From aaf8a8e2568e8d06cc15508cb15a6e8a9605ec80 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 9 Aug 2014 14:06:42 -0300 Subject: Provision: updating cryptsetup parameters --- share/hydractl/provision | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/share/hydractl/provision b/share/hydractl/provision index b363809..5fac217 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -58,7 +58,7 @@ function hydra_provision_create_volume { if [ "$encrypt" == "y" ]; then echo "Creating encrypted $volume device..." - hydra_safe_run cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/mapper/$vg-$volume + hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/mapper/$vg-$volume hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume @@ -284,25 +284,25 @@ echo "# " > /tmp/debootstra if [ "$encrypt" == "y" ]; then cat > /tmp/debootstrap/etc/crypttab <<-EOF -root /dev/mapper/$vg-root none luks,cipher=aes-cbc-essiv:sha256 +root /dev/mapper/$vg-root none luks EOF fi if [ "$home_size" != "0" ] && [ "$encrypt" == "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -home /dev/mapper/$vg-home none luks,cipher=aes-cbc-essiv:sha256 +home /dev/mapper/$vg-home none luks EOF fi if [ "$var_size" != "0" ] && [ "$encrypt" == "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -var /dev/mapper/$vg-var none luks,cipher=aes-cbc-essiv:sha256 +var /dev/mapper/$vg-var none luks EOF fi if [ "$swap" != "0" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256 +cswap $swap_device /dev/random swap,cipher=aes-xts-plain64:sha256 EOF fi -- cgit v1.2.3