Am 18.04.2015 um 12:27 schrieb Marko Weber | 8000: > i try to crypt a partition with cryptsetup. > Yes, in Kernel i had all need things i think.
No, you haven't. You need to make those changes: > CONFIG_CRYPTO_XTS=m CONFIG_CRYPTO_XTS=y > CONFIG_CRYPTO_AES_X86_64=m CONFIG_CRYPTO_AES_X86_64=y > CONFIG_CRYPTO_AES_NI_INTEL=m CONFIG_CRYPTO_AES_NI_INTEL=y (only if you have an Intel CPU) You have to compile the modules which are necessary for the encryption method you're using directly into the kernel, not as a module, because the kernel needs them directly at boot time. > but when i try to use cryptsetup i get this: > > # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat > /dev/mapper/VolGroup01-media2 The correct command is: # cryptsetup -s 256 -y -c aes-xts-plain64 luksFormat /dev/mapper/VolGroup01-media2 Maybe you should consider those parameters: -s 512 (for a longer key) -h sha512 (otherwise sha1 will get used for the password hash) --use-random (manpage says: "Using /dev/urandom can lead to weak keys.")
