Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   cryptsetup    ( 8 )

управлять обычными dm-crypt и зашифрованными томами LUKS (manage plain dm-crypt and LUKS encrypted volumes)
  Name  |  Synopsis  |  Description  |  Plain dm-crypt or luks?  |  Warning  |  Basic actions  |  Plain mode  |  Luks extension  |  Loop-aes extension  |  Tcrypt (truecrypt-compatible and veracrypt) extension  |  Bitlk (windows bitlocker-compatible) extension (experimental)  |  Miscellaneous  |  Options  |  Examples  |  Return value  |  Notes on passphrase processing for plain mode  |  Notes on passphrase processing for luks  |  Incoherent behavior for invalid passphrases/keys  |  Notes on supported ciphers, modes, hashes and key sizes  |  Notes on passphrases  |    Notes on random number generators    |  Authenticated disk encryption (experimental)  |  Notes on loopback device use  |  Luks2 header locking  |  Deprecated actions  |  Reporting bugs  |

NOTES ON RANDOM NUMBER GENERATORS

Random Number Generators (RNG) used in cryptsetup are always the kernel RNGs without any modifications or additions to data stream produced.

There are two types of randomness cryptsetup/LUKS needs. One type (which always uses /dev/urandom) is used for salts, the AF splitter and for wiping deleted keyslots.

The second type is used for the volume (master) key. You can switch between using /dev/random and /dev/urandom here, see --use-random and --use-urandom options. Using /dev/random on a system without enough entropy sources can cause luksFormat to block until the requested amount of random data is gathered. In a low-entropy situation (embedded system), this can take a very long time and potentially forever. At the same time, using /dev/urandom in a low-entropy situation will produce low-quality keys. This is a serious problem, but solving it is out of scope for a mere man-page. See urandom(4) for more information.