diff options
-rwxr-xr-x | share/hydractl/provision | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision index b363809..5fac217 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -58,7 +58,7 @@ function hydra_provision_create_volume { if [ "$encrypt" == "y" ]; then echo "Creating encrypted $volume device..." - hydra_safe_run cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/mapper/$vg-$volume + hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/mapper/$vg-$volume hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume @@ -284,25 +284,25 @@ echo "# <target name> <source device> <key file> <options>" > /tmp/debootstra if [ "$encrypt" == "y" ]; then cat > /tmp/debootstrap/etc/crypttab <<-EOF -root /dev/mapper/$vg-root none luks,cipher=aes-cbc-essiv:sha256 +root /dev/mapper/$vg-root none luks EOF fi if [ "$home_size" != "0" ] && [ "$encrypt" == "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -home /dev/mapper/$vg-home none luks,cipher=aes-cbc-essiv:sha256 +home /dev/mapper/$vg-home none luks EOF fi if [ "$var_size" != "0" ] && [ "$encrypt" == "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -var /dev/mapper/$vg-var none luks,cipher=aes-cbc-essiv:sha256 +var /dev/mapper/$vg-var none luks EOF fi if [ "$swap" != "0" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256 +cswap $swap_device /dev/random swap,cipher=aes-xts-plain64:sha256 EOF fi |