You are not logged in.
Hi! I am setting up disk encryption using dm-crypt with LUKS. Arch wiki recommend:
# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda3
If I understand this correctly, this will setup 512bit AES encryption. Because I need balance performance versus security I suppose for my needs 128 bit AES is all I need (my password wouldn'd be long enough to effectively use 256/512 bits anyway). But this fails:
# cryptsetup -c aes-xts-plain -y -s 128 luksFormat /dev/sda3
After some digging I found that aes-xts-plain support min 256 bit, like:
# cryptsetup -c aes-xts-plain -y -s 256 luksFormat /dev/sda3
Any idea how to setup LUKS dm-crypt using 128bit AES ?
And second question - which hashing algorythm to use fot 128bit AES? SHA256?
Last edited by stabele (2009-03-26 20:40:48)
Offline
I found solution:
# cryptsetup -c aes-cbc-essiv:sha256 -y -s 128 luksFormat /dev/sda3
Offline
Erm, have you read the wiki article close enough? There is no AES512, and for aes-xts-plain "-s 256" is AES128.
Note: The XTS mode uses two keys of the same size, therefore available sizes (using XTS-AES) are 256 (128 * 2), 384 (192 * 2) and 512 (256 * 2).
For your second question about the hash function: LUKS defaults to SHA1, you can't define anything else.
Last edited by byte (2009-03-26 21:55:01)
1000
Offline
My appologize, I should have RTFM more carefully, aes-xts-plain -b 256 is what I need.
Last edited by stabele (2009-03-26 23:07:00)
Offline