Red Hat Bugzilla – Bug 243086
Hash algorithm produces different encryption key after upgrade FC5 -> F7
Last modified: 2007-11-30 17:12:06 EST
Description of problem:
Yesterday I have upgraded from FC5 to F7 - complete new installation, not a
system update. Since then I cannot create an encryption layer for my SATA drive
which I have created with FC5. dmsetup shows a different key after cryptsetup
has setup the device.
Version-Release number of selected component (if applicable):
Under FC5 (and Knoppix 5.2) do:
# cat key|cryptsetup -c aes-cbc-essiv:sha256 create _dev_sda1 /dev/sda1
# dmsetup --showkeys table _dev_sda1
0 976768002 crypt aes-cbc-essiv:sha256 <key1> 0 8:1 0
Under F7 do:
# cat key|cryptsetup -c aes-cbc-essiv:sha256 create _dev_sdc1 /dev/sdc1
# dmsetup --showkeys table _dev_sdc1
0 976768002 crypt aes-cbc-essiv:sha256 <key2> 0 8:33 0
But I can use dmsetup directly, along with the table I obtained with Knoppix, to
setup the encryption.
# dmsetup create _dev_sdc1 <table_file_from_knoppix>
I have tried different hashing algorithms (plain, md4, md5, ripemd160, sha1,
tiger192). They all produces different keys (which is really fine...) but none
produces <key1> which I need to access my data.
Remark: in F7 device names have changed, that's why sda becomes sdc. I have to
use Knoppix, because FC5 does not exist any more on my hard drives.
I forgot to report that another partition (a PATA drive, previously hdc) is
working just fine, before the upgrade to F7 and hereafter. I use exactly the
same procedure as described above.
Anyone reading this? Suggestions? Hints? Request of additional information?
(In reply to comment #2)
> Anyone reading this? Suggestions? Hints? Request of additional information?
Do you still have this problem? Can you show me an example with the complete
table for an example key, I do not have any FC5 to reproduce this on available atm.
Can you test cryptsetup-luks 1.0.5 from updates-testing (fc7)? "yum install
--enablerepo updates-testing update cryptsetup-luks"? It gives me the same table
that Knoppix 5.2 gives for the password "Secret".
As you suggested I installed cryptsetup-luks-1.0.5-4.fc7.1.i386.rpm from
updates/testing and this bug disappeared. Now cryptsetup produces applicable
keys. Thank you for the hint.
How was this problem solved? Version upgrade, removing patch2 (as I saw in the
changelog) or just magic? ;)
(In reply to comment #5)
> How was this problem solved? Version upgrade, removing patch2 (as I saw in the
> changelog) or just magic? ;)
I guess it was something that happened upstream, patch2 did not change anything
in the beheaviour of cryptsetup.
cryptsetup-luks-1.0.5-4.fc7.1 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.