[Mageia-dev] unable to mount encrypted partitions created with drakdisk
simple w8
simplew8 at gmail.com
Wed Mar 21 08:41:00 CET 2012
2012/3/21 David W. Hodgins <davidwhodgins at gmail.com>:
> On Tue, 20 Mar 2012 20:57:47 -0400, simple w8 <simplew8 at gmail.com> wrote:
>
>> Hi,
>>
>> I use sometimes to boo Windows, and if i need some file i use to mount
>> my /home encrypted partition using FreeOTFE (or TrueCrypt) to access
>> the files i need, but i saw today that the /home partition that was
>> created in mageia is not possible to mount with FreeOTFE or TrueCrypt.
>>
>> But the /home partition created with mandriva drakdisk can be mounted
>> with those 2 applications, so seams that Mageia drakdisk isnt doing
>> something right.
>
>
> That's likely a result of
> https://bugs.mageia.org/show_bug.cgi?id=3092
>
> With the default settings, cryptsetup uses cbc mode encryption,
> which makes it much more likely that it can be cracked.
>
> See http://clemens.endorphin.org/nmihde/nmihde-A4-os.pdf
> for an explanation of how this is done.
>
> In Mageia's diskdrake, the setting is overridden to use xts mode,
> instead of cbc mode.
>
> If you prefer to use the less secure method, in order
> to keep it compatible with the windows applications, you'll
> have to re-encrypt it manually with
> cryptsetup luksFormat /dev/sd??.
>
> Don't forget to backup the data first, as this will erase that
> device.
>
> Regards, Dave Hodgins
Thanks for the clarification, and was a very good improvement :)
But i think it would be better to have in diskdrake some option
allowing the user to choose the cypher, since the default cypher used
in cryptsetup and in other apps that support luks, is cbc, and this
way diskdrake is putting it incompatible with remaning apps that
support luks.
This way the user could be informed about whats happening and also
would have a choice, that would be great and would in fact increase
diskdrake popularity.
More information about the Mageia-dev
mailing list