[Pkg-cryptsetup-devel] Re: Bug#359150: linux-kernel-di-i386-2.6: Please add crypto-modules udeb

Mon Mar 27 22:51:39 UTC 2006

On Mon, Mar 27, 2006 at 04:02:14PM -0500, Joey Hess wrote:
> I assume that there is really nothing i386 specific in this list of
> modules and that I should add it to all the (2.6 only?) kernels for
> all arches?

Yes to both. This will apply to all archs, and dm-crypt which 
will be using these modules is only available in 2.6.

> I would prefer to keep things minimal by only including modules
> actually used by encryption methods that partman-crypto supports
> using. Does it support every module in this list?

The support for dm-crypt is just coming into existance. We are
aiming to provide a good selection of recommended ciphers for
use with dm-crypt, but this will not include all of them.

> Max, do you already have this stuff sorted out and patches created?
> Don't want to duplicate effort.

No risk of duplicating efforts, thanks for asking! David is
currently working together with cryptsetup maintainers to sort out
the details of adding support for dm-crypt and LUKS. Having (a
reduced list of) these modules available in d-i is basically the
starting point for this.

I'm attaching some comments to the list and CCing
pkg-cryptsetup-devel, since my understanding of dm-crypt is still
limited. I'm sure cryptsetup maintainers and David can give
feedback on correction and/or additions to this list.

>From my limited understanding, I think this shortened list of 
modules will be a good starting point:

sha256 ?
blowfish ?
twofish ?
serpent ?
aes ?

cheers,
Max
-------------- next part --------------
> > md4 ?
> > sha1 ?
> > wp512 ?
> > tgr192 ?

I don't dm-crypt or LUKS use these. Please correct me if they do.

> > md5 ?

Not needed as a module since it's built into Debian kernels:
$ grep -i md5 /boot/config-2.6.16-1-686
CONFIG_CRYPTO_MD5=y

> > sha256 ?

Needed by LUKS, AFAICS.

> > sha512 ?

Dunno.

> > des ?

We sure don't want to support DES in new installations ;-)

> > blowfish ?
> > twofish ?
> > serpent ?
> > aes ?

These would be useful to support, AFAICS.

> > cast5 ?
> > cast6 ?
> > tea ?
> > khazad ?
> > anubis ?

I can't really comment on those. 