DO NOT EDIT THE HEADER. This will make your LUKS container inaccessible until you reverse the changes. What you now have is an aes-xts-plain64:sha512 container. You do not have ESSIV anywhere in there, XTS is an alternative to CBC-ESSIV. That said, if you want aother cipher or mode, easiest way is to re-create the container. A bit harder and risky without backup is to use Milan's reencryption tool. Arno On Wed, Dec 18, 2013 at 12:45:39 CET, FLD wrote: > I accidentally created a luks container using option --cipher > aes-xts-plain64:sha512. Everything seems to be working correctly and > luksDump shows: "Cipher mode: xts-plain64:sha512". I wonder if I > should hexedit the header manually and replace the ":sha512" part with > nulls since the proper format would be just "xts-plain64" since the > cipher does not need a hash for the ESSIV? > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
