[dm-crypt] Migrating from loop AES to dm-crypt

Matthias Schniedermeyer ms at citd.de
Sat Sep 15 14:04:51 CEST 2012


On 14.09.2012 18:35, Nick Battle wrote:
> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
> mount and losetup do not have the file encryption options they used to, since
> everyone should have migrated to dm-crypt. The trouble is, I now have some
> encrypted backup volumes that I cannot read!
> 
> I used to mount the archives with:
> 
> 	mount ... -o loop,phash=sha256,encryption=aes128
> 
> It looks like I should be using the loopaesOpen option to cryptsetup to mount
> these now, but I cannot find a combination of options that works. I'm trying the
> following:
> 
> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
> sha256 -c aes-cbc-plain
> 
> Where the file pp has my passphrase (without a newline) - that I used to enter
> at the prompt mount gave when using the "-o loop". This successfully sets up the
> mapper, but the result is not recognizable as a filesystem (I think it's ext2).
> So I assume the crypto and/or passphrase hash isn't quite right.
> 
> I'm afraid the archives are so old that I don't know which options I used to
> originally create them, though I almost certainly chose "defaults".
> 
> Can anyone help?

That isn't whan loopaesOpen is needed for. It is needed for loop-aes v2 
or v3 format.

What you describe is v1. Which, as far as i understand, is "plain" 
"aes128-CBC", with a sha256-round for the passphrase.

An easy way to decrypt loop-aes is by using "aespipe" (same author), 
which can also be found on the loop-aes site: 
http://loop-aes.sourceforge.net/aespipe/

And boy is that fast when you have a CPU with AES-NI. I recently 
decrypted some DVDs i recorded several years ago. They were encrypted 
with loop-aes v1/aes128 and a dcrypt with aespie in tmpfs only took 2.8 
seconds on average for 4489MiB, IOW 1.6GiB/s using a single core.




Bis denn

-- 
Real Programmers consider "what you see is what you get" to be just as 
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated, 
cryptic, powerful, unforgiving, dangerous.



More information about the dm-crypt mailing list