LUKS volumes created with LC cannot have keyslots added with cryptsetup

[t-d-k]

problem reported by @reklrekl :

I've had a similar problem: Creating a 2TB LUKS partition in lc6.2 didnt't work, but it worked in lc6.3

And I can't add passphrases/keyfiles using linux:

# cryptsetup luksAddKey /dev/sdb1 Geben Sie irgendeine bestehende Passphrase ein: Geben Sie die neue Passphrase für das Schlüsselfach ein: Passphrase bestätigen: Material für Schlüsselfach 1 enthält zu wenige Streifen. Manipulation des Headers?

Translated:

# cryptsetup luksAddKey /dev/sdb1 Enter existing passphrase: Enter new passphrase for keyslot: Confirm passphrase: Material for keyslot 1 contains too less stripes. Manipulation of Header?

Is this related to an old version of Luks headers created by lc?

I've got another 2TB drive not in use so I could do some tests if you tell me what exactly to test :)

[t-d-k]

This is because LC creates LUKS volumes with fixed number of 2 "anti-forensic stripes". These 'stripes' are a misfeature of LUKS and don't add to the security, which is why it's a low number.
cryptsetup wrongly expects at least 4000 stripes, and gives this error message for fewer. The LUKS specification doesn't specify a minimum (despite the comment in the cryptsetup source https://github.com/mhfan/cryptsetup/blob/ae9c9cf369cb24ac5267376401c80c2c40ada6a2/lib/luks1/keymanage.c) , so this is a bug in cryptsetup. I'll report this to the cryptsetup project. Meanwhile, the next release of LC will have the number of stripes fixed at 4000, for compatibility.

[reklrekl]

Got an answer to my bug report at cryptsetups page: https://gitlab.com/cryptsetup/cryptsetup/issues/300

So I guess I'll have to wait until you address this, would be nice if you could release a version that creates 4000 stripes. Sounds like an easy fix to me ;)

[t-d-k]

Thanks for this. The next release of LC will have the number of stripes fixed at 4000.