[dm-crypt] cryptsetup from aes-cbc to aes-xts

Arno Wagner arno at wagner.name
Fri Oct 30 00:32:43 CET 2015


You do not need to format the disk, you just need to luksFormat
the LUKS container (i.e. full disk, partition or loop-file). 
Your LUKS container here is /dev/sda1 and you are 
luks(re)Formatting it with the lines you give.

Regards,
Arno

On Thu, Oct 29, 2015 at 23:28:58 CET, xxiao8 wrote:
> I had a one liner change in my cryptsetup script (see below), as
> long as the key-file is the same, I can keep using the content on
> the hard-drive, which is a surprise to me. Doesn't
> switch-to-aes-xts-plain64 mandate a reformat of the hard drive? am I
> missing something?
> 
> 
> Changing from
> cryptsetup -v -c "aes-cbc-essiv:sha256" --key-size 256 --key-file
> /etc/keys/sda1.key luksFormat --use-random /dev/sda1
> 
> to
> cryptsetup -v -c "aes-xts-plain64" --hash sha256 --key-size 512
> --key-file /etc/keys/sda1.key luksFormat --use-random /dev/sda1
> 
> Thanks for your help,
> 
> xxiao
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list