On Fri, September 5, 2014 17:29, Milan Broz wrote: > On 09/05/2014 12:54 AM, Sven Eschenberg wrote: >> For me two major questions remain though: >> 1.) Why did an older version of cryptsetup work without these modules? > > Hi, > > HMAC is mandatory, so check your previous config... I guess just some > magic > switched it to module... :) > No, actually it was modular. In fact it was my fault, the older kernel's initramfs included /lib/modules completely, from what I gathered by checking it's initramfs. I guess the issue was nagging me back then already and I took the easy path ;-). >> 2.) Why is HMAC needed? It is not obvious and if some other kernel >> module >> needs it, why is the dependecy missing? > > It is not dependence for kernel module but requirement of PBKDF2 used in > LUKS. > > But as I said, it should report problems in more clear error messages... > >> 4.) if HMAC dependecy is owed to cryptsetup specificly, is that >> documented >> already? > > I do not think there is a list of required kernel modules. Perhaps it > should > be added somewhere. But I am afraid exact list will depend on kernel > versions and > other configuration (crypto mgr, fips, hw accel. support, ...) That is true, of course. A list of modules necessary for kernel backend and one for the default parameters might not be the worst idea, I think. What do others say? > > In short, for kernel backend, AF_ALG must be supported in general. > > Then for LUKS: generic hash support, specific hash used in LUKS and HMAC > is required. > With 1.6.5 and later it will optionally utilize also skcipher interface > (so you need > the block cipher and block mode used in LUKS header. > > For TrueCrypt support you need the same, (hash, hmac, block cipher, block > mode). > > Perhaps man page or FAQ could be more descriptive here (... send a patch > ;-) Arno already stated that the FAQ is becoming quite large, I am not sure where we should add it. > > Thanks, > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > Regards -Sven _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
