[pkg-cryptsetup-devel] Bug#619249: cryptsetup: --key-size used instead of --keyfile-size

Milan Broz mbroz at redhat.com
Tue Mar 22 14:47:28 UTC 2011

On 03/22/2011 02:37 PM, Martin Kourim wrote:

just FYI:
This change was intentional, there was no other way because the operator was wrongly overloaded.
see  http://code.google.com/p/cryptsetup/wiki/Cryptsetup120

Anyway, your suggested fix is wrong for several reasons:

- "-s" argument takes size in bits, --keyfile-size in bytes

- Option --keysfile-size has "-l" short option, not -d, it is bug in cryptsetup man page
(fixed upstream already).

- specifying keysize for LUKS in cryptab makes no sense, keysize is read from LUKS header

IMHO this line
> data		/dev/sda8		none		luks,checkargs=ext3,crypt=aes-cbc-essiv:sha256,size=128

should be equivalent to
> data		/dev/sda8		none		luks,checkargs=ext3

(specifying algorithm and keysize make sense only for non-LUKS devices)

I think Debian scripts should ignore these options if it is LUKS formatted device.


More information about the pkg-cryptsetup-devel mailing list