Bug#482092: partman-crypto: xts support
On Sat, Jun 23, 2012 at 03:11:00PM +0200, Bastian Blank wrote: We only want to support plain64 for Wheezy. There is. You need at least 256 bit (128 for encryption, 128 for XTS). I commited support for xts-plain64 to partman-crypto. It will just double the key size used for xts, so no additional checking is necessary. Maybe someone wants to check them before I'll upload it. Bastian -- Only a fool fights in a burning house. -- Kank the Klingon, Day of the Dove, stardate unknown -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120709133747.ga2...@wavehammer.waldi.eu.org
Bug#482092: partman-crypto: xts support
Bastian Blank writes: We only want to support plain64 for Wheezy. I assume you mean for wheezy we just want the d-i partman-crypto UI to support selecting xts-plain64 and not xts-plain? The kernel support will still be there and you'll be able to mount an existing xts-plain based filesystem (or create one by hand in a shell) right? The ability to do so is still interesting for rescue purposes. -- Matt Taggart tagg...@debian.org -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120628202702.96db...@taggart.lackof.org
Bug#482092: partman-crypto: xts support
Matt, am Thu, Jun 28, 2012 at 01:27:02PM -0700 hast du folgendes geschrieben: Bastian Blank writes: We only want to support plain64 for Wheezy. I assume you mean for wheezy we just want the d-i partman-crypto UI to support selecting xts-plain64 and not xts-plain? The kernel support will still be there and you'll be able to mount an existing xts-plain based filesystem (or create one by hand in a shell) right? The ability to do so is still interesting for rescue purposes. AFAIUI plain64 is able to mount plain partitions. Kind regards Philipp Kern signature.asc Description: Digital signature
Bug#482092: partman-crypto: xts support
On Fri, Jun 22, 2012 at 04:30:11PM -0700, Matt Taggart wrote: If so, then I think all that's needed is to add xts-plain to debian-installer/packages/partman-crypto/ciphers/dm-crypt/ivalgorithm Sound correct? So there's nothing special about key sizes with xts as stated basically at the top of the bug report? Also I guess one should support xts-plain64 too? Is there any value in offering xts-plain at this point, shouldn't we go to 64bit sector numbers directly? Upstream even says that there's no performance penalty. Kind regards Philipp Kern, who also set up xts-plain manually (on a constrained SSD, hence no plain64) signature.asc Description: Digital signature
Bug#482092: partman-crypto: xts support
On Sat, Jun 23, 2012 at 12:15:36PM +0200, Philipp Kern wrote: So there's nothing special about key sizes with xts as stated basically at the top of the bug report? There is. You need at least 256 bit (128 for encryption, 128 for XTS). Also I guess one should support xts-plain64 too? Is there any value in offering xts-plain at this point, shouldn't we go to 64bit sector numbers directly? Upstream even says that there's no performance penalty. We only want to support plain64 for Wheezy. Bastian -- That unit is a woman. A mass of conflicting impulses. -- Spock and Nomad, The Changeling, stardate 3541.9 -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120623131100.gb15...@wavehammer.waldi.eu.org
Bug#482092: partman-crypto: xts support
Hi #482092, I am pinging this bug because I would really like to see xts in wheezy. We (riseup.net) have been using serpent:xts-plain for our systems for both lenny and squeeze and it works great. Until now we have had to do some hacking to get d-i to set it up, * drop to a shell * wget the xts.ko and gf128mul.ko modules in the right dir * verify the md5sums of the modules * depmod -a;modprobe xts * echo cbc-essiv:sha256 cbc-plain plain ecb xts-plain /lib/partman/ciphers/dm-crypt/ivalgorithm We even hacked up a preseed early command hack to set this up because it was such a hassle. I think the xts kernel module (and hopefully the gf128mul module since it's a dependency?) are already included if I read this right, http://anonscm.debian.org/viewvc/kernel/dists/sid/linux/debian/installer/modules/crypto-modules?revision=19065view=markup If so, then I think all that's needed is to add xts-plain to debian-installer/packages/partman-crypto/ciphers/dm-crypt/ivalgorithm Sound correct? Thanks, -- Matt Taggart tagg...@debian.org -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120622233011.94677...@taggart.lackof.org
