[dm-crypt] cryptsetup from aes-cbc to aes-xts

xxiao8 xxiao8 at fosiao.com
Thu Oct 29 23:28:58 CET 2015


I had a one liner change in my cryptsetup script (see below), as long as 
the key-file is the same, I can keep using the content on the 
hard-drive, which is a surprise to me. Doesn't switch-to-aes-xts-plain64 
mandate a reformat of the hard drive? am I missing something?


Changing from
cryptsetup -v -c "aes-cbc-essiv:sha256" --key-size 256 --key-file 
/etc/keys/sda1.key luksFormat --use-random /dev/sda1

to
cryptsetup -v -c "aes-xts-plain64" --hash sha256 --key-size 512 
--key-file /etc/keys/sda1.key luksFormat --use-random /dev/sda1

Thanks for your help,

xxiao



More information about the dm-crypt mailing list