I have been experimenting with this, testing different cipher algorithms and kernel versions.
The problem appears to be AES. When I use blowfish as the cipher algorithm, then there is no problem. Did openssl get updated recently? I had already tried the newest version of encfs from source. The only thing that springs to mind is that this system is running on a VIA EPIA SN board, which has AES in h/w. However, I don't have the padlock_aes module loaded for these tests... I will try a different version of openssl to see whether that makes any difference. Thanks for your help, Best wishes, Mark 2008/11/27 Eduard Bloch <[EMAIL PROTECTED]>: > #include <hallo.h> > > To be honest, I have no idea of what's going wrong on your system. > Please test 1.5.2 packages from > http://people.debian.org/~blade/experimental/ though I see no relevant > fixes between 1.4.2 and 1.5.2. If that does not help then I hope that > upstream author might help you (BCc'ed). > > @Valient: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506966 for > previous information. > > Regards, > Eduard. > > * Mark Wardle [Wed, Nov 26 2008, 07:33:05PM]: >> I wrote that it seemed to be a problem with short, long, or --extpass >> passwords, implying that this was a problem with newly created (and >> indeed old) filesystems. Maybe I wasn't clear. >> >> Here is a simple transcript creating a filesystem, unmounting it, and >> then trying to re-mount it. >> Note: one can use a short, long or --extpass provided password. In >> this example, I used a single character password. >> >> NB: This used to work a week or two ago after an undefined update >> (that didn't flag anything to me as nothing seemed related - did >> libssl get updated - or could it be the kernel update). >> >> # >> # uname -a >> Linux 2.6.26-1-686 #1 SMP Sat Nov 8 19:00:26 UTC 2008 i686 GNU/Linux >> # cd /tmp >> # mkdir one >> # mkdir two >> # encfs -v /tmp/one /tmp/two >> 19:19:48 (main.cpp:515) Root directory: /tmp/one/ >> 19:19:48 (main.cpp:516) Fuse arguments: (daemon) (threaded) (keyCheck) >> encfs /tmp/two -s -o use_ino -o default_permissions >> Creating new encrypted volume. >> Please choose from one of the following options: >> enter "x" for expert configuration mode, >> enter "p" for pre-configured paranoia mode, >> anything else, or an empty line will select standard mode. >> ?> >> >> Standard configuration selected. >> 19:19:54 (SSL_Cipher.cpp:325) allocated cipher ssl/aes, keySize 24, ivlength >> 16 >> 19:19:54 (FileUtils.cpp:1009) Using cipher AES, key size 192, block size 1024 >> >> Configuration finished. The filesystem to be created has >> the following properties: >> 19:19:54 (Interface.cpp:165) checking if ssl/aes(2:1:1) implements >> ssl/aes(2:1:1) >> 19:19:54 (SSL_Cipher.cpp:325) allocated cipher ssl/aes, keySize 24, ivlength >> 16 >> Filesystem cipher: "ssl/aes", version 2:1:1 >> 19:19:54 (Interface.cpp:165) checking if nameio/block(3:0:1) >> implements nameio/block(3:0:1) >> Filename encoding: "nameio/block", version 3:0:1 >> 19:19:54 (Interface.cpp:165) checking if ssl/aes(2:1:1) implements >> ssl/aes(2:1:1) >> 19:19:54 (SSL_Cipher.cpp:325) allocated cipher ssl/aes, keySize 24, ivlength >> 16 >> Key Size: 192 bits >> Block Size: 1024 bytes >> Each file contains 8 byte header with unique IV data. >> Filenames encoded using IV chaining mode. >> >> Now you will need to enter a password for your filesystem. >> You will need to remember this password, as there is absolutely >> no recovery mechanism. However, the password can be changed >> later using encfsctl. >> >> 19:19:54 (openssl.cpp:48) Allocating 39 locks for OpenSSL >> 19:19:54 (FileUtils.cpp:1061) useStdin: 0 >> New Encfs Password: >> Verify Encfs Password: >> 19:19:59 (Interface.cpp:165) checking if nameio/block(3:0:1) >> implements nameio/block(3:0:1) >> # >> # mount >> [--extraneous stuff removed--] >> fusectl on /sys/fs/fuse/connections type fusectl (rw) >> encfs on /tmp/two type fuse.encfs >> (rw,nosuid,nodev,default_permissions,user=mark) >> # fusermount -u two >> # encfs -v /tmp/one /tmp/two >> 19:20:23 (main.cpp:515) Root directory: /tmp/one/ >> 19:20:23 (main.cpp:516) Fuse arguments: (daemon) (threaded) (keyCheck) >> encfs /tmp/two -s -o use_ino -o default_permissions >> 19:20:23 (Interface.cpp:165) checking if ssl/aes(2:1:1) implements >> ssl/aes(2:1:0) >> 19:20:23 (SSL_Cipher.cpp:325) allocated cipher ssl/aes, keySize 24, ivlength >> 16 >> 19:20:23 (FileUtils.cpp:1431) useStdin: 0 >> EncFS Password: >> 19:20:24 (openssl.cpp:48) Allocating 39 locks for OpenSSL >> 19:20:24 (FileUtils.cpp:1442) configuration key size = 44 >> 19:20:24 (FileUtils.cpp:1443) cipher key size = 44 >> 19:20:24 (SSL_Cipher.cpp:520) checksum mismatch: expected 3113033503, >> got 4078413378 >> 19:20:24 (SSL_Cipher.cpp:521) on decode of 40 bytes >> Error decoding volume key, password incorrect >> # >> >> Am I doing something stupid? This used to work. >> >> Best wishes, >> >> Mark >> -- >> Dr. Mark Wardle >> Specialist registrar, Neurology >> Cardiff, UK >> > > -- > Der Glaube kann uns niemals von etwas überzeugen, was unserer > Erkenntnis zuwiderläuft. > -- John Locke > > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > -- Dr. Mark Wardle Specialist registrar, Neurology Cardiff, UK -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
