[dm-crypt] Replacing cryptoloop with dm-crypt in Debian with twofish and offset

Milan Broz mbroz at redhat.com
Wed Apr 13 15:57:37 CEST 2011


On 04/13/2011 03:21 PM, Arno Wagner wrote:
> Hi,
> 
> one thing that I immediately see is that losetup
> specifies the offset in bytes, while cryptsetup uses
> sectors (of 512 bytes).
> 
> Maybe try 
> 
>   cryptsetup create -c twofish -o 5 testAB /dev/sdb1

yes, and there are many more options - because the losetup
exists in many versions, you need to check what exactly
it uses - then just setup parameters accordingly.

- note offset bytes vs sectors (see above)
- sometimes you need to set not only offset but also IV offset (to the same value)
- note encryption mode (probably you need "-c twofish-cbc-plain")
- key size (for 128 bits use "-s 128")
- hash algorithm for passphrase (perhaps ripemd160, maybe sha256)

Example (I am using loop-aes patched losetup here, so it may be quite different for you):

losetup-aes -e aes128 -o 2560 /dev/loop0 /dev/sdb

is equivalent to 

cryptsetup create -o 5 --skip 5 -c aes-cbc-plain -s 128 -h sha256 <name> /dev/sdb

but as I said, it depends which losetup you are using, it is quite mess sometimes:-)
(and it cannot be autodetected easily...)

Milan


More information about the dm-crypt mailing list