F11 installer: affecting the cipher used for encrypted partitions (e. g. blowfish)
 

Hello everybody,

this is my first post in the Fedora section of LQ, and I did do a search, but unfortunately didn't find a conclusive answer. I hope a Fedora-savvy person here can clarify something for me.

And here goes: I'm contemplating intalling Fedora 11 on my main machine, which is currently running Slackware. There are separate partitions for /, /usr, /home and some others containing all sorts of data. Almost all of my partitions are encrypted, the used ciphers ranging from Rijndael over Serpent to Blowfish.

Doing some preliminary tests with Qemu and the F11 Live/Istallation CD showed me that Fedora apparently can only handle AES encrypted partitions. Anything blowfishy cannot be included in the installation procedure. F11 documentation also states that Blowfish isn't a standard cipher for cryptsetup.

Now for my questions:
1. Can I influence the cipher/cipher-mode used by the F11 installer (both for new and existing encryptions)? If so, how?
2. If the answer to 1 is no: Is it possible to just ignore the affected partitions during installation and mount them anyway later on by loading blowfish in the boot process and manually fixing fstab and crypttab?

Thanks a bunch!

Just in case anyone is running into the same issues, here's a quick update.

I played around with the i386-DVD-Medium of Fedora 11 and QEmu, having earlier created a container file with partitions for /boot, /, swap and an extra partition. The latter I encrypted with blowfish (using Knoppix) and put some test file there. Then I installed F11 via Anaconda, ignoring the extra partition that, as mentioned, couldn't be read. For the root partition, I explicitly gave a different password than for my extra partition.

After the installation, I used QEmu to boot a grml live cd (since I needed support for both cryptsetup and ext4) (*), opened F11's root partition from there (formerly having taken care not to make it a LVM volume) and edited both /etc/crypttab and /etc/fstab to include my extra partition in the boot process and mount it.

It worked. So at least I now know it's possible to access my existing partitions, if I should really do the switch. I still haven't found any way to supply options for how Anaconda is encrypting new partitions, though. If anyone has a pointer on that, don't be shy.


*) (this is off topic) I had to do this because I wasn't able to work in any decent manner under the standard base installation of F11. OMG, Gnome is the most unstable and buggy desktop environment I have ever seen. Ever. It makes Win95 seem a rock solid environment for the power user. I sincerely hope for all Gnomers that this was only caused by the emulation I used; I for one will stick with KDE anyway (which ran very well from the F11 KDE live cd btw). Just needed to get this off me for losing so much time - please don't make this a KDE vs. Gnome thread now. ;)