From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mail.saout.de (Postfix) with SMTP for ; Wed, 18 Nov 2009 11:01:44 +0100 (CET) Message-ID: <4B03C5EE.7010702@gmx.net> Date: Wed, 18 Nov 2009 11:01:18 +0100 From: Stefan Xenon MIME-Version: 1.0 References: <4B032794.6090104@gmx.net> <20091118054555.GB28949@tansi.org> In-Reply-To: <20091118054555.GB28949@tansi.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] different default key sizes for CREATE and LUKSFORMAT List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de If the reason is historically only, it might be a kind of security issue (low priority) because this behaviour could result in wrong expectations of users on the system regarding the default key size. A user who learns that the default key size (using "create") is 256 bit but uses "luksFormat" (which uses 128 bit) instead, may be misleaded. Therefore it may be better to harmonize both default values. Stefan Arno Wagner schrieb: > "create" is plain dm-crypt, luskFormat is creation of > a LUKS header. I suspect the reason is historical, as > these are two different encryption systems. > > Arno > > > > On Tue, Nov 17, 2009 at 11:45:40PM +0100, Stefan Xenon wrote: >> Hi! >> In the man page for cryptsetup is written regarding the option --key-size : >> >> "Can be used for create or luksFormat, all >> other LUKS actions will ignore this flag, as the key-size is >> specified by the partition header. Default is 128 for luksFormat >> and 256 for create." >> >> I am wondering what is the reason for two different default key sizes? >> >> Thanks >> Stefan >> >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> >