Note that no iterated hashing or salting is done in plain mode.
If hashing is done, it is a single direct hash. This means that
low-entropy passphrases are easy to attack in plain mode.
From a terminal: The passphrase is read until the first newline,
i.e. '\n'. The input without the newline character is processed
with the default hash or the hash specified with --hash. The
hash result will be truncated to the key size of the used cipher,
or the size specified with -s.
From stdin: Reading will continue until a newline (or until the
maximum input size is reached), with the trailing newline
stripped. The maximum input size is defined by the same compiled-
in default as for the maximum key file size and can be
overwritten using --keyfile-size option.
The data read will be hashed with the default hash or the hash
specified with --hash. The hash result will be truncated to the
key size of the used cipher, or the size specified with -s.
Note that if --key-file=- is used for reading the key from stdin,
trailing newlines are not stripped from the input.
If "plain" is used as argument to --hash, the input data will not
be hashed. Instead, it will be zero padded (if shorter than the
key size) or truncated (if longer than the key size) and used
directly as the binary key. This is useful for directly
specifying a binary key. No warning will be given if the amount
of data read from stdin is less than the key size.
From a key file: It will be truncated to the key size of the used
cipher or the size given by -s and directly used as a binary key.
WARNING: The --hash argument is being ignored. The --hash option
is usable only for stdin input in plain mode.
If the key file is shorter than the key, cryptsetup will quit
with an error. The maximum input size is defined by the same
compiled-in default as for the maximum key file size and can be
overwritten using --keyfile-size option.
