Re: Remove disk encryption in Maintenance Mode

Roger Heflin wrote: > I am not sure what version mine last worked on. I would guess the > default changed on 39 or 40. > > What fixed it for me (type plain password from stdin) was adding > --hash ripemd160 (they appear to have changed the default hash, BAD > developer). > > Guessing related to

Re: Remove disk encryption in Maintenance Mode

I am not sure what version mine last worked on. I would guess the default changed on 39 or 40. What fixed it for me (type plain password from stdin) was adding --hash ripemd160 (they appear to have changed the default hash, BAD developer). Guessing related to this: https://gitlab.com/cryptsetup/

Re: Remove disk encryption in Maintenance Mode

On Thu, Nov 7, 2024 at 8:03 PM Roger Heflin wrote: > > The encryption defaults changed sometime recently. I don't see the change documented at or . That's unfortunate. > The

Re: Remove disk encryption in Maintenance Mode

The encryption defaults changed sometime recently. The defaults cryptsetup command I had in a script stopped mount my encrypted filesystem until I did a bunch of research and found out what parameters needed to be specified to match the prior default. If you want to try what I found out reply an

Re: Remove disk encryption in Maintenance Mode

> On 5 Nov 2024, at 23:04, richard emberson wrote: > > So, my question, is it possible to remove the encryption on a disk > in maintenance mode. If one can, then, maybe, I might be able to login > into my media server. I suggest that you boot from a fedora install usb and then use cryptsetup t

Re: Remove disk encryption in Maintenance Mode

Thank you for your suggestions. Keyboard does not look like it is the issue. I also tried to start the fedora rescue selection, but it also required the entry of the LUKS passphrase (Curiously, while a normal release starts with a different gui and stops asking for the passphrase after 4 or 5 at

Re: Remove disk encryption in Maintenance Mode

On Tue, 2024-11-05 at 18:25 -0800, richard emberson wrote: > Early in Maintenance Mode I tested the keyboard and typed in the passphrase, > twice, and it appeared on the screen correctly. Just to be thorough... On the graphical login screen see if there's an icon for choosing keyboard layout/lang

Re: Remove disk encryption in Maintenance Mode

I tried to upgrade 3 different machine from 40 to 41. All older that boot with /boot/efi. Two machines were laptops and one machine was a desktop media server. All three failed the same way. The disk decryption mechanism did not work. Same error message generated. If I had to guess, I believe th

Re: Remove disk encryption in Maintenance Mode

One must enter the encryption passphrase before you get to select what kernel to load. On 11/5/24 3:44 PM, Jonathan Billings wrote: But more importantly, have you tried booting older kernels in GRUB2 on boot? It’s possible (albeit unlikely) that the new kernel was built with broken cryptsetup

Re: Remove disk encryption in Maintenance Mode

Early in Maintenance Mode I tested the keyboard and typed in the passphrase, twice, and it appeared on the screen correctly. On 11/5/24 6:17 PM, Tim via users wrote: On Tue, 2024-11-05 at 18:44 -0500, Jonathan Billings wrote: Sometimes it’s a broken keyboard. Oh the fun (not) of trying to log

Re: Remove disk encryption in Maintenance Mode

On Tue, 2024-11-05 at 18:44 -0500, Jonathan Billings wrote: > Sometimes it’s a broken keyboard. Oh the fun (not) of trying to login with a crappy laptop keyboard. You can't see what characters are being typed, so you have zero clues about what's going wrong... On older releases I could switch on

Re: Remove disk encryption in Maintenance Mode

On Nov 5, 2024, at 18:04, richard emberson wrote: > > So, my question, is it possible to remove the encryption on a disk > in maintenance mode. If one can, then, maybe, I might be able to login > into my media server. So, if I’m reading this right, you updated to Fedora 41 and now you can’t unl

Remove disk encryption in Maintenance Mode

Background Start: On 11/01/2024 upgraded 40->41 on my old Jetta laptop and everything was fine. The Jetta does not have encrypted disks. On 11/02/2024 upgrade 40->41 failed on old supermicro X10Sat media server with some encrypted disks. After upgrade, everything seemed fine. Then, upon reb

On the security of the Linux disk encryption LUKS

Here's some interesting reading. "On the security of the Linux disk encryption LUKS," https://dys2p.com/en/2023-05-luks-security.html: Background On April 17, 2023 Matthew “mjg59” Garrett published an appeal to change the key derivation function (KDF) of LUKS-encrypted volumes: PS

Re: Weakness in disk encryption?

Methinks that better than having a program try to get 128 bits out of 20 bits is to start with 128 bits. This is especially true if one's opponent is a government[*]. At 6 bits per character, 128 bits can be expressed as 22 characters. Put the output of uuidgen -r through a filter to get 22 charct

Re: Weakness in disk encryption?

On Wed, 19 Apr 2023 07:53:33 +0200 Andreas Fournier wrote: > I just read this article about weaknesses in Linux disk encryption > https://mjg59.dreamwidth.org/66429.html > and wonder how it applies to Fedora? > Can the instructions in the article be applied to a Fedora > installat

Re: Weakness in disk encryption?

On Wed, 2023-04-19 at 07:53 +0200, Andreas Fournier wrote: > I just read this article about weaknesses in Linux disk encryption > https://mjg59.dreamwidth.org/66429.html > and wonder how it applies to Fedora? To be honest, I've always considered encryption of drives to *probab

Weakness in disk encryption?

I just read this article about weaknesses in Linux disk encryption https://mjg59.dreamwidth.org/66429.html and wonder how it applies to Fedora? Can the instructions in the article be applied to a Fedora installation? ___ users mailing list -- users

Re: disk encryption

, looks like a new LUKS format is in our future. And so is live conversion. https://devconfcz2016.sched.org/event/5nsA/the-future-of-disk-encryption-with-luks2 -- Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fed

Re: disk encryption

On 01/15/2016 11:52 AM, Roberto Ragusa wrote: On 01/15/2016 04:58 PM, Robert Nichols wrote: 3. Copy the decrypted data directly back to the partition at the correct offset (4096 sectors assumed here): dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1 4. Adjust the partit

Re: disk encryption

> On 01/14/2016 06:40 PM, Jeffrey Ross wrote: >> I installed Fedora 23 on a Laptop a while back and I decided to use disk >> encryption. At this point I find the disk encryption to be more of a >> hindrance and would like to remove it. >> >> Am I correct that it m

Re: disk encryption

On 01/15/2016 04:58 PM, Robert Nichols wrote: > 3. Copy the decrypted data directly back to the partition at the >correct offset (4096 sectors assumed here): > dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1 > 4. Adjust the partition table to add 4096 sectors to the starti

Re: disk encryption

On 01/14/2016 08:40 PM, Jeffrey Ross wrote: I installed Fedora 23 on a Laptop a while back and I decided to use disk encryption. At this point I find the disk encryption to be more of a hindrance and would like to remove it. Am I correct that it may simply be easier to re-install the system

Re: disk encryption

Slightly off topic: Android and Cyanogenmod have an encryption option, it converts the user data volume in place, and its reversible. Does anyone know what they're leveraging to do this? If it were only in Google's Android I might guess it's one of those proprietary parts, but it's definitely in C

Re: disk encryption

I think you can get rid of disk encryption using luksipc. Here is what I did when I had to do the reverse process: https://lists.fedoraproject.org/pipermail/users/2015-December/467195.html Not completely sure it will help, but I think luksipc should have the potential to work. Best wishes

Re: disk encryption

On 01/14/2016 06:40 PM, Jeffrey Ross wrote: I installed Fedora 23 on a Laptop a while back and I decided to use disk encryption. At this point I find the disk encryption to be more of a hindrance and would like to remove it. Am I correct that it may simply be easier to re-install the system

disk encryption

I installed Fedora 23 on a Laptop a while back and I decided to use disk encryption. At this point I find the disk encryption to be more of a hindrance and would like to remove it. Am I correct that it may simply be easier to re-install the system rather than try to remove the encryption or

Re: hardware full disk encryption

On Dec 12, 2013, at 6:23 PM, Wolfgang S. Rupprecht wrote: > > It also strikes me that one can set the ssd disk password at any time > after OS installation. Since the disk contents are already encrypted > and will continue to be encrypted by the same AES key, from the data's > perspective noth

Re: hardware full disk encryption

Chris Murphy writes: > On Dec 12, 2013, at 1:36 PM, "Wolfgang S. Rupprecht" > wrote: >> >> If I didn't have always on, hardware FDE for free in the SSD, I'm >> sure I'd be happy with LUKS. > > Yes, it's annoying. But the task is also difficult to do correctly in > a preboot environment. Arguabl

Re: hardware full disk encryption

On Dec 12, 2013, at 1:36 PM, "Wolfgang S. Rupprecht" wrote: > > If I didn't have always on, hardware FDE for free in the SSD, I'm > sure I'd be happy with LUKS. Yes, it's annoying. But the task is also difficult to do correctly in a preboot environment. Arguably they got ahead of themselves a

Re: hardware full disk encryption

On Dec 12, 2013, at 12:32 PM, Wolfgang S. Rupprecht wrote: > > I've got a standard consumer Intel 520 SSD, which claims to do hardware > based AES disk encryption with no speed penalty. It sounds like a > useful way to protect laptop data if the laptop is ever stolen. Has

Re: hardware full disk encryption

On Thu, Dec 12, 2013 at 12:36:59 -0800, "Wolfgang S. Rupprecht" wrote: Of course, with the Snowden revelations, one has to wonder how random the randomly chosen internal AES key is. If it is from an intentionally crippled RNG, it may be easy for someone in the know to do a brute-force search

Re: hardware full disk encryption

Bruno Wolff III writes: > On Thu, Dec 12, 2013 at 11:32:41 -0800, > "Wolfgang S. Rupprecht" wrote: >>Google is failing me here due to search spam for LUKS which doesn't >>appear to be capable of *full* *disk* encryption. It only seems to >>encrypt

Re: hardware full disk encryption

On Thu, Dec 12, 2013 at 11:32:41 -0800, "Wolfgang S. Rupprecht" wrote: I've got a standard consumer Intel 520 SSD, which claims to do hardware based AES disk encryption with no speed penalty. It sounds like a useful way to protect laptop data if the laptop is ever stolen. H

hardware full disk encryption

I've got a standard consumer Intel 520 SSD, which claims to do hardware based AES disk encryption with no speed penalty. It sounds like a useful way to protect laptop data if the laptop is ever stolen. Has anyone tried to do hardware-based full disk encryption with Fedora? Does one need to

Disk encryption using ecryptfs fails: "You do not own that encrypted directory"

Hi, A friend of mine told me ubuntu offers a ecryptfs based solution, where only a directory is encrypted (therefor no need for seperate partitions or ugly image files),and which is mounted automatically using the user's password at logon time. I discovered with Fedora-15 I can do the same using

Re: Fedora Hard Disk Encryption and FIPS 140-2 Compliance

On Mon, 2010-05-24 at 10:42 -0400, Edmon Begoli wrote: > Does anyone know if Fedora's HD encryption is, or could it be, compliant with > US NIST requirement for hard disk encryption included in NIST FIPS 140-2? > > http://csrc.nist.gov/groups/STM/cmvp/#05 > > Thanks. FIP

Fedora Hard Disk Encryption and FIPS 140-2 Compliance

Does anyone know if Fedora's HD encryption is, or could it be, compliant with US NIST requirement for hard disk encryption included in NIST FIPS 140-2? http://csrc.nist.gov/groups/STM/cmvp/#05 Thanks. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscri