I was searching for a valid and still up-to-date way of encrypting hard disks. After some research I encountered LUKS and decided to give it a shot. So I looked up some examples of how to properly encrypt an HDD with it, like this:
cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sda3
The –cipher and –hash part of it was most interesting for me, so I tried to inform myself regarding different ciphers and hashes that are specifically usable for LUKS. I couldn't find any useful information besides opening a file which shows the available encryption forms in a machine-friendly formatting for the currently used Linux. But as I was told even this file is probably missing the full extent of all encryption ways besides it being very hard to read for someone who doesn't deal with it on a daily basis, anyway.
My question: is there a full list of ciphers/hashes for LUKS encryption?
One that simply shows me what I can choose…
and maybe gives a short description on what exactly the differences between those different ways are.
Best Answer
That's basically up to your kernel, so "See /proc/crypto" is supposed to be "the answer." The cryptsetup man page says this:
However, my
/proc/crypto
doesn't mention any serpent, or xts(aes), so instead I'd recommend seeing whatcryptsetup benchmark
reports (and it would show (ram) speeds too). For example:The hashes are the first few lines (sha1, sha256, sha512, ripemd160, whirlpool). Ciphers are under the Algorithm header.
Looking at what the defaults are gives a good idea of what's considered "pretty good" too:
And using a higher key size (with
--key-size
) should only be stronger, if slightly slower.