Bug#455508: cryptsetup: should add blowfish, serpent and twofish to initrd
Package: cryptsetup Version: 2:1.0.5-1 Tags: patch The installer allows to choose crypt algorhitm (aes, twofish, blowfish, serpent) but cryptsetup copies to initrd only one of them: aes. I.e. for slow CPU systems the blowfish alghorims seems to be a better choise. -- .''`.Piotr Roszatycki : :' :mailto:[EMAIL PROTECTED] `. `' mailto:[EMAIL PROTECTED] `- diff -Nru cryptsetup-1.0.6~pre1.orig/debian/initramfs/cryptroot-hook cryptsetup-1.0.6~pre1/debian/initramfs/cryptroot-hook --- cryptsetup-1.0.6~pre1.orig/debian/initramfs/cryptroot-hook 2007-12-10 15:01:55.0 + +++ cryptsetup-1.0.6~pre1/debian/initramfs/cryptroot-hook 2007-12-10 15:05:02.0 + @@ -365,7 +365,7 @@ # Unless MODULES = "dep", we always add a basic subset of modules/tools if [ "$MODULES" != "dep" ]; then - for mod in dm_mod dm_crypt aes sha256 cbc; do + for mod in dm_mod dm_crypt aes blowfish serpent twofish sha256 cbc; do manual_add_modules $mod done copy_exec /sbin/cryptsetup /sbin
Bug#455508: [Pkg-cryptsetup-devel] Bug#455508: cryptsetup: should add blowfish, serpent and twofish to initrd
On Mon, December 10, 2007 16:07, Piotr Roszatycki wrote: > The installer allows to choose crypt algorhitm (aes, twofish, > blowfish, serpent) but cryptsetup copies to initrd only one of them: > aes. > > I.e. for slow CPU systems the blowfish alghorims seems to be a better > choise. I'm not quite sure I understand. If you setup a blowfish crypto device in /etc/crypttab, then the blowfish module will be copied to the initramfs. The unconditional copying of aes is just there as a safety net. -- David Härdeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#455508: [Pkg-cryptsetup-devel] Bug#455508: cryptsetup: should add blowfish, serpent and twofish to initrd
2007/12/11, David Härdeman <[EMAIL PROTECTED]>: > I'm not quite sure I understand. If you setup a blowfish crypto device in > /etc/crypttab, then the blowfish module will be copied to the initramfs. > The unconditional copying of aes is just there as a safety net. Ah, I didn't realize that I need to update initrd after I changed the alghoritm. I didn't use cipher argument in /etc/crypttab and just recreated LUKS volumen with another cipher. I was suprised that system didn't boot because the standard initrd didn't contain basic modules. I think that MODULES=most schema for initramfs *should* include the four basic crypto modules and with MODULES=dep schema cryptsetup scripts *should* guess with one is used. Thank you. -- .''`.Piotr Roszatycki : :' :mailto:[EMAIL PROTECTED] `. `' mailto:[EMAIL PROTECTED] `-