On 18 Dec 2015 14:13 -0500, from doark@xxxxxxxx (David Niklas): > I have a LUKS partition, aes-xts-plain64. > I wanted to change it, can I? > I can unmount the drive and do this, I'm not talking hot change here. I believe this is exactly what cryptsetup-reencrypt was designed to do. That tool is available in cryptsetup 1.5.0 and up. http://asalor.blogspot.com/2012/08/re-encryption-of-luks-device-cryptsetup.html https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Re-encrypting_devices And yes, the reencryption is an offline operation. And you really, _REALLY_ want to have a fresh backup of your data before you even think about doing it. But just out of curiosity, why do you want to migrate away from aes-xts-plain64? I've said it before; that is the default for a reason. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt