On 03/17/2014 09:33 PM, Arno Wagner wrote:
On Mon, Mar 17, 2014 at 19:55:05 CET, Cpp wrote:
# cryptsetup -c aes-xts-plain64 -h sha512 -s 512 -d /dev/urandom open
/dev/sda --type plain cryptroot
Make ist easier on you, the defaults are really quite enough:
# cryptsetup create -d /dev/urandom /dev/sda cryptroot
# dd if=/dev/zero of=/dev/mapper/cryptroot bs=4096
My question is are there any serious drawbacks of using this method in
place of the urandom one?
None.
Glad to hear it, since I've been doing that all along. If you happen
to be doing this with an old cryptsetup, you want to select an IV
that does not repeat on a large volume. This, for example would be
a poor choice (from cryptsetup 1.1.3):
Default compiled-in device cipher parameters:
plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
