Skip to content
Home » Blog » Armbian/cryptsetup for LUKS2: All Available Options

Armbian/cryptsetup for LUKS2: All Available Options

I’m building an Armbian image and need to specify the LUKS2 encryption.

I narrowed it down to:

./compile.sh BOARD=<board model> BRANCH=current BUILD_DESKTOP=no BUILD_MINIMAL=yes KERNEL_CONFIGURE=no RELEASE=bookworm SEVENZIP=yes CRYPTROOT_ENABLE=yes CRYPTROOT_PASSPHRASE=123456 CRYPTROOT_SSH_UNLOCK=yes CRYPTROOT_SSH_UNLOCK_PORT=2222 CRYPTROOT_PARAMETERS="--type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 10000 --pbkdf argon2id"

CRYPTROOT_PARAMETERS is where I need help on. Although the parameters and options are from cryptsetup, crypsetup’s official documentation doesn’t cover all options and seems outdated. I got some info here and there from Google but seems incomplete.

Here are my understandings of the applicable parameters. Please feel free to correct:

--type <"luks","luks2"> --cipher <???> --hash <??? Is this relevant with LUKS2 and argon2id?> --iter-time <number in miliseconds> --key-size <What does this do? Some sources say this key-size is irrelevant> --pbkdf <"pbkdf2","argon2i","argon2id">

Multiple results from Google mention the various options can be pulled from cryptsetup benchmark, but still very unclear. What are the rules?

For example, here is my cryptsetup benchmark:

# Tests are approximate using memory only (no storage IO). PBKDF2-sha1 178815 iterations per second for 256-bit key PBKDF2-sha256 336513 iterations per second for 256-bit key PBKDF2-sha512 209715 iterations per second for 256-bit key PBKDF2-ripemd160 122497 iterations per second for 256-bit key PBKDF2-whirlpool 73801 iterations per second for 256-bit key argon2i 4 iterations, 270251 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) argon2id 4 iterations, 237270 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) # Algorithm | Key | Encryption | Decryption aes-cbc 128b 331.8 MiB/s 366.8 MiB/s serpent-cbc 128b 29.2 MiB/s 30.9 MiB/s twofish-cbc 128b 43.0 MiB/s 44.8 MiB/s aes-cbc 256b 295.7 MiB/s 341.7 MiB/s serpent-cbc 256b 29.2 MiB/s 30.9 MiB/s twofish-cbc 256b 43.0 MiB/s 44.8 MiB/s aes-xts 256b 353.0 MiB/s 347.7 MiB/s serpent-xts 256b 32.0 MiB/s 33.5 MiB/s twofish-xts 256b 50.2 MiB/s 51.3 MiB/s aes-xts 512b 330.1 MiB/s 331.4 MiB/s serpent-xts 512b 32.0 MiB/s 33.5 MiB/s twofish-xts 512b 50.2 MiB/s 51.3 MiB/s

Any help would be greatly appreciated.

submitted by /u/CoolNameNoMeaning
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *