From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Fri, 20 Nov 2009 13:23:00 +0100 (CET)
Received: from int-mx08.intmail.prod.int.phx2.redhat.com
	(int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id nAKCMxSK016858
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <dm-crypt@saout.de>; Fri, 20 Nov 2009 07:22:59 -0500
Received: from [10.34.32.183] (mazybook.englab.brq.redhat.com [10.34.32.183])
	by int-mx08.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with
	ESMTP id nAKCMwdW002607
	for <dm-crypt@saout.de>; Fri, 20 Nov 2009 07:22:59 -0500
Message-ID: <4B068A22.2080100@redhat.com>
Date: Fri, 20 Nov 2009 13:22:58 +0100
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <4B032794.6090104@gmx.net>	<20091118054555.GB28949@tansi.org>	<4B03C5EE.7010702@gmx.net>	<20091118102515.GB30910@tansi.org>	<4B03D865.8070905@redhat.com>	<4B03F5F2.9080609@redhat.com>	<20091119074104.GC8694@tansi.org>	<20091119092107.GA7875@fancy-poultry.org>	<20091119122445.GA10856@tansi.org>
	<4B05A3F3.4060609@gmx.net>
In-Reply-To: <4B05A3F3.4060609@gmx.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] different default key sizes for CREATE and	LUKSFORMAT
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 11/19/2009 09:00 PM, Stefan Xenon wrote:
> Nevertheless how many iterations are agreed it seems that the amount of
> iterations will be increased in a next version. Does this require to
> "upgrade" an already existing partition created with the current default
> values or is it sufficient just to use the new version? If an "upgrade"
> would be required, how to do it?

You can now format using pre-generated master key, so you can reformat luks header
without data loss (you will need to know all used passphrases though and specify
exactly the same other arguments like cipher and data offset)

Probably not big problem to write a script or C program using libcryptsetup
to automate this. (libcryptsetup API have all needed calls now).
(I thought about luksReFormat command but not sure if it is really needed.)

But I think better no automatic updates of header here (it causes MK digest change)

Milan
--
mbroz@redhat.com