On Mon, Mar 27, 2006 at 04:02:14PM -0500, Joey Hess wrote: > I assume that there is really nothing i386 specific in this list of > modules and that I should add it to all the (2.6 only?) kernels for > all arches?
Yes to both. This will apply to all archs, and dm-crypt which will be using these modules is only available in 2.6. > I would prefer to keep things minimal by only including modules > actually used by encryption methods that partman-crypto supports > using. Does it support every module in this list? The support for dm-crypt is just coming into existance. We are aiming to provide a good selection of recommended ciphers for use with dm-crypt, but this will not include all of them. > Max, do you already have this stuff sorted out and patches created? > Don't want to duplicate effort. No risk of duplicating efforts, thanks for asking! David is currently working together with cryptsetup maintainers to sort out the details of adding support for dm-crypt and LUKS. Having (a reduced list of) these modules available in d-i is basically the starting point for this. I'm attaching some comments to the list and CCing pkg-cryptsetup-devel, since my understanding of dm-crypt is still limited. I'm sure cryptsetup maintainers and David can give feedback on correction and/or additions to this list. >From my limited understanding, I think this shortened list of modules will be a good starting point: sha256 ? blowfish ? twofish ? serpent ? aes ? cheers, Max
> > md4 ? > > sha1 ? > > wp512 ? > > tgr192 ? I don't dm-crypt or LUKS use these. Please correct me if they do. > > md5 ? Not needed as a module since it's built into Debian kernels: $ grep -i md5 /boot/config-2.6.16-1-686 CONFIG_CRYPTO_MD5=y > > sha256 ? Needed by LUKS, AFAICS. > > sha512 ? Dunno. > > des ? We sure don't want to support DES in new installations ;-) > > blowfish ? > > twofish ? > > serpent ? > > aes ? These would be useful to support, AFAICS. > > cast5 ? > > cast6 ? > > tea ? > > khazad ? > > anubis ? I can't really comment on those.
