cryptsetup-reencrypt 使我的 LUKS 設備崩潰

使用 liveCD。

Benchmark 說我筆記本上最快的磁碟 IO 將是：aes-xts 256b

root@ubuntu:~# cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1      1008246 iterations per second
PBKDF2-sha256     615361 iterations per second
PBKDF2-sha512     458293 iterations per second
PBKDF2-ripemd160  585142 iterations per second
PBKDF2-whirlpool  215578 iterations per second
#  Algorithm | Key |  Encryption |  Decryption
    aes-cbc   128b   517.0 MiB/s  2130.7 MiB/s
serpent-cbc   128b    69.3 MiB/s   240.2 MiB/s
twofish-cbc   128b   157.3 MiB/s   294.5 MiB/s
    aes-cbc   256b   398.4 MiB/s  1785.7 MiB/s
serpent-cbc   256b    70.4 MiB/s   234.5 MiB/s
twofish-cbc   256b   158.3 MiB/s   290.5 MiB/s
    aes-xts   256b  1964.8 MiB/s  1968.9 MiB/s
serpent-xts   256b   246.5 MiB/s   240.0 MiB/s
twofish-xts   256b   290.2 MiB/s   293.9 MiB/s
    aes-xts   512b  1372.7 MiB/s  1403.4 MiB/s
serpent-xts   512b   244.9 MiB/s   240.0 MiB/s
twofish-xts   512b   272.5 MiB/s   296.2 MiB/s
root@ubuntu:~# 

我目前對 LUKS 設備的設置：

root@ubuntu:~# cryptsetup luksDump /dev/sda5
LUKS header information for /dev/sda5

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
Payload offset: 4096
MK bits:        512
MK digest:      48 86 e6 b3 6b 4c 4b 9e 2c ce ce ed c3 57 13 11 ab b4 fd 2d 
MK salt:        83 d4 35 64 d8 01 75 9d 58 76 8d 2e ac eb 3a 9c 
           a4 11 3b 9f f4 79 1d 56 5c 57 25 23 39 d8 b5 ab 
MK iterations:  80375
UUID:           df2f64fa-5bce-4d8c-9dcb-274435c8180a

Key Slot 0: ENABLED
   Iterations:             323231
   Salt:                   ca 08 b2 1b 43 a3 0f 41 df 3b 13 95 fa 80 03 33 
                       ba 28 70 a5 36 6f a2 0d 94 ae 25 55 ee 1b 62 b0 
   Key material offset:    8
   AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
root@ubuntu:~# 

但是當我嘗試將其設置為快速磁碟 IO 但針對 LUKS 密碼的蠻力攻擊速度較慢時（將迭代時間增加到 10 秒 - 根據手冊頁，預設值為 1 秒）：

root@ubuntu:~# cryptsetup-reencrypt /dev/sda5 -c aes-xts -s 512 -h sha512 -i 10000
WARNING: this is experimental code, it can completely break your data.
Enter passphrase for key slot 0: 
device-mapper: reload ioctl on  failed: Invalid argument
Activation of temporary devices failed.
root@ubuntu:~# 

它破壞了我的 LUKS 設備：

root@ubuntu:~# cryptsetup luksDump /dev/sda5
Device /dev/sda5 is not a valid LUKS device.
root@ubuntu:~# 

**問：**我錯過了什麼？

您的 live cd 必須很舊，關於cryptsetup-reencrypt. 我多次使用此工具，沒有任何消息或此類問題。

此外，您的命令行不正確，必須從更改aes-xts為aes-xts-plain64.

引用自：https://unix.stackexchange.com/questions/342668