From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id cEF2RFxmGDpW for <dm-crypt@saout.de>;
 Wed, 26 Sep 2012 15:56:43 +0200 (CEST)
Received: from mail-bk0-f50.google.com (mail-bk0-f50.google.com
 [209.85.214.50])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 26 Sep 2012 15:56:43 +0200 (CEST)
Received: by bkwq16 with SMTP id q16so356015bkw.37
 for <dm-crypt@saout.de>; Wed, 26 Sep 2012 06:56:43 -0700 (PDT)
Message-ID: <50630996.1080803@gmail.com>
Date: Wed, 26 Sep 2012 15:56:38 +0200
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <50630077.6000204@ramses-pyramidenbau.de>
In-Reply-To: <50630077.6000204@ramses-pyramidenbau.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Initialization Vector using plain aes-cbc
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
Cc: dm-crypt@saout.de

On 09/26/2012 03:17 PM, Ralf Ramsauer wrote:
> cryptsetup create asd ./foobar --cipher=aes-cbc-essiv:sha256 --key-file key
> or
> cryptsetup create asd ./foobar --cipher=aes-cbc
> Enter Passphrase: ..........

# cryptsetup create asd ./foobar --cipher=aes-cbc
Enter passphrase: 
device-mapper: reload ioctl on  failed: Invalid argument
device-mapper: table ioctl on  failed: No such device or address

> 
> work fine.
nope :)
Which version you are using?

First, for historic reasons, there are some shortcuts:
"aes" and "aes-plain"  will translate to "aes-cbc-plain"

but "aes-cbc" is not valid shortcut
(and cbc mode require IV specification )

If you are not sure, just run
cryptsetup status <active device>
and it will print full mode spec. of active device.

FO scripts, please always use full specification, the above is just
to provide compatibility with old cryptsetup.

Format is
<cipher>-<mode>-<IV/params>

plain/plain64 IV is just sector number, so no dependence
on passphrase/key. (If used with CBC mode, it is not secure.)

For more info about available IV modes see
http://code.google.com/p/cryptsetup/wiki/DMCrypt#IV_generators

Milan