From f5bc7017e47a7e288b3a6a2e4b53b0f809e69414 Mon Sep 17 00:00:00 2001
From: Richard Laager <rlaager@wiktel.com>
Date: Mon, 15 Aug 2016 04:17:39 -0500
Subject: [PATCH] Ubuntu: Reduce the encrypted swap key size

eCryptfs uses AES-128.  There is little point in using AES-256 for the
swap.
---
 Ubuntu-16.04-Root-on-ZFS.md | 2 +-
 Ubuntu-16.10-Root-on-ZFS.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Ubuntu-16.04-Root-on-ZFS.md b/Ubuntu-16.04-Root-on-ZFS.md
index 4fca97a..d1b69b8 100644
--- a/Ubuntu-16.04-Root-on-ZFS.md
+++ b/Ubuntu-16.04-Root-on-ZFS.md
@@ -351,7 +351,7 @@ Choose one of the following options.  If you are going to do an encrypted home d
 7.2b  Create an encrypted swap device:
 
     # echo cryptswap1 /dev/zvol/rpool/swap /dev/urandom \
-          swap,cipher=aes-xts-plain64:sha256,size=512 >> /etc/crypttab
+          swap,cipher=aes-xts-plain64:sha256,size=256 >> /etc/crypttab
     # systemctl daemon-reload
     # systemctl start systemd-cryptsetup@cryptswap1.service
     # echo /dev/mapper/cryptswap1 none swap defaults 0 0 >> /etc/fstab
diff --git a/Ubuntu-16.10-Root-on-ZFS.md b/Ubuntu-16.10-Root-on-ZFS.md
index a50cd8a..e09e58c 100644
--- a/Ubuntu-16.10-Root-on-ZFS.md
+++ b/Ubuntu-16.10-Root-on-ZFS.md
@@ -353,7 +353,7 @@ Choose one of the following options.  If you are going to do an encrypted home d
 7.2b  Create an encrypted swap device:
 
     # echo cryptswap1 /dev/zvol/rpool/swap /dev/urandom \
-          swap,cipher=aes-xts-plain64:sha256,size=512 >> /etc/crypttab
+          swap,cipher=aes-xts-plain64:sha256,size=256 >> /etc/crypttab
     # systemctl daemon-reload
     # systemctl start systemd-cryptsetup@cryptswap1.service
     # echo /dev/mapper/cryptswap1 none swap defaults 0 0 >> /etc/fstab