[pkg-cryptsetup-devel] Bug#619249: cryptsetup: --key-size used instead of --keyfile-size
Milan Broz
mbroz at redhat.com
Tue Mar 22 14:47:28 UTC 2011
On 03/22/2011 02:37 PM, Martin Kourim wrote:
just FYI:
This change was intentional, there was no other way because the operator was wrongly overloaded.
see http://code.google.com/p/cryptsetup/wiki/Cryptsetup120
Anyway, your suggested fix is wrong for several reasons:
- "-s" argument takes size in bits, --keyfile-size in bytes
- Option --keysfile-size has "-l" short option, not -d, it is bug in cryptsetup man page
(fixed upstream already).
- specifying keysize for LUKS in cryptab makes no sense, keysize is read from LUKS header
IMHO this line
> data /dev/sda8 none luks,checkargs=ext3,crypt=aes-cbc-essiv:sha256,size=128
should be equivalent to
> data /dev/sda8 none luks,checkargs=ext3
(specifying algorithm and keysize make sense only for non-LUKS devices)
I think Debian scripts should ignore these options if it is LUKS formatted device.
Milan
More information about the pkg-cryptsetup-devel
mailing list