summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xshare/hydractl/provision10
1 files changed, 5 insertions, 5 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision
index b363809..5fac217 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -58,7 +58,7 @@ function hydra_provision_create_volume {
if [ "$encrypt" == "y" ]; then
echo "Creating encrypted $volume device..."
- hydra_safe_run cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/mapper/$vg-$volume
+ hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/mapper/$vg-$volume
hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume
hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume
@@ -284,25 +284,25 @@ echo "# <target name> <source device> <key file> <options>" > /tmp/debootstra
if [ "$encrypt" == "y" ]; then
cat > /tmp/debootstrap/etc/crypttab <<-EOF
-root /dev/mapper/$vg-root none luks,cipher=aes-cbc-essiv:sha256
+root /dev/mapper/$vg-root none luks
EOF
fi
if [ "$home_size" != "0" ] && [ "$encrypt" == "y" ]; then
cat >> /tmp/debootstrap/etc/crypttab <<-EOF
-home /dev/mapper/$vg-home none luks,cipher=aes-cbc-essiv:sha256
+home /dev/mapper/$vg-home none luks
EOF
fi
if [ "$var_size" != "0" ] && [ "$encrypt" == "y" ]; then
cat >> /tmp/debootstrap/etc/crypttab <<-EOF
-var /dev/mapper/$vg-var none luks,cipher=aes-cbc-essiv:sha256
+var /dev/mapper/$vg-var none luks
EOF
fi
if [ "$swap" != "0" ]; then
cat >> /tmp/debootstrap/etc/crypttab <<-EOF
-cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256
+cswap $swap_device /dev/random swap,cipher=aes-xts-plain64:sha256
EOF
fi