[dm-crypt] Migrating from loop AES to dm-crypt
Matthias Schniedermeyer
ms at citd.de
Sat Sep 15 14:04:51 CEST 2012
On 14.09.2012 18:35, Nick Battle wrote:
> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
> mount and losetup do not have the file encryption options they used to, since
> everyone should have migrated to dm-crypt. The trouble is, I now have some
> encrypted backup volumes that I cannot read!
>
> I used to mount the archives with:
>
> mount ... -o loop,phash=sha256,encryption=aes128
>
> It looks like I should be using the loopaesOpen option to cryptsetup to mount
> these now, but I cannot find a combination of options that works. I'm trying the
> following:
>
> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
> sha256 -c aes-cbc-plain
>
> Where the file pp has my passphrase (without a newline) - that I used to enter
> at the prompt mount gave when using the "-o loop". This successfully sets up the
> mapper, but the result is not recognizable as a filesystem (I think it's ext2).
> So I assume the crypto and/or passphrase hash isn't quite right.
>
> I'm afraid the archives are so old that I don't know which options I used to
> originally create them, though I almost certainly chose "defaults".
>
> Can anyone help?
That isn't whan loopaesOpen is needed for. It is needed for loop-aes v2
or v3 format.
What you describe is v1. Which, as far as i understand, is "plain"
"aes128-CBC", with a sha256-round for the passphrase.
An easy way to decrypt loop-aes is by using "aespipe" (same author),
which can also be found on the loop-aes site:
http://loop-aes.sourceforge.net/aespipe/
And boy is that fast when you have a CPU with AES-NI. I recently
decrypted some DVDs i recorded several years ago. They were encrypted
with loop-aes v1/aes128 and a dcrypt with aespie in tmpfs only took 2.8
seconds on average for 4489MiB, IOW 1.6GiB/s using a single core.
Bis denn
--
Real Programmers consider "what you see is what you get" to be just as
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated,
cryptic, powerful, unforgiving, dangerous.
More information about the dm-crypt
mailing list