[dm-crypt] [ANNOUNCE] =?iso-8859-1?q?cryptsetup=091=2E3=2E0-rc1=09?=( =?iso-8859-1?q?test=09release=09candidate?=)

Ludwig Nussel ludwig.nussel at suse.de
Thu Apr 14 16:28:29 CEST 2011

Rudolf Deilmann wrote:
> Am Wed, 23 Mar 2011 15:37:48 +0100
> schrieb Milan Broz <mbroz at redhat.com>:
> > BTW key size 160 bits? strange size. for which cipher?
> > Probably kernel cryptoAPI module limitation, there should be no limit
> > in dmcrypt.
> it's mentioned for twofish and blowfish in my manpage of losetup
> (losetup/loop-aes  accepts even other key lengths. I don't know,
> if this behaviour is intentend or make sense at all )
> http://loop-aes.sourceforge.net/ciphers.README mentions twofish160 only.
> According to this document, it's necessary for compatibility with suse
> 8.1 encryption ( together with other unusal and insecure settings).

Cryptsetup does support the odd format of those old images. The key
length for those images actually isn't 160 bits but 192 though. The
missing bits of the 160 bit ripemd160 output were padded with zeros.
The needed options for cryptsetup are
--cipher twofish-cbc-null -s 192 -h ripemd160:20


 (o_   Ludwig Nussel
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

More information about the dm-crypt mailing list