Cyril Brulebois <kibi@debian.org> (2014-05-13): > Hallo Thomas, > > and thanks for your report. > > Thomas Renard <cybaer42@web.de> (2014-05-13): > > Package: debian-installer > > Version: testing > > Severity: wishlist > > > > Dear Maintainer, > > > > according to > > http://www.reddit.com/r/crypto/comments/235i58/linux_cryptosetup_strong_crypto_settings/ > > > > serpent-512b-xts seems to be the fastest software crypt algorithm for > > luks. But the debian installer menu only offers 256b-xts. It would be > > nice to have a 512b option. > > I know nothing about the prerequisites on the crypto side, but maybe the > installer only needs partman-crypto to be patched, this way: > | --- a/ciphers/dm-crypt/serpent/keysize > | +++ b/ciphers/dm-crypt/serpent/keysize > | @@ -1 +1 @@ > | -128 192 256 > | +128 192 256 512 So I've hacked the d-i bits, and I verified that the modified image indeed proposes serpent/512/xts as an option (even though I didn't test without my patch; I'm assuming you did). Now, trying to use that doesn't work, given the kernel module is unhappy about the parameter being passed. Looking at the kernel sources (v3.15-rc5-77-g14186fe), I see: | crypto/serpent_generic.c: .cia_max_keysize = SERPENT_MAX_KEY_SIZE, | crypto/serpent_generic.c: .cia_max_keysize = SERPENT_MAX_KEY_SIZE, | include/crypto/serpent.h:#define SERPENT_MAX_KEY_SIZE 32 which assuming max key size is expressed in bytes, would match a maximum key size of 256 bits. But then I'm probably missing something obvious. And as I said, I don't know anything in the crypto area to being with. Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature