Red Hat Bugzilla – Bug 243086
Hash algorithm produces different encryption key after upgrade FC5 -> F7
Last modified: 2007-11-30 17:12:06 EST
Description of problem: Yesterday I have upgraded from FC5 to F7 - complete new installation, not a system update. Since then I cannot create an encryption layer for my SATA drive which I have created with FC5. dmsetup shows a different key after cryptsetup has setup the device. Version-Release number of selected component (if applicable): cryptsetup-luks-1.0.3-4.fc7 How reproducible: Under FC5 (and Knoppix 5.2) do: # cat key|cryptsetup -c aes-cbc-essiv:sha256 create _dev_sda1 /dev/sda1 # dmsetup --showkeys table _dev_sda1 0 976768002 crypt aes-cbc-essiv:sha256 <key1> 0 8:1 0 Under F7 do: # cat key|cryptsetup -c aes-cbc-essiv:sha256 create _dev_sdc1 /dev/sdc1 # dmsetup --showkeys table _dev_sdc1 0 976768002 crypt aes-cbc-essiv:sha256 <key2> 0 8:33 0 But I can use dmsetup directly, along with the table I obtained with Knoppix, to setup the encryption. # dmsetup create _dev_sdc1 <table_file_from_knoppix> I have tried different hashing algorithms (plain, md4, md5, ripemd160, sha1, tiger192). They all produces different keys (which is really fine...) but none produces <key1> which I need to access my data. Remark: in F7 device names have changed, that's why sda becomes sdc. I have to use Knoppix, because FC5 does not exist any more on my hard drives.
I forgot to report that another partition (a PATA drive, previously hdc) is working just fine, before the upgrade to F7 and hereafter. I use exactly the same procedure as described above.
Anyone reading this? Suggestions? Hints? Request of additional information?
(In reply to comment #2) > Anyone reading this? Suggestions? Hints? Request of additional information? Do you still have this problem? Can you show me an example with the complete table for an example key, I do not have any FC5 to reproduce this on available atm.
Can you test cryptsetup-luks 1.0.5 from updates-testing (fc7)? "yum install --enablerepo updates-testing update cryptsetup-luks"? It gives me the same table that Knoppix 5.2 gives for the password "Secret".
As you suggested I installed cryptsetup-luks-1.0.5-4.fc7.1.i386.rpm from updates/testing and this bug disappeared. Now cryptsetup produces applicable keys. Thank you for the hint. How was this problem solved? Version upgrade, removing patch2 (as I saw in the changelog) or just magic? ;)
(In reply to comment #5) > How was this problem solved? Version upgrade, removing patch2 (as I saw in the > changelog) or just magic? ;) I guess it was something that happened upstream, patch2 did not change anything in the beheaviour of cryptsetup.
cryptsetup-luks-1.0.5-4.fc7.1 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.