Yet more experimentation... :-) Seems that I've solved my original problem; looking at the output from cat /proc/cypto it seems that the minimum keylength is doubled when using twofish with either lrw or xts vs plain. So all that needs doing is to double the keylength. However now I have some more questions from my further experiments: if you use the crypsetup command the -h option seems to do nothing; no matter what is passed in as the hash algorithm if you do a dmsetup table --showkey the resulting key is always the same, I was under the impression that the key passed in is hashed against the chosen algorithm to become the actual key used by the chosen cipher... is this correct? when I tried the Luks extensions the chosen hash still seems to have no impact and doing a luksDump always shows the hash as sha1, no matter what is passed in also the output of luksDump shows an entry of "MK salt" how is this determined? Again, any help in understanding this stuff is most appreciated. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
