On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote: > Guilhem Moulin <guil...@debian.org> (2019-04-15): >> On Mon, 15 Apr 2019 at 21:40:35 +0200, Cyril Brulebois wrote: >>> There are also some other highlights in this changelog entry, regarding >>> key sizes, and some update to partman-crypto might be needed… >> >> GRUB stuff aside? > > My point above was that there are a number of “keysize” occurrences in > partman-crypto[1] that might need to be adjusted for the new sizes in > cryptsetup.
I'm not really familiar with partman-crypto so please take that with a
grain of salt, but at first glance the key size is passed explicitly
/sbin/cryptsetup -c $cipher-$iv -h $hash -s $size luksFormat $device $pass
hence isn't affected by the new *default*. AFAIK the keysize is still
256 in non XTS-modes, and the double in XTS mode (so AES256 is used).
> And while I cannot personally guarantee I'm going to spot all mails that
> need action/reaction on the mailing list, something like a mention of
> this GRUB limitation[3] (apparently documented since late 2018) might
> have peaked somebody's interest back then and could have triggered some
> feedback from someone else…
Agreed, that wasn't a deliberate omission of course. It simply didn't
cross my mind until I read the message from Jonathan :-( (Ironically I
have some devices with LUKS unlocking from GRUB, but haven't deployed
new ones this year…)
> Time for some rest here. I've added the “LUKS version configurability”
> topic to my list of urgent d-i issues, and I'll try to get that done
> soon.
Thanks, Cyril! And sorry for the extra work… I might be able to give a
hand, too.
--
Guilhem.
signature.asc
Description: PGP signature
