From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id AC5F0138A6C for ; Sat, 18 Apr 2015 12:07:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 02AF3E097B; Sat, 18 Apr 2015 12:07:19 +0000 (UTC) Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.18.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B4CB8E08DF for ; Sat, 18 Apr 2015 12:07:17 +0000 (UTC) Received: from [84.118.152.175] (helo=[192.168.2.100]) by smtprelay04.ispgateway.de with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from ) id 1YjRWm-0005Fv-1V for gentoo-user@lists.gentoo.org; Sat, 18 Apr 2015 14:07:16 +0200 Message-ID: <553248F4.1070306@baums-on-web.de> Date: Sat, 18 Apr 2015 14:07:16 +0200 From: Heiko Baums User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] cryptsetup wont use aes-xts:plain64 References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Df-Sender: NTM3MzY2 X-Archives-Salt: 79d457bc-f382-4b5a-8753-fa5ae2d3cbc2 X-Archives-Hash: f896d536230b010ac4bb1cd0a3315260 Am 18.04.2015 um 12:27 schrieb Marko Weber | 8000: > i try to crypt a partition with cryptsetup. > Yes, in Kernel i had all need things i think. No, you haven't. You need to make those changes: > CONFIG_CRYPTO_XTS=m CONFIG_CRYPTO_XTS=y > CONFIG_CRYPTO_AES_X86_64=m CONFIG_CRYPTO_AES_X86_64=y > CONFIG_CRYPTO_AES_NI_INTEL=m CONFIG_CRYPTO_AES_NI_INTEL=y (only if you have an Intel CPU) You have to compile the modules which are necessary for the encryption method you're using directly into the kernel, not as a module, because the kernel needs them directly at boot time. > but when i try to use cryptsetup i get this: > > # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat > /dev/mapper/VolGroup01-media2 The correct command is: # cryptsetup -s 256 -y -c aes-xts-plain64 luksFormat /dev/mapper/VolGroup01-media2 Maybe you should consider those parameters: -s 512 (for a longer key) -h sha512 (otherwise sha1 will get used for the password hash) --use-random (manpage says: "Using /dev/urandom can lead to weak keys.")