From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9E8DE138CA2 for ; Mon, 20 Apr 2015 17:43:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5CB45E08BA; Mon, 20 Apr 2015 17:43:33 +0000 (UTC) Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.29.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2D63CE0850 for ; Mon, 20 Apr 2015 17:43:32 +0000 (UTC) Received: from [84.118.152.175] (helo=[192.168.2.100]) by smtprelay03.ispgateway.de with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from ) id 1YkFiq-0002yr-FK for gentoo-user@lists.gentoo.org; Mon, 20 Apr 2015 19:43:04 +0200 Message-ID: <55353AC3.30902@baums-on-web.de> Date: Mon, 20 Apr 2015 19:43:31 +0200 From: Heiko Baums User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] cryptsetup wont use aes-xts:plain64 References: <1747465.EH4NcqrpOD@navi> <0a98c23f83197b1053b155c71ae67202@zbfmail.de> In-Reply-To: <0a98c23f83197b1053b155c71ae67202@zbfmail.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Df-Sender: NTM3MzY2 X-Archives-Salt: f818cc08-191a-4275-a4bb-765d8bc2e705 X-Archives-Hash: e91f802f011374901b61bce1d66822cc Am 20.04.2015 um 15:43 schrieb Marko Weber | 8000: > # cryptsetup -c aes-xts:plain64 -y -s 512 luksFormat > /dev/mapper/VolGroup01-media2 As I've already mentioned in my first answer, there is a typo in this command. Well, I actually didn't mention that it's a typo, but I gave you the correct command: # cryptsetup -s 256 -y -c aes-xts-plain64 luksFormat /dev/mapper/VolGroup01-media2 Maybe you should consider those parameters: -s 512 (for a longer key) -h sha512 (otherwise sha1 will get used for the password hash) --use-random (manpage says: "Using /dev/urandom can lead to weak keys.") Or in other words: It's not -c aes-xts:plain64, but -c aes-xts-plain.