On Mon, 14 Jul 2025 at 10:14:51 +0100, Justin B Rye wrote: > I still have no real idea what the use case for "plain mode" is, or
Plain mode *is* used, I don't think the release notes is about
questioning users' use case. As I wrote earlier, both upstream and
Debian recommend LUKS for non-transient devices, but some use it anyway
and the release notes should warn them about it.
> (therefore) what kind of users are going to need to know about all
> this.
plain mode users not spelling out cipher= and/or hash= in crypttab(5)
(or --cipher and/or --hash when using the cryptsetup(8) CLI) for
non-transient devices.
>> I'd suggest to say that this will yield random-looking devices rather
>> than making them “not accessible”. That way the read can decide whether
>> that's a regression (for a device holding a file system or something) or
>> whether it can wait.
>
> (I don't follow this, possibly because I have no idea what the user is
> likely to be trying to do.)
The using is creating a device which is mapped encrypted on hardware.
If that device is meant to be used as permanent storage, then the very
same encryption parameters need to be passed every single time the
device is mapped.
For LUKS mode, these parameters are stored in the metadata area at
creation (formatting) time and can be retrieved from there at mapping
time, so this is not an issue.
For plain mode, the user may be relying on defaults, or pass parameters
explicitly (either in crypttab(5) or via CLI parameters). Default
parameters are subject to change, so user not spelling out encryption
parameters explicitly are exposing themselves to regression. Mapping a
device with different encryption parameters will yield a device
containing data indistinguishable from random (it does *not* fail). If
the user is expecting to contain a file system or some kind of
persistent data, that's obviously problematic. If the device is meant
to be used for ephemeral storage, for instance for an encrypted swap
partition, that's not a big deal.
>>> This does not apply to LUKS devices because LUKS records the settings
>>> in the device itself.
>>>
>>> To properly configure your plain-mode devices, assuming they were
>>> created with the bookworm defaults, you should add
>>> ``cipher=aes-cbc-essiv:sha256,hash=ripemd160`` to ``/etc/crypttab``.
>>
>> …,size=256
>
> That is, make it
> ``cipher=aes-cbc-essiv:sha256,hash=ripemd160,siz=256`` to ``/etc/crypttab``.
I'd suggest
``cipher=aes-cbc-essiv:sha256,size=256,hash=ripemd160``
as the key size goes along with the cipher algorithm, while the hash
function does not (it's merely used for key derivation).
>>> To access such devices with ``cryptsetup`` on the command line you can
>>> use ``--cipher aes-cbc-essiv:sha256 --hash ripemd160``. Debian
>>
>> … --key-size 256
>
> use ``--cipher aes-cbc-essiv:sha256 --hash ripemd160 --key-size 256``.
> Debian
Similarly,
``--cipher aes-cbc-essiv:sha256 --key-size 256 --hash ripemd160``
> recommends that you configure permanent devices with LUKS, or if you do use
> plain mode, that you explicitly record all the encryption settings [...]
>
> […]
>
> So maybe this combines with my last comment as
> [...] that you explicitly record all the required encryption settings
Sounds good.
--
Guilhem.
signature.asc
Description: PGP signature
