Changes

Jump to: navigation, search

Rootfs over encrypted lvm

29 bytes removed, 5 months ago
m
Encrypting the drive: remove unnecessary flag
== Encrypting the drive ==
Read more about different cipher options here: [http://blog.wpkg.org/2009/04/23/cipher-benchmark-for-dm-crypt-luks/]
<{{console>|body=# ##i##cryptsetup --cipher aes-xts-plain64 luksFormat /dev/sda3</console>}}
Or use SHA512 for increase security. Do NOT use SHA-1: LUKS disk encryption. As the cryptography expert Bruce Schneier already told in year 2005, do not use SHA-1 because its broken. See his article here: [http://www.schneier.com/blog/archives/2005/02/sha1_broken.html]
<{{console>|body=
# ##i##cryptsetup --cipher twofish-xts-plain64 --hash sha512 --key-size 256 luksFormat /dev/sda3
</console>}}
{{Warning|Support for ''twofish-xts-plain64'' is '''NOT''' in the default debian-kernel. You will need to configure and compile your own kernel if you choose this.}}
676
edits

Navigation menu