'Re: [opensuse] Problem with cryptotab and Opensuse 10.3'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse
Subject:    Re: [opensuse] Problem with cryptotab and Opensuse 10.3
From:       "Carlos E. R." <robin.listas () telefonica ! net>
Date:       2007-11-30 14:17:40
Message-ID: alpine.LSU.0.9999.0711301459300.2626 () nimrodel ! valinor
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Monday 2007-11-26 at 00:10 +0100, Jan Tiggy wrote:

> Carlos E. R. schrieb:
>
>> [...]
>
>> Ah, I see you did something similar later. You also need twofish there.
>
> Thx Carlos
> I've sorted it out with your help.

We have been talking about encrypted filesystems in the opensuse-security 
mail list. You might be interested in reading about it in the archive, 
some interesting docs and sites have come out.

If you use fstab entries with the encryption options there (like option 
"encryption=twofish256"), it will use the old "cryptoloop" method (<= 
10.2). To use the new "dm-crypt" method (10.3) you need to use 
/etc/cryptotab or /etc/crypttab (they are different). In both cases you 
can manually mount/umount a partition using "/etc/init.d/boot.crypto 
start" or "stop":

using cryptotab:

   /etc/init.d/boot.crypto start /crypto_mount_point

using crypttab:

   /etc/init.d/boot.crypto start /crypto_partition_or_image_file


It is not possible to mount encrypted filesystems by the new "dm-crypt" by 
using the command "mount" alone or entries in fstab; mount does not 
support it (yet?). A device mapper "thing" has to be created previously 
using cryptsetup.


And, a kernel bug has come out affecting "cryptoloop": if you are 
affected, the encrypted filesystem freezes with no error logged, just that 
the apps writing there freeze and can not be halted. Requires hard power 
off :-(

- -- 
Cheers,
        Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFHUBuNtTMYHG2NR9URAkV4AJ4trqEtWTgX12bVqNZN8Qb0mnivCACcD/nh
CbHqe+/u9fBvI4P1tHDVf1I=
=vmUB
-----END PGP SIGNATURE-----

-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic