From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com
 [IPv6:2a00:1450:400c:c00::230])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri,  1 May 2015 20:30:19 +0200 (CEST)
Received: by wgyo15 with SMTP id o15so97599690wgy.2
 for <dm-crypt@saout.de>; Fri, 01 May 2015 11:30:19 -0700 (PDT)
Message-ID: <5543C637.5070400@gmail.com>
Date: Fri, 01 May 2015 20:30:15 +0200
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <trinity-a8e4aaa4-5729-4ea8-8892-3753d79771f3-1430495882504@3capp-mailcom-lxa06>
 <5543C1FE.2060200@ramses-pyramidenbau.de>
In-Reply-To: <5543C1FE.2060200@ramses-pyramidenbau.de>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] What are the supported ciphers
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Ralf Ramsauer <ralf+dm@ramses-pyramidenbau.de>, dm-crypt@saout.de

On 05/01/2015 08:12 PM, Ralf Ramsauer wrote:
> Hi David,
> 
> you can use
> 
>     cat /proc/crypto
> 
> this is part of an example output:
> 
>     driver       : xts-aes-aesni
>     module       : kernel
>     priority     : 400
>     refcnt       : 4
>     selftest     : passed
>     type         : ablkcipher
>     async        : yes
>     blocksize    : 16
>     min keysize  : 32
>     max keysize  : 64
>     ivsize       : 16
>     geniv        : <default>
> 
> which means that this is the AES cipher driven in the XTS mode of operation. The keysize may be 32, 48 or 64 Byte. Last you need a initialisation vector generation algorithm (like ESSIV or Plain) which generates (at least) 16 Bytes.
> I remember this page http://code.google.com/p/cryptsetup/wiki/DMCrypt#IV_generators which is not accessible any more. I have in mind, that it contained a list of possible IVs.
> 
> Milan, Arno, is this page available at the new wiki? I couldn't find it.
> Besides that, maybe it is a good idea to list all possible combinations of cipher, mode and IV generator together with a 'recommendation' in the FAQ.

yes, it is here, links slightly changed because of markdown syntax:
https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt#iv-generators

FAQ is here
https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions

Some common combination you get when start "cryptsetup benchmark",
if kernel does not support some variant, you will see it.

Anyway, general advice: if you are not expert, do not experiment here and use default.
(to see default - run "cryptsetup --help")

Milan