From f5bc7017e47a7e288b3a6a2e4b53b0f809e69414 Mon Sep 17 00:00:00 2001 From: Richard Laager Date: Mon, 15 Aug 2016 04:17:39 -0500 Subject: [PATCH] Ubuntu: Reduce the encrypted swap key size eCryptfs uses AES-128. There is little point in using AES-256 for the swap. --- Ubuntu-16.04-Root-on-ZFS.md | 2 +- Ubuntu-16.10-Root-on-ZFS.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Ubuntu-16.04-Root-on-ZFS.md b/Ubuntu-16.04-Root-on-ZFS.md index 4fca97a..d1b69b8 100644 --- a/Ubuntu-16.04-Root-on-ZFS.md +++ b/Ubuntu-16.04-Root-on-ZFS.md @@ -351,7 +351,7 @@ Choose one of the following options. If you are going to do an encrypted home d 7.2b Create an encrypted swap device: # echo cryptswap1 /dev/zvol/rpool/swap /dev/urandom \ - swap,cipher=aes-xts-plain64:sha256,size=512 >> /etc/crypttab + swap,cipher=aes-xts-plain64:sha256,size=256 >> /etc/crypttab # systemctl daemon-reload # systemctl start systemd-cryptsetup@cryptswap1.service # echo /dev/mapper/cryptswap1 none swap defaults 0 0 >> /etc/fstab diff --git a/Ubuntu-16.10-Root-on-ZFS.md b/Ubuntu-16.10-Root-on-ZFS.md index a50cd8a..e09e58c 100644 --- a/Ubuntu-16.10-Root-on-ZFS.md +++ b/Ubuntu-16.10-Root-on-ZFS.md @@ -353,7 +353,7 @@ Choose one of the following options. If you are going to do an encrypted home d 7.2b Create an encrypted swap device: # echo cryptswap1 /dev/zvol/rpool/swap /dev/urandom \ - swap,cipher=aes-xts-plain64:sha256,size=512 >> /etc/crypttab + swap,cipher=aes-xts-plain64:sha256,size=256 >> /etc/crypttab # systemctl daemon-reload # systemctl start systemd-cryptsetup@cryptswap1.service # echo /dev/mapper/cryptswap1 none swap defaults 0 0 >> /etc/fstab