Gentoo Archives: gentoo-user

From: Heiko Baums <lists@××××××××××××.de>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] cryptsetup wont use aes-xts:plain64
Date: Sat, 18 Apr 2015 12:07:32
Message-Id: 553248F4.1070306@baums-on-web.de
In Reply to: [gentoo-user] cryptsetup wont use aes-xts:plain64 by Marko Weber | 8000
1 Am 18.04.2015 um 12:27 schrieb Marko Weber | 8000:
2
3 > i try to crypt a partition with cryptsetup.
4 > Yes, in Kernel i had all need things i think.
5
6 No, you haven't.
7
8 You need to make those changes:
9 > CONFIG_CRYPTO_XTS=m
10 CONFIG_CRYPTO_XTS=y
11 > CONFIG_CRYPTO_AES_X86_64=m
12 CONFIG_CRYPTO_AES_X86_64=y
13 > CONFIG_CRYPTO_AES_NI_INTEL=m
14 CONFIG_CRYPTO_AES_NI_INTEL=y (only if you have an Intel CPU)
15
16 You have to compile the modules which are necessary for the encryption
17 method you're using directly into the kernel, not as a module, because
18 the kernel needs them directly at boot time.
19
20 > but when i try to use cryptsetup i get this:
21 >
22 > # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat
23 > /dev/mapper/VolGroup01-media2
24
25 The correct command is:
26
27 # cryptsetup -s 256 -y -c aes-xts-plain64 luksFormat
28 /dev/mapper/VolGroup01-media2
29
30 Maybe you should consider those parameters:
31 -s 512 (for a longer key)
32 -h sha512 (otherwise sha1 will get used for the password hash)
33 --use-random (manpage says: "Using /dev/urandom can lead to weak keys.")

Replies

Subject Author
Re: [gentoo-user] cryptsetup wont use aes-xts:plain64 Ralf <ralf+gentoo@×××××××××××××××××××.de>