Loop-AES not working in 3.2 or 3.3


Forum: User Feedback
Topic: Loop-AES not working in 3.2 or 3.3
started by: madmarvcr
Posted by madmarvcr on Feb. 21 2007,23:15
The following works in 3.1

but I can not mount my old loop-AES container or even create a new loop-AES in 3.2 or 3.3


here are steps I take

entry in to /etc/fstab

/mnt/hdb/data/volume.dat /mnt/hdb/vdat ext2 defaults,noauto,loop=/dev/loop1,encryption=aes256 0 0

in shell run following commands
Code Sample

dd if=/dev/urandom of=/mnt/hdb/data/volume.dat bs=1M count=10
losetup -F /dev/loop1
password:
mkfs.ext2 /dev/loop1
losetup -d /dev/loop1

mount /mnt/hdb/vdat
password:



This works in 3.1, but not in 3.2 or 3.3

The mount command fails
Posted by ^thehatsrule^ on Feb. 22 2007,01:38
afaik the mount binary was updated, but maybe the encryption thing was not compiled in?

What errors do you get now?
Posted by fredvej on Feb. 22 2007,15:20
In DSL 3.2 this works :

dd if=/dev/urandom of=FILETOUSE
sudo losetup -e aes256 /dev/loop0 FILETOUSE
sudo mkfs -t ext2 /dev/loop0
sudo mount /dev/loop0 MOUNTPOINT -v -t ext2

Mounting encrypted filesystems in files using loopdevice works, but I do things differently than you.

Could it be a timing problem ?  If what you do is run in a script, you are mounting and unmounting the loop device in quick succession.
Posted by WDef on Feb. 22 2007,17:02
It looks like mount has been replaced with an unpatched mount from utils-linux.  The patch comes from the loop-aes sources v1.x, or the binary from the debian mount-aes-utils package.  Without the patch mount can't use the shorthand /etc/fstab line to call losetup for you.

BUT you shouldn't be using loop-aes v1.x anyway (I've posted this several times before)!

It's very insecure, its author says so.  He also says not to use it!  Use loop-aes v3.x in dsl-n.

To move your data:

Back up your plaintext in case somthing goes wrong. Create a new (other)  encrypted partition using loop-aes v3.x in dsl-n, mount your loop-aes v1 partitions in loop-aes v.3.x, and copy your data fron the old encrypted mounted partition to the new.  Then umount your old encrypted partition  and *shred* the old device, many times for good measure.

Don't try to mount loop-aes v3.x encrypted partitions in loop-aes v1.x - it's not backward-compatible - you will probably bork them and lose your plaintext data.

Don't ever use single key loop-aes.  Only use gpg-encrypted multikey  - see the loop-aes readme.

I have a working loop-aes v3.x extension for dsl which I'll post soon (testing), and it includes the patched mount binary.  I didn't know there was any demand.
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.