You are not logged in.

#1 2008-06-25 20:05:02

xyon
Member
Registered: 2007-09-17
Posts: 23

cryptsetup, ciphers not available

I am in the middle of setting up an encrypted partition via this tutorial:

http://wiki.archlinux.org/index.php/Sys … r_dm-crypt

I've loaded these modules:

dm-crypt
aes-i586
sha256
geode-aes
lrw

But am getting this:

cryptsetup -c aes-lrw-benbi -y -t15 -T1 luksFormat /dev/sda3

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command failed: Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-lrw-benbi cipher spec and verify that /dev/sda3 contains at least 133 sectors

However, this works:

cryptsetup -c aes -y -t15 -T1 luksFormat /dev/sda3

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.

Offline

#2 2008-06-26 10:04:17

hrist
Member
From: Germany
Registered: 2007-01-07
Posts: 61
Website

Re: cryptsetup, ciphers not available

You have to specify the keysize + 128 with the -s option for *-benbi
eg -s 384 for a 256bit key

Last edited by hrist (2008-06-26 10:05:20)


two - Arch64 | dwm | nvidia
three - Arch64 | dwm | nvidia

Offline

#3 2008-06-26 12:08:38

xyon
Member
Registered: 2007-09-17
Posts: 23

Re: cryptsetup, ciphers not available

Thanks for the reply, '-s 384' works. I would like to go stronger, though (512bit key), but am getting this:

# cryptsetup -c aes-lrw-benbi -s 640 -y -t15 -T1 luksFormat /dev/sda3

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 
Command failed: Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-lrw-benbi cipher spec and verify that /dev/sda3 contains at least 633 sectors

Does the aes/lrw-benbi combination not support keys that large? Is there a secure AES method that does allow 512-bit keys?

Offline

Board footer

Powered by FluxBB