Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   cryptsetup    ( 8 )

управлять обычными dm-crypt и зашифрованными томами LUKS (manage plain dm-crypt and LUKS encrypted volumes)
  Name  |  Synopsis  |  Description  |  Plain dm-crypt or luks?  |  Warning  |  Basic actions  |  Plain mode  |  Luks extension  |  Loop-aes extension  |  Tcrypt (truecrypt-compatible and veracrypt) extension  |  Bitlk (windows bitlocker-compatible) extension (experimental)  |  Miscellaneous  |  Options  |  Examples  |  Return value  |    Notes on passphrase processing for plain mode    |  Notes on passphrase processing for luks  |  Incoherent behavior for invalid passphrases/keys  |  Notes on supported ciphers, modes, hashes and key sizes  |  Notes on passphrases  |  Notes on random number generators  |  Authenticated disk encryption (experimental)  |  Notes on loopback device use  |  Luks2 header locking  |  Deprecated actions  |  Reporting bugs  |

NOTES ON PASSPHRASE PROCESSING FOR PLAIN MODE

Note that no iterated hashing or salting is done in plain mode. If hashing is done, it is a single direct hash. This means that low-entropy passphrases are easy to attack in plain mode.

From a terminal: The passphrase is read until the first newline, i.e. '\n'. The input without the newline character is processed with the default hash or the hash specified with --hash. The hash result will be truncated to the key size of the used cipher, or the size specified with -s.

From stdin: Reading will continue until a newline (or until the maximum input size is reached), with the trailing newline stripped. The maximum input size is defined by the same compiled- in default as for the maximum key file size and can be overwritten using --keyfile-size option.

The data read will be hashed with the default hash or the hash specified with --hash. The hash result will be truncated to the key size of the used cipher, or the size specified with -s.

Note that if --key-file=- is used for reading the key from stdin, trailing newlines are not stripped from the input.

If "plain" is used as argument to --hash, the input data will not be hashed. Instead, it will be zero padded (if shorter than the key size) or truncated (if longer than the key size) and used directly as the binary key. This is useful for directly specifying a binary key. No warning will be given if the amount of data read from stdin is less than the key size.

From a key file: It will be truncated to the key size of the used cipher or the size given by -s and directly used as a binary key.

WARNING: The --hash argument is being ignored. The --hash option is usable only for stdin input in plain mode.

If the key file is shorter than the key, cryptsetup will quit with an error. The maximum input size is defined by the same compiled-in default as for the maximum key file size and can be overwritten using --keyfile-size option.