[dm-crypt] Two questions about LUKS2 format

Geo Kozey geokozey at mailfence.com
Fri Dec 29 17:41:11 CET 2017


1. When creating new container with experimental ciphers, i.e. chacha20, the output of luksDump shows:

Data segments:
  0: crypt
        offset: 4194304 [bytes]
        length: (whole device)
        cipher: chacha20-random
        sector: 512 [bytes]
        integrity: poly1305

Keyslots:
  0: luks2
        Key:        256 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        PBKDF:      argon2i
        Time cost:  4

Why "Cipher: aes-xts-plain64" is shown under Keyslots metadata and is different than "cipher: chacha20-random" from Data segments?

2. What happens when we create new luks container with argon2 as PBKDF under system with huge amount of RAM then try opening it under system with much lower amount (so memory cost will be higher than physical memory available)? Will it open but slower or will it fail?

Thanks in advance for any answers.

Yours sincerely

G. K.


More information about the dm-crypt mailing list