Re: [dm-crypt] How to increase key size of existing volume

[Arno Wagner <arno@wagner.name>]

On Tue, Dec 11, 2012 at 03:46:19PM +0100, Erik Logtenberg wrote:
> Dear list,
> 
> I have been using luks for quite some time, and as a result I have
> several luks volumes in use that are still based on 128 bits key sizes.
> Current default in Fedora is already upped to 256 bits and RSA even
> advices key sizes of 1024 or even 2048 for highly secure stuff.

You are confusing symmetric and assymetric keys here. 2048 bit
asymmetric is (very roughly) equivalent to 128 bit symmetric.

Have a look here for currently recomended key sizes:

  http://www.keylength.com/

There is no idication that anybody can break 128 but AES
at this time or in the next few decades. Your passphrase
has likely a lot less entropy anyways and is the better
target. 
 
> So, how do I increase the key size? In man cryptsetup I see that the
> --key-size option only applies to the create, luksFormat and loopaesOpen
> commands. Is there any way I can make this happen?

It is unnecessary. If you really want to, use your normal
backup procedure, recreate a new LUKS volume and restore
(you do have backup, right?). 

There is also a re-encryption in place tool by Milan, but that is 
experimental and definitely requires a current backup.
It is called "cryptsetup-reencrypt" and part of the source package
as of version 1.5.0 (current version is 1.5.1).

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell