You are not logged in.

#1 2018-06-03 09:14:03

thetoric
Member
Registered: 2018-06-03
Posts: 8

cryptsetup Check that kernel supports serpent-xts cipher

This is my first time installing arch, and I am trying to set up block level encryption on my device.
I have created the partitions, read up on dm-crypt, ensured that the dm-crypt module is loaded, everything the installation guide and dm-crypt guides instruct.
however,

cryptsetup --cipher serpent-xts --key-size 512 luksFormat /dev/sda1

returns

Failed to setup dm-crypt key mapping for device /dev/sda1.
Check that the kernel supports serpent-xts cipher (check syslog for more info).
Cipher specification should be in [cipher]-[model]-[iv] format.

serpent-xts is one of the things tested with cryptsetup benchmark, which one would think means it is supported by the kernel.

the only thread that I could find about this during installation was from 2014 and only suggested rebooting.

Last edited by thetoric (2018-06-03 16:17:58)

Offline

#2 2018-06-03 09:32:22

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: cryptsetup Check that kernel supports serpent-xts cipher

You could try serpent-xts-plain64 instead. Of course, it's much slower than the default aes-xts-plain64 on a platform that supports AES-NI.

Note that cryptsetup cipher option will also allow you to select ciphers that aren't any good. So if you play with this parameter without understanding it well, you should at minimum have a look at how encrypted data actually looks like. If it's not random, then don't use it. If you have any doubt, just stick to the default.

Encryption stuff is subtle, for example the old standard aes-xts-plain would repeat after 2TB. You still find wikis and howtos to this day telling people to use aes-xts-plain instead of aes-xts-plain64, which is just wrong

Last edited by frostschutz (2018-06-03 09:32:48)

Offline

#3 2018-06-03 17:15:53

thetoric
Member
Registered: 2018-06-03
Posts: 8

Re: cryptsetup Check that kernel supports serpent-xts cipher

Thanks. according to this https://superuser.com/questions/775200/ … crypt-luks, it seems like plain64 is the only xfs option available...

Offline

Board footer

Powered by FluxBB