2009-11-27 19:09:21

by jgj7.ignorantguru

[permalink] [raw]
Subject: blowfish and cryptoloop modules question

I have a question for the maintainer of these modules or losetup but haven't been able to find an address. I posted this to an Arch forum but no one could explain it.

I don't need my entire hard drive encrypted so my habit is to create a small blowfish container using the cryptoloop and blowfish kernel modules. Something like:

Code:

## Load modules
/sbin/modprobe cryptoloop
/sbin/modprobe blowfish
## Make file "secfilename"
dd if=/dev/urandom of=secfilename bs=1024k count=10
## Set file as target of loop device
losetup -e blowfish /dev/loop0 secfilename
## Make ext3 filesystem
mkfs -t ext3 /dev/loop0
## Mount filesystem
mount -t ext3 /dev/loop0 /mnt/loop
#...
## Unmount, detach, and sync
umount /dev/loop0
## Detach loop device
losetup -d /dev/loop0
sync

Here's my question: A long time ago, when I changed from SUSE to Ubuntu, I could no longer mount the container - it said there was no valid FS on it. So I had to recreate it. This made me question SUSE's blowfish implementation - was it crippled or have a backdoor? Now, years later I have installed Arch, and once again my container wasn't portable. Arch couldn't open Ubuntu's blowfish container. I had to recreate it from scratch with the 'new' blowfish.

Will the real blowfish please stand up.

Needless to say, this makes me question the integrity of these modules. A cryptographic algorithm, if properly implemented, should not be distro-centric. For my purposes it's probably not critical, but what's going on? I can mount my unencrypted ext3 partitions created by Ubuntu fine in Arch. Why are the blowfish modules not compatible?

And if they are, then why is losetup so inconsistent between distributions?

If they aren't compatible for a legitimate reason, I think they should be, as using different implementations is the only way users can verify an implementation.

Thanks for any info.


----------
This message was sent from a MailNull anti-spam account. You can get
your free account and take control over your email by visiting the
following URL.

http://mailnull.com/


2009-11-27 21:55:55

by markus reichelt

[permalink] [raw]
Subject: Re: blowfish and cryptoloop modules question

* [email protected] wrote:

> Why are the blowfish modules not compatible?

Have a look at section 2.8 of

http://loop-aes.sourceforge.net/loop-AES.README

--
left blank, right bald


Attachments:
(No filename) (197.00 B)
(No filename) (198.00 B)
Download all attachments