On Tue, Dec 11, 2012 at 03:46:19PM +0100, Erik Logtenberg wrote: > Dear list, > > I have been using luks for quite some time, and as a result I have > several luks volumes in use that are still based on 128 bits key sizes. > Current default in Fedora is already upped to 256 bits and RSA even > advices key sizes of 1024 or even 2048 for highly secure stuff. You are confusing symmetric and assymetric keys here. 2048 bit asymmetric is (very roughly) equivalent to 128 bit symmetric. Have a look here for currently recomended key sizes: http://www.keylength.com/ There is no idication that anybody can break 128 but AES at this time or in the next few decades. Your passphrase has likely a lot less entropy anyways and is the better target. > So, how do I increase the key size? In man cryptsetup I see that the > --key-size option only applies to the create, luksFormat and loopaesOpen > commands. Is there any way I can make this happen? It is unnecessary. If you really want to, use your normal backup procedure, recreate a new LUKS volume and restore (you do have backup, right?). There is also a re-encryption in place tool by Milan, but that is experimental and definitely requires a current backup. It is called "cryptsetup-reencrypt" and part of the source package as of version 1.5.0 (current version is 1.5.1). Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
