Incorrect encryption selection???

[git70]

When creating a new dm-crypt container, I choose the aes.xts-plain64.512.sha512 option. After mounting the program shows the properties: aes-xts-plain64 Why after manually mounting cryptsetup: cryptsetup open --type plain /home/lmtest/testdm testdm and then to the command: cryptsetup status testdm I get cipher: aes-cbc-essiv: sha256 ???

[mhogomchungu]

Because its the default cryptsetup options.

The biggest problem with PLAIN dm-crypt is that these crypto options are not saved with the volume and must manually be provided by the user of cryptsetup each and every time a user want to access a PLAIN dm-crypt volume. cryptsetup and zuluCrypt have their own default values and they use them when a user does not specify them.

zuluCrypt sets these defaults here[1] and here[1] because it doesnt want things to break unexpectedly when cryptsetup changes its defaults.

You have two options here since you are using non default options.

1. Provide the options everytime you want to access your volume.
2. Recompile cryptsetup and select your preferred options as default.

[1] https://github.com/mhogomchungu/zuluCrypt/blob/a365c2ad0d697c218a91079eb48f1b3caa9e10ba/zuluCrypt-cli/lib/open_plain.c#L230

[2] https://github.com/mhogomchungu/zuluCrypt/blob/a365c2ad0d697c218a91079eb48f1b3caa9e10ba/zuluCrypt-gui/password_dialog.cpp#L139

[git70]

OK, it's all clear. Thank you for the explanation. After mounting, cryptsetup the status already shows correctly.

But I have one more doubt: I have created the LUKS2 container aes.xts-plain64.512.sha512 but command "cryptsetup luksDump" in the Digests pbkdf2 section shows Hash: sha256 Shouldn't it be sha512 ??

[mhogomchungu]

I have verified that zuluCrypt is sending "sha512" hash to cryptsetup and i do not know why its not picking it up and it seems to always use sha256 regardless of what you give it. This could be a bug in cryptsetup.

[mhogomchungu]

I am closing this one since the question that opened the bug report is now answered.

Feel free to post if anything else comes up.

[git70]

I have verified that zuluCrypt is sending "sha512" hash to cryptsetup and i do not know why its not picking it up and it seems to always use sha256 regardless of what you give it. This could be a bug in cryptsetup.

This error doesn't leave me alone :( Do you have the option to report a bug to people from cryptsetup?

[mhogomchungu]

https://gitlab.com/cryptsetup/cryptsetup/issues/484

[git70]

Thanks! I sent a bug notification to Ubuntu, but it will probably take a long time for Ubuntu 18.04 bionic :( Only Ubuntu Eoan version contains cryptsetup version 2.2.0, which solves the problem. https://packages.ubuntu.com/search?keywords=cryptsetup&searchon=names&suite=all&section=all

[git70]

I wonder whether to manually install cryptsetup 2.2.0 from Ubuntu Eoan on Ubuntu Bionic 18.04 (cryptsetup 2.0.2). Do you think I can break the system?

[mhogomchungu]

If you are using LUKS based full disk encryption where the partition that hosts your root partition is encrypted and need to be unlocked at boot time then yes, you can break your system since a broken cryptsetup tool will prevent your system from booting up.

If you are not doing the above then, most likely no. If you can install it cleanly, then it will probably work and if not, you can always go back to the one provided for that particular version of ubuntu.

If it wont work, the main reason will probably be changed library name and some tools will stop working and complain of missing cryptsetup library. Names of libraries usually change between versions if they are incompatible.

[git70]

Unfortunately, I am using LUKS FDE (with lvm), so I think I have to wait for the official update to 2.2.0 :(

[git70]

I currently have Ubuntu 20.04 with cryptsetup 2.2.2

I have created a LUKS2 container aes.xts-plain64.512.sha512 cryptsetup luksDump /test/test returns the Digests section: sha256 Do I misunderstand that the problem persists?

[mhogomchungu]

I have cryptsetup version 2.3.4 installed and it longer has the problem but you continue to see the problem because zuluCrypt had the same problem. I just made a commit that solved the problem in zuluCrypt too.

I plan to make a new release next week and it should have the fix.

[git70]

Does this mean the problem is not resolved in cryptsetup 2.2.0? https://gitlab.com/cryptsetup/cryptsetup/-/issues/484

Is this a different ZuluCrypt problem however?