Commit 0d766c58 authored by Arno Wagner's avatar Arno Wagner

fixed some typos.


git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@708 36d66b0a-2a48-0410-832c-cd162a569da5
parent 313e5564
......@@ -1244,29 +1244,30 @@ http://code.google.com/p/cryptsetup/source/browse/trunk/misc/luks-header-from-ac
alignment is not recomended.
That said, with default parameters, the data area starts at
exactly 2MB offset (at 0x101000 for crptsetup versions before 1.3).
The smallest data area you can have is one sector of 512 bytes.
Data areas of 0 bytes can be created, but fail on mapping.
exactly 2MB offset (at 0x101000 for cryptsetup versions before
1.3). The smallest data area you can have is one sector of 512
bytes. Data areas of 0 bytes can be created, but fail on mapping.
While you cannot put a filesystem into something this small, it may
still be used to contain, for eamcple, key. Note that with current
still be used to contain, for example, key. Note that with current
formatting tools, a partition for a container this size will be
3MiB anyways. If you put the LUKS container into a file (via
losetup and a loopback device), the file needs to be 2097664 bytes
in size, i.e. 2MiB + 512B.
The two ways to influence the start of the data area are key-size
There two ways to influence the start of the data area are key-size
and alignment.
For alignment, you can go down to 1 on the parameter. This will
still leave you with a data-area starting at 0x101000, i.e.
1MiB+4096B (default parameters) as alignment will be rounded up to
the next multiple of 8 (i.e. 4096 bytes) (TODO: need to verify
this).
the next multiple of 8 (i.e. 4096 bytes) If in doubt, do a dry-run
on a larger file and dump the LUKS header to get actual
information.
For key-size, you can use 128 bit (e.g. AES-128 with CBC), 256 bit
(e.g. AES-256 with CBC) or 512 bit (e.g. AES-256 with XTS mode).
You can do 64 bit (e.g. blofish-64 with CBC), but anything below
You can do 64 bit (e.g. blowfish-64 with CBC), but anything below
128 bit has to be considered insecure today.
Example 1 - AES 128 bit with CBC:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment