: > Hello > > I have partistion encrypted with cryptoloop. > But after upgrading to new gentoo - it does not support it any more. > When i try to mount: > > arrakis ~ # mount /dev/md7 > Password: > ioctl: LOOP_SET_STATUS: No such file or directory > > (i did not touch kernel during upgrade, so i have everything what was > needed) > I want to migrate to dm-crypt. > The question is how can i do it without loosing data on cryptoloop > partitions ? > > If i: cryptsetup -y create mycrypt /dev/md7 > and provide the same password will it see old partition ? (is it > "compatibile" with cryptoloop ?) Have you tried installing loop-aes? -- Regards, Gregory. Gentoo Linux - Penguin Power
From: avlee on 14 Sep 2008 04:44 > On 2008-09-14, avlee <teknet8(a)gazeta.pl> wrote: >> Hello >> >> I have partistion encrypted with cryptoloop. >> But after upgrading to new gentoo - it does not support it any more. >> When i try to mount: >> >> arrakis ~ # mount /dev/md7 >> Password: >> ioctl: LOOP_SET_STATUS: No such file or directory >> >> (i did not touch kernel during upgrade, so i have everything what was >> needed) >> I want to migrate to dm-crypt. >> The question is how can i do it without loosing data on cryptoloop >> partitions ? >> >> If i: cryptsetup -y create mycrypt /dev/md7 >> and provide the same password will it see old partition ? (is it >> "compatibile" with cryptoloop ?) > > Have you tried installing loop-aes? > no, i did not. i want to aviod it. I try to find any bootable linux cd which support cryptoloop with AES256. Unfortunately gentoo install cd only supports AES128. Could you recoomend any distribution which support cryptoloop with AES256 ? Thanx
From: Douglas Mayne on 14 Sep 2008 11:01 On Sun, 14 Sep 2008 10:21:44 +0200, avlee wrote: > Hello > > I have partistion encrypted with cryptoloop. > But after upgrading to new gentoo - it does not support it any more. > When i try to mount: > > arrakis ~ # mount /dev/md7 > Password: > ioctl: LOOP_SET_STATUS: No such file or directory > > (i did not touch kernel during upgrade, so i have everything what was > needed) > I want to migrate to dm-crypt. > The question is how can i do it without loosing data on cryptoloop > partitions ? > > If i: cryptsetup -y create mycrypt /dev/md7 > and provide the same password will it see old partition ? (is it > "compatibile" with cryptoloop ?) > AFAIK, cryptsetup is backward compatible with the older cryptoloop. Be aware, you must use "plain" hashing for the key (-h plain). The following should achieve equivalent results. YMMV (all ciphers and cases not tested). # losetup -e serpent /dev/loop0 /dev/hdx1 # cryptsetup -h plain -c serpent create hdx1 /dev/hdx1 > > Thanx > Note: comment inline. You should look in your kernel's configuration to make sure you have support for both cryptoloop and for device mapper targets. For example, $ cat /proc/config.gz | gzip -cd | grep CRYPTOLOOP $ cat /proc/config.gz | gzip -cd | grep DM_ These kernel modules can be built-in, modular, or not included. If they are modules, you need to "modprobe" them first. # modprobe cryptoloop # modprobe dm-crypt Here are a few extra notes for your consideration: 1. If you are converting your partitions to use new keys, then some key hashing function should be selected. "Plain" is usually not ideal. This is specified with the -h parameter to cryptsetup. 2. New encryption ciphering techniques have been added which use better IV hashing functions. For example, aes-cbc-essiv:sha256 is one type that has been added to offer similar functionality to loop-aes. YMMV. 3. Low-level assembly routines have been added to the kernel for added performance to aes ciphering. Its performance is on par with serpent, now. YMMV. -- Douglas Mayne
|
Pages: 1 Prev: Question about mencoder... Next: setup problem using usb floppy drive |