# Losetup asking for a 20 character password?

## durian

Hej,

Harddisk crashed, and I had to reinstall... I had one file as encrypted partition, which I used to mount using the losetup mechanism. When I try to do this now I get:

```
localhost ~ # losetup -e aes /dev/loop /mnt/d/cfile 

Password: 

Error: Password must be at least 20 characters.

```

I had set this up with a smaller password. What am I doing wrong? I would like to mount this file again...

-peter

----------

## pem

If you have lost your password on an encrypted aes file with loop-aes, there's no mean to get its content back. That's for the sad part  :Sad: 

Anyway, from the command you've provided, I see that you're trying to create a loopback device on /dev/loop. Except if you got an alias of /dev/loop on something else, I guess it should be /dev/loop1 or /dev/loop2 or ... There's maybe something aroud here.

One other thing, maybe you've created this encrypted file using a passphrase for a more complicated encryption. If it's a one key encryption, the general way is to use an MD5 of the passphrase as the key for the aes encryption. In this case, you should do something like that:

```
md5sum --string "My brillant passphrase" | awk {'print $1'} | losetup -p /dev/loop1 /mnt/d/cfile
```

If you have used multikey encryption, you got to find your keyfile (also named keystore for the Java addicts). It's generally a file named blablabla.gpg as it's created by GnuPG.

----------

## durian

 *pem wrote:*   

> If you have lost your password on an encrypted aes file with loop-aes, there's no mean to get its content back. That's for the sad part :( 

 

I'm sure I have the right password - and I'm sure it wasn't 20 characters!

 *pem wrote:*   

> Anyway, from the command you've provided, I see that you're trying to create a loopback device on /dev/loop. Except if you got an alias of /dev/loop on something else, I guess it should be /dev/loop1 or /dev/loop2 or ... There's maybe something aroud here. 

 

Yeah, I have been trying all possibilities, this one got pasted in :)

 *pem wrote:*   

> One other thing, maybe you've created this encrypted file using a passphrase for a more complicated encryption. If it's a one key encryption, the general way is to use an MD5 of the passphrase as the key for the aes encryption. In this case, you should do something like that:
> 
> ```
> md5sum --string "My brillant passphrase" | awk {'print $1'} | losetup -p /dev/loop1 /mnt/d/cfile
> ```
> ...

 

More things to try :-)

Thanks!

-peter

----------

## hede

same problem here.

newer losetup (util-linux-2.12q-r1) refuses to decrypt my good-old-cryptoloop-image :

```

# losetup -e twofish-128 /dev/loop4 /data/michael/crypted.img

Password:

Error: Password must be at least 20 characters.

```

i'm sure its losetup because if i try the old one (didnt update util-linux for a long time):

```

# /mnt/gentoo-old/sbin/losetup -e twofish-128 /dev/loop4 /data/michael/crypted.img

Password:

# mount /dev/loop4 /data/michael/crypted

```

everything is fine. i would like to stress that it works with changing the losetup-binary only.

(man pages of the old and new one differ also (they differ completely...)

i've read there is a security flaw in losetup/cryptoloop so they decided to ... hmm ... don't know...

i think its the wrong way to disable such an important feature strictly. i would prefere a warning so the user can ignore this warning, catch his data and maybe use a saver method afterwards.

does anyone know where to find further information on how this kind of encryption works and what they changed so it worked in past but not today?

----------

## durian

 *hede wrote:*   

> 
> 
> i'm sure its losetup because if i try the old one (didnt update util-linux for a long time):
> 
> ```
> ...

 

Hmm.. can I borrow your old binary? :-)

-peter

----------

## hede

 *Quote:*   

> Hmm.. can I borrow your old binary?  

 

if your answer is not a joke  :Smile: 

maybe you can, its -march=athlon-xp.

i've uploaded it:

(with a losetup from debian woody, for pentium-users)

http://www.der-die-das-hede.de/losetup.tar.gz

you can try but i dont know if it works, i dont even know if the woody-version works at my system

PS: borrow! i'll want it back   :Shocked: 

----------

## durian

 *hede wrote:*   

>  *Quote:*   Hmm.. can I borrow your old binary? :-)  
> 
> if your answer is not a joke :-) 
> 
> maybe you can, its -march=athlon-xp.
> ...

 

Actually - half joking...not sure if it will work by just changing the one binary, but why not try. So I will when I get home from work tonight! Thanks!

ps: You'll get it back :-)

(edit) pps: oops, I am running an AMD64 system, I guess I need to find an older 64 bits binary to try this...

-peter

----------

## hede

 *Quote:*   

> oops, I am running an AMD64 system, I guess I need to find an older 64 bits binary to try this... 

 

i thought AMD64 can run 32 and 64 bit apps at once? if so, an AMD64 should be able to run a (predecessor)athlonXP-optimized binary, shouldnt it?

PS: try (emerge) an older sys-apps/util-linux (my working is 2.12b) or compile it by hand and copy the losetup-exe to /usr/local/bin or ~/bin i.e. <<util-linux-sources>>

i think there are many possible work-arounds. 

PPS: but remember: there is a reason for disabling <20-character-passwords! dont forget to recrypt your data with a longer/stronger passwort.

----------

## Mr Faber

Just compile util-linux with the useflag "old-crypt" and without "crypt". The new util-linux supports loop-aes since it is compatbile with old-cryptoloop and much more secure. DM-Crypt is always supported.

" - - old-crypt : build support for the older cryptoapi that earlier util-linux's included"

cu

Mr Faber

----------

## hede

 *Quote:*   

> Just compile util-linux with the useflag "old-crypt" and without "crypt". 

 

are you shure? ok, i'll try but i dont think old-crypt will help. my working losetup is compiled without old-crypt.

----------

## durian

 *hede wrote:*   

>  *Quote:*   oops, I am running an AMD64 system, I guess I need to find an older 64 bits binary to try this...  
> 
> i thought AMD64 can run 32 and 64 bit apps at once? if so, an AMD64 should be able to run a (predecessor)athlonXP-optimized binary, shouldnt it?

 

Yes, it can. I was wondering if, e.g. the aes kernel module would be the same, or give the same results. I suppose it must.

 *hede wrote:*   

> PS: try (emerge) an older sys-apps/util-linux (my working is 2.12b) or compile it by hand and copy the losetup-exe to /usr/local/bin or ~/bin i.e. <<util-linux-sources>>
> 
> i think there are many possible work-arounds. 
> 
> PPS: but remember: there is a reason for disabling <20-character-passwords! dont forget to recrypt your data with a longer/stronger passwort.

 

Yeah, I'll try the re-emerge. And then re-encrypt with a better password :-)

-peter

----------

## durian

 *Mr Faber wrote:*   

> Just compile util-linux with the useflag "old-crypt" and without "crypt". The new util-linux supports loop-aes since it is compatbile with old-cryptoloop and much more secure. DM-Crypt is always supported.
> 
> " - - old-crypt : build support for the older cryptoapi that earlier util-linux's included"
> 
> cu
> ...

 

Thanks, another good hint!

-peter

----------

## ultraViolet

 *durian wrote:*   

> 
> 
> ```
> localhost ~ # losetup -e aes /dev/loop /mnt/d/cfile 
> 
> ...

 

 just in case - are you using dm-crypt ? The same happens to me and i was trying to mount with losetup, but the use of cryptsetup solved the pb for me...

----------

## durian

 *ultraViolet wrote:*   

>  *durian wrote:*   
> 
> ```
> localhost ~ # losetup -e aes /dev/loop /mnt/d/cfile 
> 
> ...

 

I got it to work with the old binary I got from "hede"! I got a new computer last week, so I had not time to try earlier. But I managed to get my files back, will use dm-crypt or whatever is most up-to-date now,

-peter

----------

