cryptsetup has plenty of HOWTO documentation, but it's sadly lacking
in WHYTOs. I still have no real idea what the use case for "plain
mode" is, or (therefore) what kind of users are going to need to know
about all this.
Guilhem Moulin wrote:
> On Sat, 12 Jul 2025 at 18:22:56 +0100, Richard Lewis wrote:
>> I think the version below might be more accurate --
>> but can we tell people to record the keysize while we are at it -
>> crypttab(5) mentions this is also needed, but doesnt give any hints as
>> to the default values themselves! even though keysize did not change
>> in trixie, telling people to add it now may avoid future issues
>> (assuming anyone reads the release-notes)
>
> Fair point, the default is size=256 both for ≤bookworm and trixie. The
> corresponding cryptsetup(8) option is `--key-size 256`. Both
> crypttab(5) parsing and cryptsetup(8) binary spew a warning (with the
> default size) if the key size is unspecified, but it doesn't hurt to
> spell it down in the release notes indeed.
>
>> change to default encryption settings for plain-mode dm-crypt devices
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> The default settings for ``dm-crypt`` devices created using with
Surplus word: s/created using with/created using/
>> ``plain``-mode encryption (see :url-man-stable:`crypttab(5)) have
>> changed to improve security. This will cause problems if you did not
>> record the settings used in ``/etc/crypttab``. The only recommended
>> way to configure plain-mode devices is to record the ``cipher``,
>> ``hash`` and ``keysize`` options in ``/etc/crypttab``, but it is
>
> keysize → size (for historical reasons)
>
>> possible to rely on `cryptsetup` using default values. Because the
>> default values for cipher and hash algorithm have changed in trixie,
>> such poorly-configured devices will not be accessible until you
>> properly configure them.
Avoid saying it's possible to rely on the defaults:
record the settings used in ``/etc/crypttab``. The recommended way
to configure plain-mode devices is to record the options ``cipher``,
``hash`` and ``size`` in ``/etc/crypttab``; otherwise `cryptsetup`
will use default values, and the defaults for cipher and hash
algorithm have changed in trixie, which will render such devices
inaccessible until they are properly configured.
> I'd suggest to say that this will yield random-looking devices rather
> than making them “not accessible”. That way the read can decide whether
> that's a regression (for a device holding a file system or something) or
> whether it can wait.
(I don't follow this, possibly because I have no idea what the user is
likely to be trying to do.)
>> This does not apply to LUKS devices because LUKS records the settings
>> in the device itself.
>>
>> To properly configure your plain-mode devices, assuming they were
>> created with the bookworm defaults, you should add
>> ``cipher=aes-cbc-essiv:sha256,hash=ripemd160`` to ``/etc/crypttab``.
>
> …,size=256
That is, make it
``cipher=aes-cbc-essiv:sha256,hash=ripemd160,siz=256`` to ``/etc/crypttab``.
>> To access such devices with ``cryptsetup`` on the command line you can
>> use ``--cipher aes-cbc-essiv:sha256 --hash ripemd160``. Debian
>
> … --key-size 256
use ``--cipher aes-cbc-essiv:sha256 --hash ripemd160 --key-size 256``.
Debian
>> recommends you do not use plain mode for non-transient devices, and
>> that if you do use them, you should explicitly record all the
>> encryption settings used in ``/etc/crypttab``. The new defaults are
>> ``cipher=aes-xts-plain64,hash=sha256``.
I've heard of transient keys, but I have no idea what a transient
device would be. If it's the opposite of (say) "permanent", I'd
suggest cancelling out the negatives to get something like:
recommends that you configure permanent devices with LUKS, or if you do use
plain mode, that you explicitly record all the encryption settings [...]
> FWIW technically specifying the hash is not needed when a key file is
> used, but it doesn't hurt to have it in that case (it's ignored) so it's
> probably not worth spelling out the full logic in the release notes.
So maybe this combines with my last comment as
[...] that you explicitly record all the required encryption settings
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
