[pkg-cryptsetup-devel] Bug#768407: Bug#768407: cryptsetup: dm-crypt disk unlocks on older Debian, does not on current testing

Jonas Meurer jonas at freesources.org
Mon Dec 15 20:11:39 UTC 2014 

Hello,

first, sorry for the long delay. I'm busy with my exams right now and
have less time than I'd like to for cryptsetup maintaining tasks :(

Am 07.11.2014 um 14:56 schrieb Clayton:
> On Fri, 07 Nov 2014 11:08:31 +0100
> Milan Broz <gmazyland at gmail.com> wrote:
>>> backcrypt /dev/sdb2 none
>>> cipher=aes-cbc-plain,size=256,hash=ripemd160,noauto,loud
>>
>> If it is not passphrase, are you sure these were the correct
>> parameters? Who added them there? (mainly check mode:
>> -plain /-essiv:sha256, key size 128/256 ?)
>>
>> (it should be, these are old cryptsetup plain defaults but you should
>> check old crypttab backups for sure... 
> 
> ....like I said that file has not changed. The same partition unlocks
> using an older cryptsetup on an older Debian and EXACTLY the same
> crypttab. Therefore, something ails the new version of cryptsetup -or-
> there is some kind of new undocumented default behavior.
> 
>> really better use LUKS to avoid this problem, 
> 
> Yes, I use LUKS on all new installs, but this disk was built many years
> ago. I am sure there will be a few Wheezy --> Jessie upgrades with
> similar legacy disks.

Honestly, I don't think that the cipher/size/hash parameters are the
cause for trouble here. If they were, others (e.g. me) would have run
into this issue as well. Something else must have changed.

>> or even better - if you have systtem which opens
>> it correctly, use cryptsetup status for active device and check it)
>>
> Like you said,
> 
> 	cipher=aes-cbc-plain,size=256,hash=ripemd160
> 
> are the old old defaults and should work. And they still do. With a
> slightly older version of crytpsetup, same encrypted partition.

Did you try manual unlocking of the dm-crypt device? That way, all
changes to initscripts, crypttab processing, etc. could be factored out
as possible root for the issue.

Please try manual unlocking both with the up-to-date system and with the
old usb live system:

# cryptsetup --cipher=aes-cbc-plain --size=256 --hash=ripemd160 \
	create backcrypt /dev/sdb2
# blkid /dev/mapper/backcrypt

Also, what comes into my mind is the keyboard layout. Please type your
passphrase to the console (and delete it directly afterwards) and check
carefully whether it's exactly the same on both setups.

Cheers,
 jonas

More information about the pkg-cryptsetup-devel mailing list