[pkg-cryptsetup-devel] Bug#927165: debian-installer: improve support for LUKS
Guilhem Moulin
guilhem at debian.org
Mon Apr 15 23:21:27 BST 2019
On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote:
> Guilhem Moulin <guilhem at debian.org> (2019-04-15):
>> On Mon, 15 Apr 2019 at 21:40:35 +0200, Cyril Brulebois wrote:
>>> There are also some other highlights in this changelog entry, regarding
>>> key sizes, and some update to partman-crypto might be needed…
>>
>> GRUB stuff aside?
>
> My point above was that there are a number of “keysize” occurrences in
> partman-crypto[1] that might need to be adjusted for the new sizes in
> cryptsetup.
I'm not really familiar with partman-crypto so please take that with a
grain of salt, but at first glance the key size is passed explicitly
/sbin/cryptsetup -c $cipher-$iv -h $hash -s $size luksFormat $device $pass
hence isn't affected by the new *default*. AFAIK the keysize is still
256 in non XTS-modes, and the double in XTS mode (so AES256 is used).
> And while I cannot personally guarantee I'm going to spot all mails that
> need action/reaction on the mailing list, something like a mention of
> this GRUB limitation[3] (apparently documented since late 2018) might
> have peaked somebody's interest back then and could have triggered some
> feedback from someone else…
Agreed, that wasn't a deliberate omission of course. It simply didn't
cross my mind until I read the message from Jonathan :-( (Ironically I
have some devices with LUKS unlocking from GRUB, but haven't deployed
new ones this year…)
> Time for some rest here. I've added the “LUKS version configurability”
> topic to my list of urgent d-i issues, and I'll try to get that done
> soon.
Thanks, Cyril! And sorry for the extra work… I might be able to give a
hand, too.
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20190416/56495a47/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list