If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
SDB:Crypto Partition/Files Changes in SUSE Linux Professional 9.3
Crypto Partition/Files Changes in SUSE Linux Professional 9.3
With SUSE LINUX 9.3 we switched from
twofish as the encryption module.
twofish together with
cryptoloop is now the standard method for crypto partitions. We made that switch because twofish together with cryptoloop is more secure (cryptoloop uses the block number as the initialization vector, whereas loop_fish2 always uses zero) and is the standard solution for crypto partitions.
WARNING: DO NOT RUN FSCK
The on-disk format of the two modules is different and if you access it via the wrong module, the automatic boot scripts will recognize the filesystem (since the first block is very similar) but detect that the rest appears to be wrong and offer a filesystem check. Do not run this filesystem check - instead just reply 'no' and check that the correct module is used. If you ignore this warning the filesystem check will result in total data loss.
SUSE Linux now makes use of the following different crypto filesystem implementations:
|SUSE Version||Encryption Name||Key Length||Kernel Modules||Initialization vector (IV)|
|Prior to 9.1||twofish||160 Bits||loop_fish2||constant|
|9.1 and 9.2||twofish256||256 Bits||loop_fish2||constant|
|9.3||twofish256||256 Bits||twofish, cryptoloop||block number|
As you can see, the encryption name
twofish256 is the same in SUSE LINUX 9.1/9.2 and 9.3, but it makes use of different kernel modules. Unfortunately the on-disk format used by these modules is different and therefore they are incompatible. Of course the on-disk format is also not detectable, because this would mean you could guess the encryption type from crypted data, which would be a security flaw.
These limitations entail some problems we can not cover technically. That means you have to intervene manually for the following case:
New-Installation and Access to Old Crypto Partition
If you make a fresh install of SUSE LINUX 9.3 and use it to access existing crypto partitions from SUSE LINUX 9.1 or 9.2, you have to specify the proper encryption name in your configuration files. This would be either
/etc/fstab. As you remember we have 3 different implementations and two of them use the same encryption name. To differentiate between these two we have implemented the encryption name
twofishSL92 which is an alias for
loop_fish2. So in your configuration files change:
Old cryptotab from SUSE LINUX 9.2:
/dev/loop0 /dev/hda3 /secret reiserfs twofish256 noatime
New cryptotab from SUSE LINUX 9.3:
/dev/loop0 /dev/hda3 /secret reiserfs twofishSL92 noatime
Things we have covered because they were technically possible are:
Update from Older Distributions
During a system update
/etc/cryptotab will be changed by the YaST Installer.
Installation of New Distribution
A new installation will use the new cryptoloop module exclusively. <keyword>crypto,krypto,loop,mount,fsck,twofish</keyword>