[dm-crypt] Strange kind of corruption on a dm-crypt device

Arno Wagner arno at wagner.name
Sat May 14 19:18:55 CEST 2011


On Sat, May 14, 2011 at 08:01:21PM +0300, Oren Held wrote:
> Alright. Problem solved.
> As mentioned in Debian's
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568008, default cipher was
> changed from aes-cbc-plain to aes-cbc-essiv:sha256, while mine uses the
> former.

Just as I suspected. aes-cbc-plain is the very old default from 
cryptsetup 1.0.x (see FAQ section 8). Possibly Debian kept it longer
for backwards compatibility.

> (Still, crypttab should've enforced it, as I had a cipher=aes-cbc-plain
> line. I'll update if I find any interesting finding on that)

Interessting. That sounds like a bug. But cryptsetup does not 
read /etc/crypttab, that is done by some init-scripting, which
is part of the distro. File a bug with Debian if you find
what the issue is.


Arno







 
> 10x
> 
> Oren
> 
> On 14 May 2011 18:58, Oren Held <oren.held at gmail.com> wrote:
> 
> > Uh; sorry for the messed message.. will re-paste with clean formatting.
> > ----
> >
> > Hi,
> >
> > I'm using dm-crypt for 2 years now and it's rather stable. I'm not using
> > luks but only 'cryptsetup create' method. Suddenly this morning, after an
> > unclean shutdown, I've encountered a strange problem:
> >
> > When I use 'cryptsetup create homes /dev/mapper/myvg-homes' and enter the
> > passphrase, instead of creating a new dm device with a proper ext4 fs as
> > it used to, I get a bad device. But not *totally* bad.
> >
> > Fsck/mount fail to find the superblock. Also no backup superblocks are
> > available. I did try the 'mkfs -n' for finding the backup superblocks, for
> > fsck -b, but none of them works.
> > ===================================================
> > fsck from util-linux-ng 2.17.2
> > e2fsck 1.41.12 (17-May-2010)
> > fsck.ext4: Superblock invalid, trying backup blocks...
> > fsck.ext4: The ext2 superblock is corrupt while trying to open
> > /dev/mapper/homes
> >
> > The superblock could not be read or does not describe a correct ext2
> > filesystem.  If the device is valid and it really contains an ext2
> > filesystem (and not swap or ufs or something else), then the superblock
> > is corrupt, and you might try running e2fsck with an alternate superblock:
> >     e2fsck -b 8193 <device>
> > ===================================================
> >
> > Why is this case strange? because when I read the device with my naked eye
> > (or with 'strings' command) I can see lots of plain, *unencrypted* file
> > content. so it seems like some kind of a limbo, decryption worked, but not
> > so well...
> >
> > I'm using Debian unstable (kernel 2.6.38-2), which just got the upgrade
> > package for cryptsetup 1.3.0 yesterday. I'm not sure if my problem has to do
> > with the upgrade, but the timing makes me wonder. I did try downgrading to
> > 1.2.0 and to 2.6.37, but it didn't help.
> >
> > Any suggestion on how to progress? anybody experienced something similar
> > recently? I'm still not sure if it's a real bug in cryptsetup/dm/kernel, or
> > something broken specifically in my place.
> >
> > 10x
> >
> > Oren
> >
> >

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list